By Allan Maurer
The InZero security device
RESEARCH TRIANGLE PARK, NC – Cybersecurity still seems to be an afterthought among everyone from McDonald’s to Gawker Media, not to mention the U.S. government and military. Too many entities worry about digital security only when it is breached.
Great business strategy that. Apparently, even giving your email address to a publication such as Gawker or to McDonald’s during one of its promotions, can expose your private data these days. Both admitted to serious security breaches as 2010 ends, while many Twitter accounts – including mine – were hacked by someone selling Acai for weight loss this week. Probably because I used the same password for both sites (see: Spammers Exploit Gawker) on Gawker, where I commented maybe once.
TechJournal South had its own problems with a hacked ad server a few months back and had to shift to another. Two major ad networks were hit with a similar problem this week.
And most of those security breaches were relatively minor in the scheme of things. Many more serious ones have already occurred and we have little doubt are to come.
But coming on the heels of the WikiLeaks fracas, these breaches all show a laxness about cybersecurity that I think is increasingly dangerous on the part of commercial enterprises, government agencies and the military, not to mention to each of us personally.
The problem is partly inherent in the open, accessible nature of the Internet. The very ease with which we swim the Internet’s electron sea makes us vulnerable to sharks. Still,the bad guys, be they foreign hacker crews backed by their own governments, malware creators, spammers, scammers or plain old crooks, actively hack away at us, while credit card companies, government agencies, and businesses remain all too often re-active.
We can’t win the cybersecurity battles that way.
It is absolutely necessary – probably for all of us, but certainly for government and commercial entities – to actively combat this problem. Harden passwords, be careful about what we put on thumb drives or pick up on them, shred documents with sensitive data, and find and use security systems not so easy for cyber criminals to break through.
I’ve noted one approach that seems to be powerful, that of using a security device separate from other equipment that acts as a lockbox preventing suspicious or actual malware and other intrusions from ever reaching operating systems. See: Herndon-based firm grabbing media attention for security device. And: NZero keeps the bad guys out.
Meanwhile, Panda Security of Orlando, which provides antimalware software in the cloud rather than on individual machines, has listed the top ten cyber security threats it sees for 2011.
See also: WikiWars: The Face of future conflicts.
There are contrary views. Over at InformIT, Gary McGraw & Ivan Arce explain how the current climate of exaggeration and FUD surrounding cyber attacks does not ultimately serve the best interests of computer security research in Cyber Warmongering and Influence Peddling.
Email TJS Editor Allan Maurer: Allan at TechJournalSouth dot com.
The Internet hacker organization called the “A-Team,” has published a document published on Pastebin disclosing the names of alleged members of the LulzSec hacker group that claimed responsibility for cyber attacks on Sony, Gawker, the CIA, FBI, U.S. Senate, Fox, PBS, Nintendo, and other web sites since May.
