Mastering Pandora’s box
I'm a human being and as such I'm just as naive as most other humans, particulary up until just recently in the area of securing my digital life. Any cybersecurity expert will tell you of all the trails you leave behind using your cellphone, tablet or computer - even the footprint you make by setting up your wifi connection at home or using your email at work. Most of us aren’t trained to use these equipments in a secure fashion. That’s a fact.
Less than a year ago I accepted the challenge of becoming an information security coordinator challenging just about everything I thought I was good at regarding digital security. Little did I know about the risks I exposed my digital life to simply by logging onto my computer. By now you must have figured out that I’m not educated in this profession at all. I’m learning these things each and every day.
Using my personal experiences as an entry point to information security though gives me invaluable input to my learning curve. I’ve had to trash many of my previous opinions these past months, especially this last week, as I’ve sunken deeper into blogs, YouTube documentaries and articles about cyber security threats and hardware vulnerabilities. We live and participate in a disturbingly insecure digital world although there are glimpses of hope out there.
I recently listened to an episode of Darknet diaries where the penetration tester @TinkerSec told a story of how he, missioned by a CISO, desperately tried to penetrate the company's computer systems just to find out that they had it secured like a fortress leaving little room for almost anyone to attack it. He tried poking around the drives and file systems with no success. He then tried to gain access to the admin password with even less success as it only led him to a non privileged local administration role with no access at all to the global user management system. He finally gave up after he unsuccessfully planted a malicious software on a coworkers computer that was supposed to trigger through the Powershell only to be caught by the IT technicians less than an hour later who thoroughly questioned him of his intentions with their gear.
The truth of the matter is that what they managed to do is one of the most daunting tasks for any CISO; identify the loopholes and close them hence securing the information hidden behind them. As it's said - no chain is stronger than its weakest link. In the world of cyber security that weak link is and always will be us humans; us naive unsuspecting humans.
Anyone working with cyber security or information security will tell you it's like a Pandoras box. You never know what genie you'll let out while testing for vulnerabilities in computer systems. Even worse, those using the systems are seldom aware of the risks they each and every day expose these systems of. Securing information must primarily start at the human interaction with computer technology by setting rules and standards humans are able to comply with. It seems easy but ask all those whom been working tirelessly with it for decades and they’ll shrug their shoulders in resignation. It takes time, it consumes energy. It’s challenging.
The world truly has become a strange place.