Here at Kapiti SeniorNet we spend quite a bit of time exhorting our members to be computer security minded for the very good reasons that failing to do that can be an expensive lesson. We even run a workshop on dealing with spam showing you what can happen and how easy it is to be hoodwinked.
Computer security is a bit of a misnomer because computers can never be 100% secure. In 2016 alone cyber thieves stole US$81 million from the Central Bank of Bangladesh, and data breaches were still rife even after several of the high profile cases such as SONY and Yahoo. In the latter case Yahoo was in the middle of being taken over by the telecoms company Verizon in a US$4.8 billion deal that was nearly derailed as a result.
Then there was the Russian hackers interference with the US elections, and closer to us the black market in computerized extortions.
No doubt you have yourself been receiving emails advising you of outstanding amounts due to you, soliciting your interest in beautiful women/men, or ‘replacement’ invoices and the like, which if opened can lead you in to all kind of trouble. Fortunately, we are learning to leave well alone one might think, yet the number of people who still cannot resist the temptation to click on these still makes it wonderful business for the thieves.
And the problem is about to get worse because computers deal not just with credit card details and databases, but also with a real world of physical things and vulnerable human beings. We are beginning to realize that computers are everywhere. A modern car is a computer on wheels, an aeroplane is a computer with wings and with the IoT [Internet of Things] we now have computers as part of everything from road signs to MRI scanners to prosthetics and insulin pumps.
Whether any of such computers will prove to be more trustworthy than our desk top or laptop versions has yet to be proven. What is certain is that hackers will have a go and they have already proved that they can take remote control of connected cars and pacemakers. So your new fridge or your new smart lightbulb or your home security may be a target for malware, which no doubt will in time be solved with even more technical wizardry.
The point is that even heightened vigilance does not absolve the software firms which have not taken security serious enough, when they could have employed ‘ethical’ hackers to test for fixes needed to ensure users privacy as well as that of companies. The truth is that there is really no way of making computers completely safe because software is so complex, for example Google must manage around 2 billion lines of source code, so errors are inevitable.
An average programme has 14 separate vulnerabilities, each one a potential point of illicit entry and bearing in mind that in the history of the internet security was an afterthought.
We do of course try our best to manage the risks, governments make rules to be followed, legal liabilities and insurance also create incentives for safer behaviour, e.g. a company with lax attitude may find insurance premiums skyrocketing. Alternatively, a firm that takes reasonable steps to make things safe will have recourse to insurance payout to avoid bankruptcy.
But as we know it isn’t possible to eliminate e.g. terrorists from encrypting their messages, and the change of password or default usernames isn’t sufficient to eliminate attempts at hacking products and data.
You may recall Ralph Nader, the consumer advocate, who back in 1965 published his book “Unsafe at any speed” that dealt to the US motor industry exposing their lax attitudes which resulted in the introduction of rules on seat belts, headrests and the like already the following year.
Kapiti SeniorNet has never stopped reminding our members of the need to update the softwares they use to ensure that the latest bugfixes and security updates are in place, and to change passwords regularly. You might say: how come they are necessary? Why weren’t they already fixed before the software was put on the market?
Computer security is bad because it was not taken seriously yesterday, and now that we know the consequences and the risks by bugs and hackers there really is no excuse for repeating the mistake.
Whilst we wait do enjoy your computing.