Do you know the truth about computer security and hacking?
I had an epiphany in 2001 that changed my life forever – computer security is essentially worthless. The organization that I worked for at the time spent hundreds of thousands of dollars on traditional security measures (firewalls, network intrusion detection systems, vulnerability scanners and anti-virus software) and not only didn’t they stop hackers from penetrating the organization’s defenses, they didn’t help detect the hackers either. To someone trying to secure over 10,000 systems, this revelation was quite disheartening.
After several years of intense research on computer security and hacking, I started to realize that I can’t help organizations make their networks and systems secure. I can help organizations implement security, identify known vulnerabilities and find compromised systems, but I resigned myself to the fact that any attempts to create a completely secure environment are futile. What I discovered, is that the technology and security paradigms that people rely on to protect themselves are only effective against amateur hackers – not professional and Top Tier hackers.
Fast forward to today. Devices, information and credentials are being compromised more than ever – and the situation is just getting worse. Computer security is still essentially worthless. But why?! Security experts have continuously advocated security measures, policies, patches, anti-virus, vulnerability scans and password best practices. They have also continuously advocated training, increased system and network monitoring, and better incident response. With all of this good advice, why is hacking still a problem after all these years? Isn’t anyone listening?
How and why hackers are able to bypass security measures and detection systems isn’t a secret or some type of black magic. Everything there is know about hacking is well-known and well-documented. That said, why hasn’t the computer industry figured out how to properly secure systems from compromise? Doesn’t everyone say that knowledge is power? Isn’t “knowing” half battle? What is the computer industry waiting for? Some computer security messiah to deliver the world from evil?
In my opinion, this is where things stand today:
- The computer industry is unable to provide a secure computing environment. The underlying computing technology and security paradigms haven’t changed in nine years. It’s as if we are trapped in a time capsule. Everyone continues to put up with insecure technology, including those in the computer security industry.
- The only people who are genuinely interested in computer security are those who:
- Are in the profession.
- Produce and sell computer security products.
- Can generate revenue by reporting, blogging or summarizing information about computer security and hacking.
- Are directly or indirectly victims of cybercrime.
- Most computer users are concerned about being hacked, but not necessarily interested in computer security beyond the basics. There are people who are not computer security professionals that know a lot about computer security, but to raise the bar and expect everyone else to know as much is unrealistic.
- Those who advocate switching to alternative technologies are just advocating that people ignore the insecurity instead of addressing the insecurity. Since when did avoidance solve the root cause of any problem?
- Spending more time, effort and money developing high-tech aftermarket security and monitoring products isn’t making computing secure. These products are just making security more complicated and unmanageable. How long is it going to take for people to realize that continuing to develop new high-tech aftermarket products isn’t making a difference?
What’s frustrating for me at the moment, is people’s inability to keep an open mind, take a step back, objectively look at the current state of computer security and hacking, and realize for themselves that the current technology and security paradigms need to be replaced. I can’t make people agree with me. I can only present the information and hope people’s critical thinking skills kick in so they can see the truth.
Do you have an open mind?
Do you find the current state of computer security and hacking unacceptable? Do you want to learn the truth behind why hacking continues to be a problem? Read my book!