The Security Solution – Part 2

Last week, I talked about taking appropriate measures to make it harder for bad things to occur.

This week is about learning the warning signs and responding to them.

image of lightbulb indicating bright idea, with four bullet points providing four step security solution - see 11 January post

We are familiar with warnings in the “real” world.

I occasionally see portable road signs on the medians of busy roads, with lights that display words. Some of these provide general warnings that are always good advice, such as: “Don’t drink and drive” or “Don’t text and drive.” Especially during the holidays, I will see signs that say: “Keep your cars locked. Don’t leave valuables in your car. Report suspicious behavior to police.” Sometimes, I see alerts about current situations: “Silver alert. Red Ultima. CYX 347. call *000.” It is an attempt to locate a missing elderly person with dementia driving a vehicle.

We know that some people are thieves. So, we may have an alarm system on our house. If the alarm goes off, we hope it scares the would-be intruder away. But we might also take some measure to check that someone isn’t still trying to break in.

Hurricane warnings are another example. Perhaps you don’t live in an area affected by hurricanes. Maybe it is tornados or hail storms or blizzards for you. In my community, hurricanes are the cause of the most critical warnings. If a strong hurricane is threatening our area, it may be time to put plywood over our windows. Even if we don’t cover our windows, we know to bring in lawn furniture, trash cans, and other objects that can be picked up and blown about by the wind to cause damage, possibly even being propelled through our windows. We also probably stock up on water, fill our tanks with gas, and make sure we have extra groceries. If we are in an evacuation zone, we know we had best relocate to a safe zone before the storm hits.

We like to know when there are threats to our health, safety, or belongings so we can take measures to protect ourselves. If we pay attention to these kinds of warnings, we can avoid the negative consequences that might occur if we didn’t know about them.

The same applies to the cyber world, although not as many people know where to find the warnings or what to do.

For the cyber world, a lot of attention is focused on the corporate environment.

For someone managing technology systems for a large company, the idea of warnings is all too familiar. We have a variety of physical devices (hardware) and also of software that can detect many of the threats. When a threat is detected, an alert is issued. There are intrusion detection (and intrusion prevention) systems, firewalls, servers, and other equipment, all of which can provide alerts. This is good to help detect potential issues. However, there are a couple of problems with these systems.

A lot of the activity on a computer network is ambiguous and may or may not be an actual threat. As a result, many of the alerts are “false” indicators, like a false alarm on a home security system. Maybe the alarm went off when you forgot to shut off the alarm before going outside in the morning. In the cyber world, a lot of “threat” traffic can look very similar to “good” traffic. It is a trade-off between being able to detect real threats and limiting false alarms.

In fact, in a large environment, there are so many threat alerts that, if one were to print them out on paper, the alert activity could amount to a stack of paper every day that is several feet high. It is generally necessary to have an automated way of handling all these alerts. But, even then, humans need to oversee that process and take a closer look at the more important instances. The data may be there, but it is often a matter of finding the proverbial needles in the haystack.

So, two of the problems with all these alerts is the vast number of them, and determining which are real threats and which are “false positives” (false alarms).

The situation is a bit different when it comes to a home user. Although you could apply some of the same hardware and software measures at home as corporate environments use, it is usually not likely that you will do so. The better hardware solutions can be enormously expensive, as can many of the software solutions.

There are some inexpensive “lightweight” versions of hardware and some free software that can do similar things. But, even then, there are several problems for the home user. The first is knowing what systems to put into place. The second is that the level of technical knowledge and experience required to use them is usually beyond most people’s ability. One could learn, but probably won’t want to get that technically involved. These systems also need to be monitored, and the alerts need to be looked at and responded to. Most people aren’t going to know what to do if they see an alert. So, while some advanced solutions are available for home use, most of the more sophisticated ones require more attention and experience than the average home user will be willing or able to provide.

