Computer security

Summary: The Ongoing Problem of Computer Security

This is a summary with links to my posts on computer security.

Computer security is important for the same reason as home security – you don’t want bad guys breaking into your house, wrecking it and taking your stuff! Here are brief summaries of the unending computer security problems and how to solve them.

In the invisible world of computers, security is elaborate, expensive and an ongoing nightmare of failure and ineptitude. But computer attacks are largely ignored, while physical security problems often make the news.

Managers treat managing computer security no differently than anything else. Huge mistake.

Everyone in the physical world realizes that security falls into two entirely distinct categories. First is for places when they’re closed: security is stopping anyone unauthorized from entering. Second is for places when they’re open: keep visitors and employees from stealing things. Computer security focuses almost exclusively on keeping the bad guys out, largely ignoring the cases of visitors and (above all) employees from stealing things.

Here’s the basic idea of applying retail store methods to computer security.

Libraries too.

Here are famous examples of the “insider threat” in the physical and software worlds.

Although largely ignored, there are practical ways to implement insider-threat computer security.

The government is terrible at cybersecurity.

And there is general ignorance about basic aspects of it.

Government security experts demonstrate deep ignorance in high visibility cases, confusing outside hacking with typical ignorant-user phishing.

In spite of its own incompetence, the government produces mountains of regulations that companies are required to follow. The regulations largely ignore insider threats and don’t work for outside attackers.

One of the many reasons the regulatory approach to security fails is that the “experts” are always fighting the last war.

Institutions that are hacked and lose mountains of customer information make a big show of concern, but don’t in fact help their customers.

Some of those giants wait way too long and then lie like crazy to their customers.

Smaller tech-oriented companies do the same thing.

Part of why the data theft parade continues is that the people in charge have no real motivation to make security work.

Outside hacks succeed in part because unwitting employees open the door and let the bad guys in.

Ransomware is a new way for hackers to profit from security breaches. Not many of the attacks make the news, but there’s an epidemic of it.

Articles about famous ransomware attacks shows the profound ignorance of “experts” on the subject.

There are proven ways to protect against and recover from ransomware, which are sadly not widely used.

Computer security is rife with specialized terminology and abstruse concepts. It can be hard to understand. But the core concepts are easily understood when you compare hack attacks to physical things like car dealerships or gated communities.

There is a special security case of law enforcement agencies with a legitimate need to look inside a consumer device. Apple does its best to protect the criminals.

Until the uniform wisdom and practice of the ruling experts changes, computer security disasters will continue unabated in spite of massive spending to conform to the regulations intended to achieve security.