REPOST: What Americans should fear in cyberspace

According to this LosAngelesTimes.com article, computer users often neglect the most basic precautions that go a long the way toward protecting both the Internet's users and the network itself.

Image Source: latimes.com

A recent Pew poll found that Americans are more afraid of a cyber attack than they are of Iranian nuclear weapons, the rise of China or climate change. Such fears are not only out of proportion to risk; if they take hold, they could threaten the positive gains of the digital age. Certainly there are growing threats in the cyber world, and the stakes are high. But there is also a high level of misinformation and plain old ignorance driving the fear. Despite the Internet now enabling us to run down the answers to almost any question, a number of myths have emerged about online security and what it means for us offline. The result is that some threats are overblown and overreacted to, while other quite legitimate ones are ignored.

Every computer user has had to make cyber-security decisions: whether to trust online vendors with credit card information and how often to change an email password, to name two. But these decisions are too often based on scant understanding. The problem is even more acute in business and government. Some 70% of executives have made a cyber-security decision of some sort for their firms. Yet MBA programs still aren't routinely teaching cyber security as part of normal management responsibility, nor do the schools that train diplomats, lawyers, generals, journalists and others who have to make important decisions in this regard every day. Whether in the boardroom or the White House situation room, crucial matters are often handed off to so-called experts, which is a good way to be taken advantage of — and to feel more secure than you actually are.

Instead of focusing on what we need to learn, we've instead fed on hype that fuels fears but doesn't solve problems. For instance, Americans have repeatedly been told by government leaders and media pundits that cyber attacks are like weapons of mass destruction and that we are in a sort of Cold War of cyberspace.

But the zeros and ones of malware are nothing like the physics of nuclear weapons, nor are the political dynamics they fuel. Moreover, the globalized network in which the NSA, Chinese hackers, Anonymous, Google, Target and you and I all play is hardly the kind of bipolar world that spawned the Cold War.

There is certainly a battle of ideas online, but it's as likely to focus on which boy Katniss of "The Hunger Games" should choose in the end (Peeta, of course) as it is to focus on competing political visions. Rather than looking to the Dr. Strangelove era of the Cold War for inspiration, we'd be better off studying other historical lessons, focusing on how the government has effectively approached other new problems areas, from how the seas were made safe to the success story of the Centers for Disease Control and Prevention in public health.

Despite its central position in both congressional testimony and Hollywood movies, no person has actually been hurt or killed by an act of cyber terrorism. Indeed, squirrels have taken down power grids, but hackers never have. But that is not to say there's no threat. Indeed, our own creation, the Stuxnet worm, which attacked Iran's nuclear infrastructure, demonstrated that cyber weapons can cause damage.

But the fiction of a "cyber Pearl Harbor" gets far more attention than the real, and arguably far greater, impact of the massive campaign of intellectual property theft emanating from China. As with 9/11, the way that we react (or overreact) to an attack, terrorist or otherwise, is what truly determines the impact of it. Understanding the difference between hackers doing something annoying and doing something with the capacity to cause serious harm will better direct our fears and resources.

Cyber security has to be seen as an management problem that will never go away. As long as we use the Internet, there will be cyber risks. The key is to move away from a mentality of seeking silver bullets and ever-higher walls and instead to focus on the most important feature of true cyber security: resilience. In both the real and online worlds, we can't stop or deter all bad things, but we can plan for and deal with them.

In treating cyber security as a matter only for IT experts, computer users often neglect the most basic precautions that go a long way toward protecting both the Internet's users and the network itself. Indeed, one study found that as much as 94% of attacks could be stopped with basic "cyber hygiene." Perhaps the best example is that the most popular password in use today is "123456," with "password" No. 2.

The 19th century poet Ralph Waldo Emerson never could have conceived of the Internet. But it is what allowed me recently to look up a quote by him that is perhaps the best guide for our age of cyber insecurity: "Knowledge is the antidote to fear."


Protect your self from cyber crime by visiting this InfoSec Institute Facebook page for more updates on online security.

Lost in Transaction

According to cyber security experts, the compromise of your identity is not a question of if it will happen, but more a case of when. Over the last decade the number of victims to internet hacking and identity fraud has climbed at an astonishingly troubling leap. Identity thieves have cashed-in on a lucrative scheme where property theft can be committed with nothing short of impunity. Investigators have such a hard time pin-pointing criminals that victims are left trying to recoup from their losses and rebuild their tarnished credit scores for often months if not entire years. Internet fraud makes up some of the most elusive and destructive criminal activity law enforcement has had to face in years, as an intricate, complex, and almost unidentifiable network serves as the data-driven landscape for the innumerable data-hungry thieves scouring the web for potential unsuspecting identities.

Taking preventative measures is the first step towards tightening the grip on your online identity. An extreme vulnerability we all share in our ongoing transaction of data is through our e-mail accounts, which is essentially an inanimate skeleton key towards our own personal information. If you log in and all of your contacts have disappeared; you cannot log in at all; or a friend asks why you sent her an e-mail for free tickets to Jamaica, your e-mail account has probably been hacked. The good news, however, is that most identity thieves have found that infiltrating the systems of major retail outlets and merchant stores is far more lucrative than attacking individuals one by one. The bad news, however, is that if you swipe that card too often around town, your chances of becoming a victim of identity theft are subsequently increased.

Amidst all of these rather grim developments, a resolute new sector of professionals has emerged to investigate cybercriminal activity and identify perpetrators behind these crimes. A number of different companies and organizations – both private and public – have taken considerable strides to alleviate online vulnerabilities of your average web surfer. Educational institutions staffed by trained and experienced experts in fields of information security are passing their own knowledge onto representatives of multi-million dollar corporations, as well as government institutions overseeing safe and ethical practices online. Measures are being taken as prevention becomes a much more appreciated component in the current cyber currency.

For more on how cyber security is becoming an integral component of our economy and society, visit the home page of InfoSec Institute and see who many of the most respected cyber security experts turn to for knowledge on how they can put a stop to their most cunning of foes.