That doesn’t mean that the home user is without options. In fact, in some ways, you have an advantage as a home user.
* You probably don’t have the servers and other systems that attract attackers. Those systems have potential vulnerabilities that you don’t have as a home user. However, that doesn’t mean that you aren’t at risk. If you own a computer or tablet, or even an Internet-capable phone, there is incentive for the criminals to attack you.
* The damage that a successful attacker can cause a home user is probably less than it would be for a large company. However, that isn’t much comfort if you are the one that gets attacked.

So, what can you do?

There are two main things you should do.

1) The first is to have security software in place. The standard security packages from vendors like Norton (a.k.a. Symantec), McAfee, Kaspersky (and others) do a pretty good job for many of the known threats and also some of the emerging threats. However, they do NOT catch everything. They are recommended to provide a basic layer of defense.

2) The second is to become informed of the threats and the steps you can take to address them.

If you don’t do both of these, you are putting yourself at risk.

Security software is an important first step. However, some threats WILL get past those solutions. And, your actions can cause them to fail as well.

Here’s a clear example: If you have a poor password for online banking and someone is able to guess it, your security software isn’t even involved in that transaction. It won’t help you.

What’s more serious is that some of the malicious software is designed to detect what security software you use and to render it ineffective. You think you are protected, but the malicious software (malware) disabled your protection. And you may never even know it. Your security software may even appear to be performing properly while the malware does its dastardly deeds. It can help to know the threats and preventive measures you can take (if you act upon them). Although that is not a foolproof way to prevent malware from disabling your security software, it may be able to prevent it in many of the cases. More importantly, that knowledge and those protective measures may also protect you from the consequences if it does happen (something we will talk about in a couple of weeks).

Even though the security software won’t stop all the threats, you still need it. Without it, you are a “sitting duck.” Years ago, an “out-of-the-box” computer without any extra protection would typically be compromised within about 20 minutes of being connected to the Internet. That means, if you bought a computer and connected it to the Internet without installing “extra” protective measures, your computer would likely be compromised within about 20 minutes, on average. These days, systems are more secure and it would take longer than that. I don’t have current statistics. But you definitely should be using security software. (I am talking about things like Norton Security Deluxe, McAfee Total Protection, or Kaspersky Total Security. There are other products from these vendors and other vendors as well; these are just examples. But you should be using one of these, or something similar.)

In addition to security software, you need to learn about the threats and measures you can take to protect yourself.
* The tactics the criminals are using (rogue Wi-Fi, skimming devices, and a multitude of others)
* The kinds of things that are designed to trick victims (phishing e-mails, pop-up warnings, and certain types of advertisements, to name just a few)
* The kinds of things that occur without malicious intent that may cause you problems (power failures, user error, etc.)
* The actions that you might take that are risky (opening attachments, sending sensitive info by e-mail, using public Wi-Fi)
* Protective measures (back-ups, strong passwords, being alert to the threats, and much, much, much, much more)

If you don’t know what the bad guys are doing, they are probably going to get you, sooner or later. If you know what to watch out for, and how to respond to their tactics, you have a much better chance.

To conclude:

You should be aware of the warning signs and take measures to respond to them. Security software automatically takes care of many of these. But, the rest is up to you. If you aren’t aware of the threats and don’t take measures to reduce your risk, you will likely experience negative consequences. It may not happen today. You may not even know when it happens. Best to take precautions.

If you heard on the news that, during the last ten days, someone had been going door-to-door in your neighborhood, pretending to collect donations, but robbing homeowners who answered the doorbell, wouldn’t you be cautious about answering the door?

If you knew that a new disease was spreading quickly and was resulting in many deaths, wouldn’t you learn what measures to take to keep safe from that epidemic?

There are “epidemics” in the cyber world. It only makes sense to find out what they are and how to keep safe.

To conclude:

Use security software and keep it up to date (most of it updates itself, as long as you don’t tell it not to).

Learn about the threats and the measures you can take to protect yourself.