Cyber Security: Who Is Winning ?

The answer to the above question is easy. The bad guys are winning. Cyber crime is expanding both in volume and sophistication.

Worse yet, securing your confidential information is now a matter of national security rather than just hype! Cyber criminals can steal your information assets, and cause permanent damage to your computer system and resources. Your compromised digital devices can even be enrolled in a bot army that attacks other computers like those at the Pentagon, on the power grid or in the energy and transportation sectors.

So think again. You must make certain that your computer at home, in the office or on-the-road mobile device is secure. If you dismiss the preceding sentence, you function at your own peril and so does your family members, colleagues and customers. Consider the legal mess with which Target is dealing because of the loss credit card numbers.

You can even be held liable for failing to comply with existing security regulations and controls (i.e. HIPPA or ISO 27000) or using poor and weak security practices. You need to be aware of the threat environment that exists in cyber space. You must take affirmative steps to shore up your digital security posture or you are destined to become a victim.

The author recently sustained a particularly insidious and sophisticated cyber attack at home. A pop-up screen appeared on a family member's computer announcing it was time to install a Microsoft Office upgrade. The family member felt something wasn't quite right about the message and an investigation ensued.

The pop-up turned out to be really good malware. It claimed to be a legitimate update and even came with product serial numbers, the Microsoft logo and more. The message urged the family member to download the security update and listed credentials from RSA (a major encryption provider).

The Microsoft home office was contacted. The support person with whom we spoke doubted the legitimacy of the message. We offered to take a screen shot of the pop-up and to send it to the publisher. Microsoft accepted but when we issued the command to "capture" the screen contents, the message instantly disappeared. We were stunned. The malware had ducked!

The next course of action was to manually "click" on the Microsoft website to check updates through the operating system. The remote site checked our updates and returned the message that all of our applications were updated. We were now certain that the attack had taken advantage of a known vulnerability (it did occur on "Exploit Tuesday") and was asking for authorization to write unknown code to a family computer. What would have been written on our computer and home network if we had "authorized" the download remains unknown.

Many people would have innocently approved the down load of the "security update". Doing so would have written malware to the victim's hard drive and the cyber criminal would have succeeded. The attacker, to make matters worse, would have gained continued access to confidential information resources.

The rate of growth in malware and the seriousness of losing confidential information must be addressed. The only way to do so is for every computer user to become aware and to take proactive steps to protect individually owned assets. Malicious software and cyber crime shows little evidence of going away on its own.

Nearly everyone who uses a computing device is subject to continuous attack. Cyber threats are pervasive. Computer crimes pay off and pose very little risk to the criminal. Individuals have little hope of recovering any losses.

Category: Security