Perspectives on the state of Internet security
In today’s digital world terms like hacker and worm are widely recognized. But in November 1988 remote breaching was unheard of, at least until the Morris worm was unleashed. In less than a day the first instance of a worm distributed across the Internet affected 10 percent of Internet-connect computers across the United States, inflicting an estimated $100 million in financial losses.
On the occasion of this inauspicious event, members of the CompTIA IT Security Community and staff shared their perspectives on the state of Internet security in 2015.
“Unfortunately the ‘wake-up’ only happens after something terrible happens and not before,” said Andrew Bagrin, founder and CEO, My Digital Shield. “The bottom line is that we do not take things seriously and are always looking for ways to skirt by without having to spend extra money on prevention.”
“Today you are looking at 3.2 billion users and almost a billion websites,” said Ron Culler, CTO and executive vice president, Secure Designs, Inc. “In 1998 turning up a server or system wasn’t as near as easy as it is today, you actually had to have some knowledge. The ease in which we can just plug things in and access them from anywhere on the Internet has added a multiple to the threat that almost can’t be measured.”
The emergence of Internet of Things has raised the security stakes to an even higher level.
“With the number of devices connected to the Internet the sources of infections have multiplied,” says Beat Kramer, CEO, Contronex, Inc. “This requires a layered approach to security, including protection for BYOD and IoT endpoints. The increase in compliance requirements demands detailed reporting and preferably, centralized unified management of security solutions. Additional functionality such as patch management, IPS/IDS and DLP will be required for endpoint protection even in mid-size and small businesses.”
“In 1988, the creator of the Morris worm had information known by very few people, and the Internet was largely an academic, military and research tool,” said Patrick Lane, senior manager, product management, CompTIA. “Since then, the hackers have gotten smart, too. Bad guys are now better educated. The good guys must now trump that level of technical knowledge and stay ahead of the hackers.”
According to Chris Johnson, CEO at Untangled Solutions, both security professionals and everyday users of technology have a role to play in staying ahead of hackers.
“Three of the top five passwords are a variation of password1234,” Johnson noted. “We can do better. We don’t have to be at the mercy of the hackers and cyber terrorists. Due diligence goes a long way. Technology, while convenient and enabling, also comes with risk and responsibility.”
“If it has a CPU, runs software and can be connected in any fashion to a network, you need to pay attention and learn about it and be prepared to secure it,” said Culler.
“A network made for simple communication now must accommodate a ludicrous amount of transactions for every single vertical globally,” Tim Ku, ProEthicalHacker.com, offered. “Hacks, exploits and vulnerabilities will continue to grow in magnitude and slowly out of the scope that defines our current principles of manageability. A new internet protocol is what we need and it starts with a migration to a multicasting standard.”
“We as the security professionals need to work harder, not only at detecting and protecting against threats, but we need to work much harder to make sure those defenses are properly deployed everywhere,” Bagrin concluded. “We also need to make sure the world is educated on the simple items on how to avoid social engineering type of attacks.”