Time Stamp 01:12:00 – 01:12:38
“Everybody starts believing that they will be held accountable if they have poor security on their systems, whatever their systems are, whether it’s their companies, their personal systems, or whatever. Because, really security is…The problems we see are death by a thousand cuts, and you stop a thousand cuts by a thousand people putting band-aids on themselves, and that’s what needs to happen. So, if I were to wave my magic wand, I would make sure everybody feels that they are responsible and that security is a must, and that people take responsibility for what they have control over.”
Ira Winkler started with a psychology degree, which lead to the world of “social engineering” to the world of hacking, which Ira claims to be nothing more than uncovering poor habits and poor administrative behaviors. “It’s not that the bad guys are good, it’s that the good guys are bad at protecting the systems”. Computer hacking boils down to taking advantage of things that should not be there to take advantage of in the first place.
According to Ira, there is this false sense of crediting hackers as geniuses, when in reality it is not doing the things that should commonly be done. Ira equates it to a person that has only bows and arrows, the person with a gun must look like a genius.
Ira really simplifies security vulnerabilities as primarily bad administration or bad use of the computer. Seventy per cent of computer hacking is because of something a user does and is otherwise preventable.
Ira Winkler shared a current example of how Twitter was recently hacked (someone doing stupid things), again far from the theory of genius hackers, and more along the line of a user not doing the things that follow common sense. It is adding up all the little failures that allow access to the areas that cause the big failures.
The things you can do, like allowing automatic windows updates, automatic patches, current malware protection, proper password protection, firewall, etc. The latter mentioned steps are what you can take to become a responsible cybercitizen in the digital age. There is simply no patch for human stupidity.
Ira believes one of the greatest threats today is a “Botnet”. Shamefully, the United States is home to the greater number of botnets worldwide. Simply stated, your computer is at the control of a cybercriminal along with thousands of others. Why? Because the end user has not followed the simple steps to assure their computer has the necessary technology to defend against malware intrusion. Another major factor to this botnet problem is the attitude and complacency on the end-user…As long as it doesn’t bother me, I do not care who is using my computer. You had better unplug form that kind of thinking…Your actions, or lack of, are putting others at risk and you are liable.
One of the major problems on the Internet according to Ira is that there are no repercussions for bad computer security in general. Individuals who lose their data have little recourse and life goes on with minor attention to the hack. On the other hand, if your car is stolen because you left the keys in the car you become subject to a lot of possible aggravation. You are out of pocket financially, or your insurance may go up, so there is an incentive not to be careless with your car because there are consequences, like wise with your home. Unfortunately, on the Internet there lacks a sense of responsibility and moreover a lack of any repercussions due to the bad things, or bad practices by careless individuals. Bad things do happen because of other individual’s inactions.
I enjoyed Ira’s analogy of the excuses people make for not being responsible digital citizens. An individual will complain about spending a thousand dollars for a PC, and continue to grip over having to spend additional money to assure proper malware protection on the Internet. For Ira that dribble makes as much sense as going into a car dealership after spending thirty-five thousand dollars for your automobile and then complaining having to spend money to fill your gas tank every three hundred miles.
The CyberHood Watch partners, Dave & Bill have made the same analogy in the past that you spend money on your PC, the Internet connection, software, and all the amenities. Yet, when it comes to the personal protection of your private information, many complain about spending a few dollars for what could ultimately end up saving their good name and/or their entire financial wealth. Your good name and security is worth it, spend the money where it counts.
Internet security should be looked at as a process and not a technology, and regulators and regulations should be looked at as a process not a technology.
Beware of the “Smart Grid” this could be potentially the tipping point for a future disaster.
Thanks Ira for sharing your time with us today on CHWradio.
david c ballard