Hacks make Internet look lawless, but security just hasn't caught up to spear-phishers yet

IT security needs to catch up to spear-phishing/malware/server-attack combinations

By  

They care that suddenly every high-profile thing on the Web is suddenly bleeding customer data as hackers poke them like underinflated water balloons that refuse to either fail in a satisfyingly catastrophic way, or stop that constant leak down our pants.

Neither "the cloud" nor the Internet are any more insecure than they were a couple of months ago. Some of the attacks – Sony's blockbuster Fubar Series and Epsilon's email-address giveaway, for example – succeeded because of flaws or stupid flaws, or a continuing series of the same stupid flaw in their security plans.

The rest failed because someone with secure access was tricked into giving someone whose identity they couldn't verify a password to get into the system.

Picture the underpaid, terrified guards bribed to open gates in the Great Wall of China to the Mongols, or that idiot in your apartment building who insists on holding open the security door for anyone who doesn't look like a homeless serial killer, whether they have a key or not.

Spear-phishing victims aren't like that.

Usually they're given all the information they think they need to confirm that giving out secure information is not only a good idea, but part of their job descriptions.

That's the whole point of spear-phishing. It works because it satisfies all the security criteria set up to keep people like spear phishers or Mongols or homeless serial killers out of the Circle of Trust. Once they're inside, all bets are off.

Recent history isn't just an alert that Web server and corporate remote-access security systems need to be made more secure.

They're a flashing light and siren drowning out the screaming of panicked users trampling each other to get out of a building that is either on fire, under attack or is filled with enough rumors about being on fire or under attack that everyone panics whether there's a reason to or not.

There's not a single answer to the uber-problem of making the Internet secure.

We've been at this civilization thing for a few tens of thousands of years and haven't made any individual human society completely secure, so it's probably not reasonable to expect it of the Internet.

We can adapt to exploits based on spear phishing – which has proven to be as big a leap in data-theft technology as virtualization and cloud computing have been in legitimate computing – to at least close off some of the more dramatically vulnerable spots.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness