Given the media hype around the Conficker worm, and the constant barrage of alarming disclosure announcements, I thought it would be a good time to take a calmer look at some of the security myths, misconceptions and mistruths that plague the industry.
Many of these cyber security myths have been around for close to a decade. They have driven marketing campaigns and have sold a lot of traditional newspapers. But for the most part these threats have proven much less dangerous than ballyhooed.
Worse, they distract us from addressing the routine problems that lead to a more secure global IT environment. Until we can address the every day threats, how can we justify focusing on exotic edge cases?
5. China is the leading exporter of cybercrime
China has become the favorite security bad-guy country. If you believe media hype, that half of Beijing is dotted with malware manufacturing shops turning out some of the most devilishly clever digital pathogens since the Black Death.
There is no doubt that the Chinese military is experimenting with Cyberwarfare techniques and there have been several highly publicized security incidents involving Chinese citizens. But in terms of organized Cybercrime, China is not nearly as involved as the pundits say.
By contrast, China has been quite cooperative in working with the international community to address security incidents. In fact, they were instrumental in identifying and shutting down the command and control servers for the Conficker worm.
China has also implemented tough Cybercrime litigation and has worked with international law enforcement to apprehend and prosecute cybercriminals.
4. Insider threats trump outside attacks
Most recognise that the main impetus for cybercrime has shifted from hobby-based cyber-vandalism to financially motivated theft of data and services.
This shift has caused many to question the loyalty of internal employees. But as scary as the image of the bent accountant absconding with millions of confidential records, or the misguided IT consultant destroying decades of intellectual property, the reality remains that external parties commit majority of security incidents.
3. Advanced hacking techniques render conventional security pointless
90 percent of all external attacks take advantage of poorly administered, misconfigured, or inadequately managed systems that any moderately competent hacker can exploit.
Sure, there are some real artists out there, but when you can take candy from a baby 90 percent of the time, you rarely need expert safecrackers.
2. Mobile malware equals apocalypse now
There is nothing that would make the anti-virus companies happier than mobile malware to bring their performance degrading, signature-based shakedown business to a smart phone near you.
The boardroom would be abuzz with talk of record growth and skyrocketing profits. But alas, the onslaught of mobile malware has yet to become the epidemic anti-virus company shareholders so hope for.
1. The end of the Internet is nigh
The “Warhol” worm is defined as an extremely rapidly propagating computer worm that spreads as fast as physically possible, infecting all vulnerable machines on the entire Internet in 15 minutes or less.
This concept emerged shortly after the Y2K hysteria subsided, and has captured headlines ever since.
The reality is that the Internet is far more resilient than we give it credit for and short of a world war-level of effort the Internet will remain that—a net that may suffer its share of tears and gaps, but will remain functionally intact because people want it that way.
Finally, we must realize that myths often have a grain of truth in them that motivated parties can exaggerate into imminent threats to civilization. This is not to say that some of them are not real or shouldn’t be taken seriously.
China (like a number of nations) does have a thriving Cybercrime underground; Insider threats can be devastating to a business. Some ingenious hackers have developed extremely advanced methods infiltrate networks The Internet may supernova and someone, somewhere is probably developing an iPhone worm.
But as the old saying goes, let’s change the things we can, endure (but watch carefully) the ones we can’t, and have the wisdom to know the difference.