Beating the 'Smart Criminals'

by Suneet Tuli    Apr 15, 2009


When he made his famous ‘known unknown’ quote, Donald Rumsfeld, in all
probability, might have only expected some good-natured fun. He has
been mocked for that verbal excess, but little does he know that his
prolonged take on ‘there are known knowns and there are known unknowns’
makes perfect sense for network security managers.

Network
security is a war-situation, not fought over geographies, but even more
valuable assets that could make or break individuals, corporations, and
countries. After all, it is world of inter-linkages. The Butterfly
Effect of that gentle flap of wings in Brazil, indeed, can cause a
catastrophe in Indonesia, just as a minor breach in security at a front
office executive’s computer can wreck the entire existence of the
organization.

Network security has long been drawn out in a
veritable mesh of jargon that is totally unappealing to the layman, and
today, the difference between the layman and an expert is narrowing.
Anyone with a personal computer, an ingenious streak, and a spirit of
bold experimentation can explore the world of information technology
and networks.

If the industry, however, continues to live in a
fort, made impregnable with jargon, there is little hope that network
security will attain the prominence it deserves, across the spectrum.

The
key message of network security is ‘protection.’ Individuals, offices
and entire networks, with its linkages and sub-linkages, must be secure
from unauthorized access. How much then does an organization invest in
network security solutions, given that already have a sizeable
investment in the IT infrastructure?

Richard Clarke, the White
House cyber security advisor, famously observed that "if you spend more
on coffee than on IT security, you will be hacked. What’s more, you
deserve to be hacked."

Given the global financial crisis and its
aftermath, entrepreneurs are increasingly wary about accruing any
further financial burden. It is not as if they underestimate the
potential of disastrous involved in a security breach; they prefer the
complacence that network security like ‘troubles’ are the ‘neighbour’s
problem.’

Caution is today the watchword across all industries
and it is extremely important that it also becomes part of the IT
lexicon in all organizations, small and big. Network security has
become imperative for the simple reason that today access to the
Internet is wide-spread. Anyone with mobile phone connectivity is
linked to the web, which means malware, spyware and other malicious
applications can creep into one’s personal domain with utmost ease, if
not protected. Even trusted websites are not insulated from SQL
injections, and every one is a risk.

It takes us to the story
of a young American who woke up to find his kidneys stolen, but
couldn’t connect for help because his phone was linked to the computer,
which in turn was infected by a virus, which in turn, would have
exposed his little world of secrets, because, on the first hand, he
lost his kidneys to racketeers who were working under the guise of a
social networking site.

Of course, it is only a story, and
pointedly exaggerated, at that. But that does not take away the real
threat posed by the web to network security.

The world must
also open up to the reality that we are only secure to the extent of
the thief’s limitations. The moment the thief extends his
knowledge-base and skill-sets, unless, you are in a one-upmanship race,
you will stand exposed to attacks. That is precisely what is happening
to the IT world today. ‘Smart’ criminals are getting smarter by the
day, and delivery malicious payloads into networks - which means, a new
security challenge every other day.

At the end of the day,
what do hackers and ’smart criminals’ want — information that will
give them control over your finances and private data. A change of
guard is needed for extra-security, continuous improvement, and
upgrading is essential for smooth network management.