Smaller One is the Biggest...

-
There are two ways to hide yourself - to hide and be quite or to be in a crowd.

I think the same can be said about security risks in IT. Usually we hear about huge attacks, when companies lose a lot of money. Everyone talks about them. Companies send new regulation to workers and so on, and so on... As result we taught to withstand huge and separate attacks on corporations.

From the other side, there is a silent enemy, which is everywhere and basically we do nothing with it. It is so common for us to get SPAM messages, calls, offers to invest money into International Corporation of Nothing, promises of huge income, which we can't imagine and wan't see, proposals to install new super-tool and win a lottery, that a part humanity(which more or less educated in IT) don't even react on such mails and calls, while another part is looking for some luck.
Therefore the amount of victims grows every year and this evident enemy holds positions.
(spam and phishing reports).
Funny to say, but even our employers think that biggest problem for IT security is not massive attack but workers (5 risks for businesses), with our common for whole people curiosity and belief in something better.

The bottleneck of security for such issue in my opinion is not technology. As per today, the filters built in in browsers, servers, e-mail servers and even phones (i.e. Google messages offers automatic SMS filter and some of vendors offers calls block also) have very good level of filtration. I don't remember the date when spam arrived into my mailbox directly (not in SPAM folder),... the mail server at work have some issues with filtration, but still the level is good. The weakest point in security is us and it could be fixed by two ways only: to teach us and give rights to improve filters, settings and etc.,  or restrict our rights in systems. This is the case when the cheapest way to restrict is not the best one. More restrictions we have - more will to break them arises.(why do we), also latest Windows builds give us opportunities to bypassing restrictions (without breaking them), and if I can, then why the script from some attachment can't? The more expensive, but more reliable is to teach users. At first is to teach about personal and social responsibility, at second - about weapons of this enemy and methods to protect our data and wares.

Some fights are won by knowledge.

Comments

Post a Comment

Popular posts from this blog

Ethics

-
The last topic of course. I still don't know if I'll proceed the blog or will kill it. The problem is that it is easy to write when the theme is defined, but it is hard to define the theme by myself. What I got from this topic, is more clear vision of some aspects, like open source or definition of hacker society, or rebuilding of my behaviour in net, but still the ethics in common is so unclear... And the problem is not in the course. In my opinion, it gave a lot, but the problem is in ethics definition itself. The code of conduct must give us understanding of good manners in society, or company. However everyone defines by himself what is good for him, so as every company defines their code and so on. So in common it looks like every society measures the "level of good" by their needs or targets. Still we have to stay a human in every situation... As the last task I need to analyze the code of conduct of any IT company. As fan of Open Source and alternatives ...
Read more

Development Program of Estonian Information Society 2020: Goal and Foul

-
Image
There is a very interesting document called "Development Program of Estonian Information Society 2020" in front of me. The document gives us vision for planning the development of IT in Estonia since year 2012 till year 2020, and today I'll give my opinion on Goal and one Foul achieved since the year of the creation of this document. The Program divides IT Development into 4 sections: 1. Better life for people. Improvement of life and integration of IT in it. 2. Viability of Estonian cultural legacy. Improvement of availability of Estonian culture, cultural data and legacy for everyone by means of IT, spreading of Estonian language in IT. 3. Bigger job market. Additional job places in IT sector. 4. Higher economical efficiency/productivity. I think, that every resident in Estonia will agree with me that the biggest step since year 2012 was done in the first section. The improvement of life for people by means of IT. Then we call Estonia "Electronic Stat...
Read more