October 10, 2016
Why is Cyber Security Challenging?
We read the news today and see privacy violations, identity theft and other computer
violations are frequently featured in the headlines. For most, it is hard to imagine
how this happens; asking the questions “Aren’t these systems protected by some kind
of security? Isn’t anyone keeping a close eye on things?” The answers to both are
in fact “yes”. Many skilled people are watching all the time. There are however
three things (there are many, but these three are the biggest) that impede their success.
One thing to bear in mind as you read: this is meant to inform, not frighten – but
it is all very real.
First, the people who are protecting the information have equally smart people (the
“baddies”) working against them: criminals who have lots more time and resources
at their disposal. They are not magicians – just very committed to breaking and
entering someone else’s system for the very valuable information inside it. Remember:
in our digital age, money tracked by computers looks just like information and moves
in the same ways.
Second, the baddies use all the same technology our protectors use; just in evil ways.
The disadvantage our guys face is that what the baddies do is often seen by the computer
as something “normal”. In essence, one computer command looks like another (think
“if it looks like a duck and quacks like a duck…” sort of stuff). And if you do things
just right, no alarms go off and they sneak through – sometimes right under our noses.
Sad but true.
So, “what does all this have to do with me?”, you might be saying. You have no power
over such things, right? And you would be wrong.
The Third thing is that most of what the baddies do requires someone on the inside
to do something to start them off down the path of gaining access. It often starts
with an email – one that looks genuine, innocent, non-threatening. These come from
people or sources that you may think you know, that may be offering you something
interesting or attractive. They might tell you a story that seems plausible, and
you want to know “what’s next?” These are called “phish” or “pre-texting” attacks.
There is of course the possibility of that email containing a virus that, when you
pop open the email, activates without you ever noticing. It then sneaks into the
computer through the network, and does its worst.
Number 3 happens every day, thousands of times, to folks just like you and me. Most
are blocked by our anti-virus software, some are not; but with millions of emails
flying around the Internet every minute, the odds are in favor of some getting through
the best defenses. And they do because someone, out of innocent curiosity, opens
an email they probably know better than to do. Make no mistake: the baddies craft
these purposely to tempt people to do just that, and sometimes it works. And when
they do, the impact is usually pretty big and bad.
So what do you do? Be mindful – think twice before you open emails from any but the
most familiar sources. Make sure you keep your antivirus software up to date. And
if you ever wonder about what danger signs to watch for, the CSI folks can help with
that. Spreading this awareness is part of our mission because we really are all in
this together – and your help is vital to our success.”
Ross A. Leo
FABCHS, CISSP, CHS-IV, ABCP
Associate Director, Professional Training & Development
University of Houston-Clear Lake, Cyber Security Institute
2700 Bay Area Blvd., Houston, Texas 77058, USA