Knugget #1

October 10, 2016

Why is Cyber Security Challenging?

 
We read the news today and see privacy violations, identity theft and other computer violations are frequently featured in the headlines.   For most, it is hard to imagine how this happens; asking the questions “Aren’t these systems protected by some kind of security? Isn’t anyone keeping a close eye on things?”  The answers to both are in fact “yes”.  Many skilled people are watching all the time.  There are however three things (there are many, but these three are the biggest) that impede their success.  One thing to bear in mind as you read:  this is meant to inform, not frighten – but it is all very real.


First, the people who are protecting the information have equally smart people (the “baddies”) working against them:  criminals who have lots more time and resources at their disposal.   They are not magicians – just very committed to breaking and entering someone else’s system for the very valuable information inside it.  Remember:  in our digital age, money tracked by computers looks just like information and moves in the same ways.

Second, the baddies use all the same technology our protectors use; just in evil ways.  The disadvantage our guys face is that what the baddies do is often seen by the computer as something “normal”.  In essence, one computer command looks like another (think “if it looks like a duck and quacks like a duck…” sort of stuff).  And if you do things just right, no alarms go off and they sneak through – sometimes right under our noses.  Sad but true.
So, “what does all this have to do with me?”, you might be saying.  You have no power over such things, right?  And you would be wrong.

The Third thing is that most of what the baddies do requires someone on the inside to do something to start them off down the path of gaining access.  It often starts with an email – one that looks genuine, innocent, non-threatening.  These come from people or sources that you may think you know, that may be offering you something interesting or attractive.  They might tell you a story that seems plausible, and you want to know “what’s next?”  These are called “phish” or “pre-texting” attacks.  There is of course the possibility of that email containing a virus that, when you pop open the email, activates without you ever noticing.  It then sneaks into the computer through the network, and does its worst.

Number 3 happens every day, thousands of times, to folks just like you and me.  Most are blocked by our anti-virus software, some are not; but with millions of emails flying around the Internet every minute, the odds are in favor of some getting through the best defenses.  And they do because someone, out of innocent curiosity, opens an email they probably know better than to do.  Make no mistake:  the baddies craft these purposely to tempt people to do just that, and sometimes it works.  And when they do, the impact is usually pretty big and bad.
So what do you do?  Be mindful – think twice before you open emails from any but the most familiar sources.  Make sure you keep your antivirus software up to date.  And if you ever wonder about what danger signs to watch for, the CSI folks can help with that.  Spreading this awareness is part of our mission because we really are all in this together – and your help is vital to our success.”

Ross A. Leo
FABCHS, CISSP, CHS-IV, ABCP

Associate Director, Professional Training & Development
University of Houston-Clear Lake, Cyber Security Institute
2700 Bay Area Blvd., Houston, Texas 77058, USA