The ongoing criminalization of network attacks is one of the top security concerns we face today. The breaking and entering into computer networks has become a billion dollar global industry. Yesterday’s script kiddies are fast being replaced by organized gangs with the time and resources to carry out ever sophisticated attacks.
Yet there is a lag in the public’s awareness of this change, which is another security concern. It is taking quite a while for people to develop the Internet equivalent of street smarts. That goes for everyone, mind you, from the front desk receptionist to the back office network administrator. People still make decisions that put them at the mercy of online criminals.
Of course, the relative low quality of software only helps the criminals. There are plenty of vulnerabilities waiting to be exploited. Add to this that some security technology for sale is blatantly broken (like the secure hard drive this week that turned out to be encoded rather than encrypted, XOR rather than AES). All this serves to give the criminals plenty of opportunities to do what they do best.
Now this post paints a bleak picture, to be sure. But I see it as more of a call to arms. There are lots to be done in this field to get the Internet in order.
Posted by