A few security FAQs

Here are a few FAQs (frequently asked questions) about Internet security.  I should have put this together a long time ago.

Q: I don’t keep national security secrets inside my computer or cell phone. Aren’t all these so-called security products the real scam?

A: You probably don’t have any secrets anyone cares about.  But the game is not to steal your secrets.  The real game is to make you an unwitting drone in a scheme to steal somebody else’s secrets.  You spent money for your computer equipment and you spend money every month for Internet and cell phone service.  If you don’t care about somebody using you for criminal projects, then don’t protect yourself.  You are either part of the solution or part of the problem.

Q: Why don’t all those lonely teenage hackers get a life?  And why are the most powerful companies in the world at the mercy of a few evil computer genius hackers?

A: These are the wrong questions to ask.  The image of a lonely teenage boy in his bedroom stealing national security secrets for fun might play well in Hollywood, but it’s not real. So are the images of an evil computer genius threatening to destroy the world by guessing the secret password and typing a few commands, and the good guy genius who saves the world in the nick of time. Most of the bad activity these days comes from organized criminal organizations or nation-states, not any single individual. Those powerful companies are vulnerable because the people charged with keeping them safe did not do their jobs.

Q: If there are no evil computer genius hackers, then why do we see almost daily reports of cyber breaches?

A: I didn’t say there are no evil geniuses, only that the Hollywood images are wrong. There are plenty of evil geniuses in the world, but they are only a small part of an entire global criminal industry.  Just like legitimate industry, the shadowy Internet criminal industry has venture capitalists, inventors, markets, tech support services, and specialists for every conceivable discipline.

Q: Why are we all such sitting ducks on the Internet and why doesn’t somebody do something about it?

A: Just like humans developed an overwhelming advantage over other animals on our planet by developing language, bad guys currently have an advantage over good guys because bad guys collaborate better than good guys.  Business and government can erase that advantage by bringing security practices out into the open and giving them more than lip service.  We can influence policy by educating ourselves and using our market power to support organizations with good security policies.

Q: Is it true that my Internet connected baby monitor can destroy the Internet?

A: No, not by itself.  But combined with millions of other poorly designed IoT (Internet of Things) products, it can wreak plenty of havoc.  When you buy Internet connected devices, such as baby monitors, DVRs, security cameras, door locks, thermostats, ovens, you name it, make sure they have a mechanism for updates in the field.  Make sure you don’t use factory default passwords and make sure they don’t have default passwords or other back doors permanently baked into the hardware.  And put them all behind a credible firewall.

Q: Speaking of firewalls, since all my stuff is behind a firewall, doesn’t that mean I’m safe?

A: No.  Firewalls are one part of a bigger picture.  They stop unsolicited traffic.  Firewalls are worthless when you invite the traffic in.  That’s why it’s important to be careful about what websites you visit and avoid opening email attachments.  And that’s why you need antivirus software, even if nobody has a perfect antivirus solution.

Q: Today’s high tech is boring and complicated.  Why can’t they just make this stuff simple and usable?

A: They is really us.  Spend more time with security, where technology and psychology meet and the results are fascinating.

Q: Where can I find an entertaining story about how major data breaches play out?

A: One great perk about my own blog: I get to plant great lead-in questions.  Here is a shameless plug for my first book, “Bullseye Breach,” an educational book about data breaches disguised as a thriller novel about how the Russian mob penetrates Minneapolis retailer, Bullseye Stores, and steals 40 million customer credit card numbers.  Here is a six minute video about how that attack unfolds.

And stay in touch for information about book #2 coming soon.  This time, a nation-state really does mount an attack.  And the stakes are much higher than credit card fraud.

(First published on my Infrasupport website, Oct. 25, 2016.  I backdated here to match the original posting.)

Posted in Uncategorized.

Leave a Reply

Your email address will not be published. Required fields are marked *