This is a summary with links to my posts on computer security.
Computer security is important for the same reason as home security – you don’t want bad guys breaking into your house, wrecking it and taking your stuff! Here are brief summaries of the unending computer security problems and how to solve them.
https://www.blackliszt.com/2023/04/how-to-prevent-the-leak-of-confidential-documents.html
https://www.blackliszt.com/2017/05/computer-security-problems-solutions.html
In the invisible world of computers, security is elaborate, expensive and an ongoing nightmare of failure and ineptitude. But computer attacks are largely ignored, while physical security problems often make the news.
https://www.blackliszt.com/2014/09/cyber-security-and-cyber-insecurity.html
Managers treat managing computer security no differently than anything else. Huge mistake.
Everyone in the physical world realizes that security falls into two entirely distinct categories. First is for places when they’re closed: security is stopping anyone unauthorized from entering. Second is for places when they’re open: keep visitors and employees from stealing things. Computer security focuses almost exclusively on keeping the bad guys out, largely ignoring the cases of visitors and (above all) employees from stealing things.
Here’s the basic idea of applying retail store methods to computer security.
https://www.blackliszt.com/2015/03/methods-for-effective-cybersecurity.html
Libraries too.
https://www.blackliszt.com/2017/03/libraries-are-more-secure-than-computers.html
Here are famous examples of the “insider threat” in the physical and software worlds.
Although largely ignored, there are practical ways to implement insider-threat computer security.
https://www.blackliszt.com/2017/03/lets-fix-cia-cybersecurity-using-machine-learning.html
The government is terrible at cybersecurity.
https://www.blackliszt.com/2017/06/government-cyber-security-tops-the-oxymoron-list.html
https://www.blackliszt.com/2021/07/the-irs-could-have-prevented-the-tax-data-leak.html
And there is general ignorance about basic aspects of it.
https://www.blackliszt.com/2017/10/the-irs-anti-fraud-contract-with-equifax-is-good.html
Government security experts demonstrate deep ignorance in high visibility cases, confusing outside hacking with typical ignorant-user phishing.
https://www.blackliszt.com/2017/01/russia-hacks-dnc-podesta-email-fake-news.html
In spite of its own incompetence, the government produces mountains of regulations that companies are required to follow. The regulations largely ignore insider threats and don’t work for outside attackers.
https://www.blackliszt.com/2014/05/bureaucracy-regulation-and-computer-security.html
https://www.blackliszt.com/2017/05/security-regulations-vs-security.html
One of the many reasons the regulatory approach to security fails is that the “experts” are always fighting the last war.
https://www.blackliszt.com/2014/09/cyber-insecurity-and-the-maginot-line.html
Institutions that are hacked and lose mountains of customer information make a big show of concern, but don’t in fact help their customers.
https://www.blackliszt.com/2015/02/the-anthem-of-cyber-insecurity.html
https://www.blackliszt.com/2015/02/my-anthem-account-was-hacked.html
Some of those giants wait way too long and then lie like crazy to their customers.
https://www.blackliszt.com/2011/04/chase-data-theft-exemplary-handling.html
Smaller tech-oriented companies do the same thing.
https://www.blackliszt.com/2019/01/computer-security-breach-response-excellence.html
Part of why the data theft parade continues is that the people in charge have no real motivation to make security work.
https://www.blackliszt.com/2015/03/how-to-achieve-cybersecurity-motivation.html
Outside hacks succeed in part because unwitting employees open the door and let the bad guys in.
https://www.blackliszt.com/2019/11/cybersecurity-almost-impossible-to-achieve-heres-why.html
https://www.blackliszt.com/2015/04/internet-drivers-licenses-needed-for-users.html
Ransomware is a new way for hackers to profit from security breaches. Not many of the attacks make the news, but there’s an epidemic of it.
https://www.blackliszt.com/2021/06/the-colonial-pipeline-cyber-security-disaster-in-context.html
https://www.blackliszt.com/2022/12/new-york-citys-metropolitan-opera-crippled-cyber-attack.html
Articles about famous ransomware attacks shows the profound ignorance of “experts” on the subject.
https://www.blackliszt.com/2017/05/the-ransomware-hack-attack-lessons-from-the-experts.html
There are proven ways to protect against and recover from ransomware, which are sadly not widely used.
https://www.blackliszt.com/2023/05/how-to-protect-and-recover-from-ransomware.html
Computer security is rife with specialized terminology and abstruse concepts. It can be hard to understand. But the core concepts are easily understood when you compare hack attacks to physical things like car dealerships or gated communities.
There is a special security case of law enforcement agencies with a legitimate need to look inside a consumer device. Apple does its best to protect the criminals. Here are the highlights.
https://www.blackliszt.com/2016/03/the-apple-fbi-fiasco.html
And here are the details:
https://www.blackliszt.com/2016/03/apple-can-help-fight-crime-while-maintaining-privacy.html
https://www.blackliszt.com/2016/02/apples-cancer-prevention-strategy.html
https://www.blackliszt.com/2016/02/apples-approach-to-privacy-terrorists-and-criminals.html
Until the uniform wisdom and practice of the ruling experts changes, computer security disasters will continue unabated in spite of massive spending to conform to the regulations intended to achieve security.
Comments