Dragon News

Dragon News

An inside look at the world of Team Cymru. Cybersecurity tools, tips, news and views.




Dragon News

Cyber Security, You Win Some, You Lose Some

Jenny O'ConnellJenny O'Connell

And so, dear reader, we’ve come to the end of National Cyber Security Awareness Month. October 2015 saw the Talk Talk data breach, the Dridex botnet comeback, and evidence that teenagers still aren’t getting the necessary cybersecurity career advice[4].

But there were successes too! A 22-year-old Russian man has been sentenced in the US for his involvement with the Citadel banking malware and arrests are coming thick and fast in the wake of the aforementioned Talk Talk hack.

That’s largely the way of it; breaking stuff, solving new problems as they arise, teaching people to protect themselves, and handling the fallout when they don’t. It’s all very much the bread and butter of the security industry.

Is it worth it?

Even the most passionate proponent of information security can start to wonder…are we winning? The seemingly relentless onslaught of breaches and vulnerabilities can truly make us feel overrun, as if there is no system left on earth that hasn’t been turned over.

Even if we are winning, will we ever “win”? Will there eventually come a time when our computers and networks are safe from abuse?

Ask three security professionals and you’ll probably hear four conflicting theories on the matter. But here is another one for your consideration—does it matter?

Clearly it matters that cybercrimes happen, very much so, that isn’t up for debate. There is no such thing as a victimless crime and cybercrime is no exception. The cost, both financial and in terms of human distress, cannot be overstated.

“Never, never, never give up!”

If we assume for a moment that cybercrime can eventually be defeated, we must work to make that happen. If we subscribe to the school of thought that says cybercrime is like any other crime and will be with humanity for as long as there are computers to support it, we must still work to prevent and remediate as much abuse as we can. The net result is the same; we must do what we can—when we can— to improve the situation as much as we can.

Our initiatives and responses may not be perfect, but they are an awful lot better than doing nothing at all. As motivational posters for new joggers would have it, “It doesn’t matter how slow you go, you’re still lapping everyone sitting on the couch.”

If you’re in a position to do in-depth security research or analysis, that’s great, but every action, no matter how small, that can have a positive effect and will be a step in the right direction. Reporting a phishing page, reinstalling an infected laptop, educating a user about good password hygiene; these are all wins that take place every day.

In the words of the late Maya Angelou, ‘Do the best you can until you know better. Then when you know better, do better.’


Photo Credit: Greg Rakozy, under Creative Commons