Monday, September 15, 2014

The key to security: learning from mistakes

It is said that man is the only animal that trips twice over the same stone. How many times do we have to make the same mistake before learning the lesson? Probably it depends on the severity of its consequences.

Following the leakage of the intimate photos of nearly a hundred celebrities a couple of weeks ago, a third of respondents to a survey carried out by YouGov and Tresorit claim to have improved the security of their online accounts. 20% of them declares that they they changed their passwords for stronger ones, 1 in 10 changed their social accounts’ privacy settings and 6% of them  activated two-steps verification.



Many of the mistakes we make on the Internet have a common denominator, which is lack of prudence. Wordpress.com is old dog in the network so, after nearly 5 million Gmail emails were posted on a Russian forum, it has decided to take no chances. As mere precautionary measure, it has urged 100,000 of its users whose email address is among the affected ones to change their passwords for Wordpress.com.

The software development industry is used to live with security flaws on all kinds of programs and systems, and it is used to learn from them as well. Last August, four vulnerabilities were detected on some versions of IntegraXor SCADA server, which is widely used in the industrial automation field across 38 different countries. Such vulnerabilities could provide an attacker full access to the system and its databases, so its manufacturer, Ecava Sdn Bhd, has released patches to fix these security problems.

However, in order to learn from mistakes is absolutely essential to be aware of what these mistakes are. Today, politicians, military and citizens around the world are wondering how it is possible that the terrorist group Islamic State of Iraq and Syria (ISIS) is gaining much ground and gaining the support of thousands of followers worldwide. What are jihadists doing so well ? What are Iraq, Syria and other powers doing so poorly? Are Western critical infrastructures prepared for a possible cyber warfare to fight the development of the digital caliphate that they want to impose? What preventive measures are being taken to protect the power supply systems, airports, hospitals, banks, government networks, etc.? Answering all these questions and taking action accordingly is extremely urgent.

While such concerns are increasing, discouragement and mistrust rises among IT security departments. According to a survey conducted among attendees of the prestigious Black Hat security conference by Lieberman Software, 59% of them believe their organizations are likely to be hit by a state-sponsored attack in the next 6 months and 48% of them think that their staff or tools are not ready for responding to such attacks.

Returning to the beginning of this article, we do not always learn the lesson. Even when the consequences of an error are as dramatic as a serious traffic accident. How many drivers do every day ignore warnings of that it is extremely dangerous to write messages while they are behind the wheel? Awareness campaigns and monetary fines are not enough incentive to leave this irresponsible practice, so the entrepreneur Scott Tibbitts has invested five years and several million dollars developing a system to be installed under the steering wheel of vehicles which blocks driver’s incoming calls and messages. Initially, he had the support of American Family Insurance and Sprint. However, whether for legal concerns or uncertainty about potential sales, these companies parked the project. Meanwhile, Mr. Tibbitts is still looking for sponsors to help bring this technology to the market and thus reduce the reckless driving behavior.

To err is human. So it is to correct such errors. Therefore, you must stay well informed and learn from incidents that take place every day on the Internet. We tell you about them every day, so follow us through our social channels (find the links at the right sidebar) or here on our blog.

0 comments:

Post a Comment