Most people are losing their battle with cyber security - how are you holding up?

Pivotal factors that weaken your security

Cyber Security is a bit like a game of chess; a game of offensive and defensive strategies.

Considering a hacker spends more time contemplating how to penetrate weakened systems and how to identify them than the majority of people spend learning how to defend themselves against a cyber attack; fortune will always favour the most prepared in any battle. So how are you holding up?

As users, we want better tech so we can do funky things. We feel a need to be enabled, to do more, to keep with the pulse of the brand new thing in order to 'keep up with the Jones'.

However, the more we have and the more we rely on tech; the more complicated our systems become.

Complicated infrastructures breed poor security. Complicated security is your biggest opponent in this fight.

More and more, people are getting perplexed by their own systems and this is one major pivotal point in why most people just aren't prepared for the cyber security battlefield.

 

Bugs, Vulnerabilities and how they affect your security

Bugs and vulnerabilities are the same thing.

A bug is an error written into software which creates space for a hacker to exploit a weakness in the coding of that software.

The heartbleed bug in 2014 is a classic example of this. This particular bug made mainstream news. It was a bug in something called Open SSL, which enabled decryption of internet traffic sent to vulnerable sites, thus exposing users information online.

If you are like most people nowadays, you will be using online banking. If your bank was susceptible to the heartbleed bug when you were entering your username and password, and the bug was in your bank - a hacker would have been able to decrypt your username and passwords. Security bugs will always exist so long as humans are responsible for coding the software. This may not be for the rest of eternity but people do make errors, therefore there will always be mistakes. Especially with something as intricate and requiring such immense focus as software development.

When you think about it, it is not much of a surprise really considering the make up of the Windows operating system is made up of millions and millions of lines of code. Humans are fallible. People make mistakes. Mistakes in coding lead to bugs and vulnerabiltiies in software applications.

Bugs can exist in your operating system, firmware, apps, outlook, media player, adobe acrobat etc. A particularly severe risk is when bugs exist in your browser, extensions and add-ons within your browser.

For example, there could be a bug in your internet explorer and you visit a site with a special code on it. You won't see this code on there. This code will install malware on your machine then take it over via that vulnerability. Perhaps the consequences are they choose to encrypt all your files, then hold you to ransom until you pay money to decrypt it.

That.. my friends.. is ransomware, but I'm sure you already knew that.

As you have things you care about online, you must be aware of and consider the security bugs that exist on websites and the internet infrastructure.

 

Different types of bugs

Known - Known bugs have patches. If you patch your system, you are safe against that bug.

Unknown -Unknown bugs are also known as '0 days'.

They are much harder to protect against, as there is no patch. However, there are techniques you can use, referred to by IT security professionals as compensating control.

Cyber criminals do not need to be particularly skilled these days. They can go out and buy what is known as an exploit kit; purpose-built to hack vulnerable systems.

The modern hacker can put in minimal effort to see your various vulnerabilities, how they can affect you and can easily buy code to set up traps to infiltrate your vulnerabilities.

It's best to get your data protected because if it isn't, the writing is on the wall.

Huw Tremlett

Data Management Consultant

Huw Tremlett