When I hear the news about the latest computer security breach, I am so dismayed that I want to turn off my smartphone, tablet, and laptop and quietly lock them in the bottom drawer of my desk. But I dont. I have designed and written computer software for decades, and I will not accept that the work that I and many others have done over the years is being subverted by disgruntled misfits, criminals, and thugs. I take a deep breath and think through what has happened and why it took place.
Turning off personal computers does not help much. Lapses in security in other peoples computing systems can hurt you as much as a weakness in your own system. Many of the systems over which we have no control are critical to our safety, financial well-being, and even our health.
The dangers seem to have multiplied overnight. The devices that were once useful and entertaining seem to have spontaneously metamorphosed into menaces. Computing began in what seemed like a garden of Eden, far from crime and malice. Early computers were hidden in laboratories and their users were engineers and scientists. Computing as an instrument of crime was not in anyones mind. But this has changed. Instead of being protected behind locked doors, computers large and small are exposed in ways that could not have been imagined by their inventors. Nearly every computer is attached to networks that can be accessed from anywhere on the planet by almost anyone. Wireless networking further opens computers to both free and malicious access. In this open environment, the computing industry only noticed the opportunities for cybercrime in the last two decades of the millennium. Even then, most computer-related crime was embezzlement and inventory twiddling that could have been done as easily with paper books as by computing.
Computer and software manufacturers were not earnest about security until cybercrime grew into big business at the beginning of the millennium. Previously, engineers tended to think of security as an annoying hindrance to development that could be added in the last stages of a project. If a project got behind, security might be left for the next release. This attitude still sometimes exists, although engineering practices now acknowledge that security must be considered at every stage of product development, including decisions not to build projects that cannot be adequately secured.
Services, such as online banking, which we can scarcely imagine living without, loom as threats in news reports almost every week, and yet we become more and more attached to our plastic. Androids and iPhones burrow deeper and deeper into our lives with texting, email, Facebook, Uber, and hordes of other apps that make busy lives easier. But each of these devices and apps present new vulnerabilities to criminal attack. The vulnerabilities grow with each new device and app.
In their self-interest, computer users must understand the threats, correctly evaluate their potential, and take steps to avoid, block, or disarm attacks. Computer networks are a tough neighborhood. Doing business on the mean cyber streets is a difficult assignment in an environment that changes every day.
This challenge is not that different from challenges we face in other areas. After all, life is a dangerous venture. Heart disease or cancer can strike anyone, but we can improve our odds with exercise and a healthy diet. Driving a car is dangerous, but we can drive carefully in cars equipped with seatbelts, air bags, and anti-lock brakes. There are no guarantees that we will avoid a heart attack or an automobile crash, but our chances significantly improve when we are reasonably cautious. Most people can live a long and satisfying life while following good safety practices. The same applies to the cyberworld.
The cyberworld has no guarantees and there are many tradeoffs, but most people can use and enjoy their computers, tablets, and smartphones without becoming a victim of cybercrime. Its like choosing to avoid sugary soda altogether but occasionally indulge in your favorite dessert. You must intelligently reduce the chances that a calamity will occur. Choosing a car or truck with anti-lock brakes will not guarantee that you will never skid on an icy road, but they will help control the skid and give you a better chance of steering out of a crash into the guardrail. Good cybersecurity practices will not guarantee that you will never be hacked, but they can turn away all but the most persistent hackers and limit the damage when an assailant smashes through your defenses.
Individuals can take heart from the statistics. Despite increases in computer use, cybercrime complaints to the FBIs Internet Crime Compliance Center have drifted downward from 303,809 complaints in 2010 to 269,422 in 2014, a more than ten percent decrease. The significance of this decrease is greater than it may appear because the pool of computing devices has grown, with an increase in the number of smartphones and tablets to the existing pool of laptops and desktops.
Keep in mind that cybercrime is likely underreported. Not every victim of massive credit card theft reports the crime to the FBI. Cyberwarfare and terrorism seldom have individual persons as victims, and their impact is not reflected in FBI statistics. These are some of the most heinous and far reaching crimes, and yet they may not be reflected in the statistics.
Nevertheless, the crimes that are reported to the FBI are significant and they do show a decline, which seems the opposite of what we see on the news. The frequency of news stories on cybercrimes is different from the true frequency of cybercrimes. Cybercrime may simply have become more newsworthy. Later, as I probe into the industrys efforts to deter or prevent computer crime, you may gain some insight into why the FBI numbers have gone down.
The Internet Crime Compliance Center reports that the largest financial losses were from conventional confidence fraud over the Internet and the most frequent complaint was non-payment and non-delivery on Internet transactions. For these crimes, the Internet was a convenient vehicle, but they could have been committed over the telephone or through the paper mails. These reports suggest that good old-fashioned dishonesty and fraud continues to be profitable in the 21st century, but they are not examples that are germane to the rise of crime enmeshed with computer and network technology.
Cybercrime is not quite as threatening to individuals as it appears, but dont underestimate it. For individuals, the biggest threats do not come from hackers breaking into their laptops and tablets. The greatest threats are through break-ins and other mayhem done to computer systems that most people have little or no contact with. When those types of crimes are counted, cybercrimes occur more frequently than anyone would like. Some experts estimate that individuals email account is more likely to be broken into than their house.
Cybercrime
Cybercrime takes many different forms. The most spectacular crime is massive theft of critical personal information. Companies that hold this information can do much to prevent these thefts, but we individuals have little power because we have no control of the vulnerable systems that process and store our information.
Some Useful Cybersecurity Jargon
Attack surface : All points vulnerable to attack on a computer, network, or system. The attack surface usually does not include the human element, which is often the greatest vulnerability.