Most of the perceived threats on the internet are one of three types of attackers.
They are either script kiddies using exploited code to gain access and build reputation, these are the most numerous. They are also by far the most dangerous. They are dangerous because they are so numerous. A 12 year old, with an Internet connection, a mediocre level of computing skill and a little money can do significant damage to an individual or a business in a very short space of time. They are also the easiest to counter through other protective processes.
Then you have the politically astute individuals with higher than normal computing skills and a political or social agenda. These are the anonymous crowd. They are the “rent a crowd group”. They are a group of people who want to target Government web sites, corporate infrastructure and high profile people because of some perceived wrong. They are highly organised and highly motivated, but most of the time not by money. They use the internet to better their cause, to recruit followers and to appear larger than what they are.
Finally you have the criminal element. They are the criminals who are after everything they can steal. This last group consists of 0.001% of the hackers on the internet. They are not the posers who are out to make or build their reputation, they do not care about reputation. They do piggy back their attacks on the other two types making them appear like the others have more credibility. They also use the other types of attacks as a smoke screen to infiltrate and steal important data.
You cannot have one without the other
The internet is rife with people trying to steal your information, your money and or your intellectual property. That is why we need Cyber Security. It is not just a buss word to force all businesses to invest heavily in protective systems. Cyber Security is part of your business, whether you think you need it or not.
Cyber Security is Business risk management at its most basic. Most businesses understand risk, in most cases we all do something about it. I am talking about anti virus and end point protection. I am talking about firewall and VPN’s. I am also talking about patching and updating systems regularly. We all do this because we are semi paranoid and it is common sense to do it.
That is the first step. Most of us have already done a rudimentary risk analysis, maybe incorporated it into a Business continuity and disaster recovery plan. We have seen the business risk of loosing your website, loosing your data, or having your staff compromised and put the mitigation requirements in place. Well some of us have. Most small and medium business and not for profit organisations have not. they do not see the requirement or reason in doing the first component, the risk analysis, because on the internet we all know “it will never happen to me.”
Like the proverbial ostrich, we are not a target. Sorry yes you are. If you are connected to the internet then you are a target. If you receive email, you are a target. If you pay your bills on the internet, you are a target. In most cases a lucrative target. The bad guys know your are doing everything on the internet, they also know most people are doing nothing to protect themselves.
Where does cyber security start
Cyber security starts with the individual. Everyone should be responsible for their own protection, they are not. In most cases we assume that where you are working are doing everything that they possibly can to protect us, in most cases they have the same attitude as you. someone else will protect me.
On the internet the only one who is protecting me is the three of us – Me, Myself and I. This is where “cyber security is my problem” comes into the equation. If like me, you are paranoid, use common sense and use a number of really basic principles then you are already in the right mind set for the internet. Although we call it paranoia, that can only be true when we thing that everyone is after you, on the internet that is business as normal.
The biggest bang for buck, both individually and for a business is awareness. If you are aware that they are after your data then you can actually do something about it. The problem is that you need to be aware, and need to change that awareness into positive steps to protect yourself.
The rising costs of cyber crime
What can you do In most cases the cost of protecting both myself and or my business can be exorbitant. Investing in top line firewalls, VPN concentrators, secure wireless, redundant systems and up to date operating systems and applications can and will cost a fortune.
All of these systems will not protect you from stupid administrators with email addresses, passwords that are uncomplicated and duplicated or staff members blabbering about new widgets on social media. That protection only comes from awareness, paranoia and common sense.
Although Cyber crime is a growing problem with an annual loss to business, government and individual between $600 Billion and $2 Trillion per year, we can do a lot to protect ourselves. By being aware that there is a cyber crime problem is a really good place to start. There are a number of things that you can do to protect yourself.
- Do Not rely on someone else to protect you
- Be Paranoid
- Use common sense
- Do some type of Awareness course
The fact that the internet is here to stay, It will be around for a number of years and it will change and morph in that time are already visible. Humans now do more than 50% of their daily socialising on the internet and this will increase. That increase makes it more lucrative for the bad guys to target and that is why they are there.
To paraphrase a bad guy from the US, when asked why he robs banks “that’s where the money is”