Tuesday, February 10, 2015

Security professionals are like superheroes

Upon any threat or scenario, security professionals work to fight bad guys wherever they are and whatever resources they have. They are the unsung heroes of the Internet, the superheroes of our reality.

There are great superheroes in the history of comic. Some of them had magical powers, others divine ones. Tony Stark (Iron Man), Bruce Wayne (Batman) or Hank Pym (first Ant-man) acquired their superhero status thanks to their scientific achievements. They "hacked" the system with his intellect, protruding from the rest of the crowd, and fighting many battles for citizens’ freedom.

Nowadays the attack to JPMorgan bank a few months ago, in which sensitive data of 76 million homes and 7 million businesses were stolen, is still making headlines. This time it does due to its consequences for citizens’ security. The SEC (Securities and Exchange Commission) is auditing other US banks, which is a trend being followed by other countries, such as UK. This is beginning to be named as the international crusade against banking crime.

Technology plays a critical role in our lives. This trend is on the rise, as it did in the world of comics. The HUD (smart windscreen) and autonomous driving devices have been installed in the Batmobile for a long time, and you can even see them in action in Iron Man series. But only now they come true in our cars, along with some risks. In this case your nemesis will not be Ultron (artificial intelligence which becomes aware of its existence and threatens to destroy civilization) but yourself,  and your desire to be permanently connected, even in front of a wheel.

All computer superheroes engaged in the offensive audit certainly know of the existence of CloudFlare, which is a service that offers protection against denial-of-service attacks and privacy threats. In fact, it is a repellent for criminals, just like kryptonite to Superman. But CloudFlare is not unbreakable. As happened to Captain America’s shield, there are some techniques to bypass CloudFlare’s protections, although they are complex (and especially heavy) to implement.

Unfortunately superheroes also make mistakes and they can be deceived too. Everyone has ever fallen into the trap of a third party. Something like this can happen to you on Facebook. Any of the usual phishing campaigns like an alleged hot video which urges you to install an Adobe update or give it access to your account. To find out in the next chapter...

And what about online shopping? For example, if you don’t pay attention while buying on Ebay, you may find some not very pleasant surprises.

All these strategies require continuous evolution. Anyone would want to have the hammer of Thor and fly to always be on time for appointments... In the third environment, our best defense is to have alternatives to passwords since it can be vulnerable depending on how has been implemented. Second factor authentication, USB keys, wearables, biometrics and even digital tokens are some other options.

At least in the comics the good guys always win. Will it be the same in the digital world?


Post a Comment