Friday, August 23, 2013

Airports and APTs

I'm sitting here at Logan Airport waiting for a flight. Like a lot of folks, I am a people watcher. As the crowds float by, I am fascinated by human interactions. What I tend to notice more often than not is the complete and utter lack of personal security most adults display.

Humans by nature are very trusting individuals, and this is the crux of the problem, especially to those of us in the world of security.

Society dictates that we be polite to one another, and it is a common belief that in general people are not out to do us harm.

This statement, although primarily true, has a weakness: there are always people willing to do us harm. The Media makes a living off of reporting it.

As folks stand in line, I am often amazed by the amount of information that they give out: where they are going, who they are meeting, if they are alone, where they are from, what they do for a living, and on and on. This information, in the hands of a malicious person can be an entry point into your personal and professional data. If we are willing to give up our personal security to complete strangers at an airport, how can it be expected that we make a paradigm shift as a culture towards cyber security? How do we make people more vigilant in their ever increasing dependence on current technology?

Hold that thought.

So as I sit here in the terminal, I'm also reflecting on the notion of short term vs long term "pain". The website Hackmageddon lists current cyber security threats and there is always some interesting analysis to be found. For example, 57% of the cyber crime perpetrated last month is general financial theft, fraud, and the like. Only 4% of crimes in the previous month are the Advanced Persistent Threats: highly targeted industrial espionage attacks. This is where intellectual property of high profile companies is stolen, resulting is significant and negative financial impacts.

What kinds of intellectual property? How about the plans for your next phone or your next network-connected television or the control systems of your car? 

If you're more concerned about the 57% than the 4%, then we have some work to do. The short term cyber crime (credit card theft, etc) is painful for the individual. There is no doubt about that. However, losing the intellectual property that is driving this country's future innovation is hurting all of us at once and will lead to longer term national impacts.

So how does this all tie together?

Typically, hackers will use exploits in general human interactions and security practices to gain access to the networks that drive our companies.

Maintaining proper security practices is vital to keeping us all safe. If you're new to security and are reading this blog, you are well ahead of most individuals. One of the best ways to learn more is to actively engage with other people passionate about the same topics. That's what we do every day at Wapack Labs in the Beadwindow™ portal. Get in touch with us and join the conversations.