Looking for Adversary

print
Experts like to say that we are responsible for our security on internet. I disagree as we are not born as security experts. Neither does common sense always makes sense as users can’t see what is going on behind flashy images on their monitors. Who is the real bad boy?Security engineering textbooks teach us that the most prevalent and damaging enemy comes from within an organisation. Yet in the PC and internet era not everyone is part of or protected by an organisation and by its system administrators.

Huge numbers of home users are left on their own to fend off a number of attackers. They are left exposed to attack by their ignorance to existing threats, inadequate technical knowledge, overwhelming dangers stemming from anonymity of internet. And a huge gap between what users can see on their monitors and what is actually happening inside their computers.

gchqTheir vulnerability is not their fault. They cannot be expected to be technical experts in order to to browse internet, send emails, watch online TV or play games. They make up a huge mass of people and machines that, without being malicious, become hostages of real attackers, and a fertile ground from which attacks are being launched.

The real internet enemy are small groups of highly technically skilled people that use innocent and unaware users to carry out their malicious or even criminal activities.

Some easily visible signs of their existence include huge quantities of spam, phishing sites or large-scale operations attracting users to visit websites packed with malware. Once a new computer is taken over, it is quickly scanned for any interesting information and turned into a soldier of these global armies.

These all are observable signs of enemy’s existence. While the enemy itself is well hidden. Ready to attack anyone and anytime on a simple command sent between bites of croissant.

While firewalls and antivirus software have become a norm, their protection is limited. Their ability to detect something strange is happening is limited and they can’t protect our data once our computers have been compromised. We need a new approach to security – maybe secure hardware for general use.

Published by

Dan Cvrcek

Founder and CEO of Enigma Bridge, engineer, entrepreneur, cryptography SME, security architect, and professor.