Cyber Security – The internet arms race

We’ve seen it all throughout history:  Build a better weapon, and someone builds better defence, which works until they build a better weapon again.  In ancient times we had spears and clubs and leather armour.  Then someone thought to create the bow and arrow, so armour had to change to chain mail, so they built a stronger bow or added the crossbow, and then they built stronger and heavier armour.

 Then came the gunpowder age and armour became obsolete.  We built cannons, and castles became obsolete.  In the last century, we added aircraft, and once again the whole situation changed.  In today’s world, we have weapons more sophisticated than ever before: chemical weapons, stealth cruise missiles and computer-operated drones.  They’re still effective because no one’s come up with a foolproof way to counter them.  In most cases, defence is playing catch-up and reacting to the weapons being deployed.

This is what is happening on the internet.  We are constantly reacting to the attacks.  We are reacting to that next virus or spam email.  It is a never-ending game of one-upmanship.

We have to find a way to stop being reactive and be more proactive.  The trouble with that is, how do you respond in advance to a situation that may or may not change?  The only way to be proactive is to change the culture and mindset of everyone who uses the internet.  That’s about as hard as it sounds, but it’s necessary. 

 If we change the culture of all internet users, then some of the forced defence practices will become obsolete.  In addition to that, the future technological changes we all expect will have a reduced impact on our defence posture. 

 What do I mean by that?

In our business, we teach a six-point defence posture for cyber Security.  Those defences are pretty basic, but in most cases they’re the ones with the greatest impact.  Points one and two: passwords.  They have to be complicated, easy to remember, more than eight characters long, made up of letters, numbers, capitals and symbols, and most importantly, different for every site you use.

 Point three is technology: applications, operating systems and utilities have to be up-to-date and the newest version that you can afford.  Point four: end point protection.   Antivirus, anti-malware and anti-spyware—install it and keep it up to date.

 The last two points are my own: be paranoid.  The internet is full of people who will rip you off given any chance to do it.  It is not a case of, will you be ripped off?—it is a case of when.  The final point is common sense.  It is hard to find common sence these days, but in most cases it is one of your best defences.  Be suspicious of everything.  Even legitimate web sites can install malware on your system, so a less legitimate website or domain needs to be untrusted until they prove to YOU that they can be trusted.

These last two points, if practiced by everyone, would make some of the other six points less crucial.  After all, the reason viruses and malware are so ubiquitous is that internet users keep doing silly things and getting infected.  Once a computer virus is eliminated from the ecosystem, it’s just like the now-defunct smallpox virus—you don’t have to bother taking precautions against catching it.

So there you have it: the internet arms race.  All you have to do is keep ahead of the next attack and use proactive defence techniques.  If everyone does the same, we will all be safe.  Good luck with that!

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.