Fundamentals of Computing Security in the World of Modern Malware and Threats
Because the transfer of data used to function through the Sneakernet, personal computing in the 80’s and 90’s was a lot more simple. The slang term refers to the method users must adopt, copying data onto a floppy disk before physically delivering, or “sneaking,” the disk to its intended destination, as it the deliverer were wearing rubber shoes. In this modern age of mobile and the Cloud, an evolved form of Sneakernet essentially still exists. Gaming consoles still use optical disc media, and users transfer huge files using a USB flash drive or a portable hard disk.
The convenience of network transfer saves users a lot of time when sharing digital data with other people. However, the price to our security and privacy is increased public exposure. The vector where undesired software could be installed in the early days was through portable physical storage media. As complexity grew, storage capacity increased, and storage media evolved in various forms starting with tape, floppy disk, CD, DVD/BluRay, USB and portable hard drives. Since the way to transfer data is through a physical medium, control and IT policies that limit the use of portable storage devices have not been enough to secure the enterprise.
Employee use of external storage devices has been regulated, especially now that we know how malware spread during the early days when setting up a network cost big money. The main reason why security procedures were so easy to implement was due to the nature of non-networked computers. They operated independently from one another unless someone in the organization was technically savvy enough to use the Windows Direct Cable Connection to create a quasi-network between two PCs.
Back to our present day computing era—mobile is the hot trend, while network connectivity everywhere and anywhere is the rule. With the rise of IoT, even those appliances considered as non-essential to the network became a constantly running device—every day, at every hour. The parameters of how to secure a corporate network can no longer be defined by an IT policy alone. The cybercrime scene has grown from simple pranks to elaborate malware infections with major profitability to malicious designers. They even expanded their business by selling their exploits for a fee, targeting organizations who might want to destroy their competitors using illegal means.
The moment we became a global society of 24/7 internet-connected devices, the cost of securing our convenient computing life grew at an unprecedented rate. Trend Micro, one of the mainstream antivirus vendors, stopped an estimated 66.4 billion malware cases last year on their own. Yes, billion. And it should be noted, an antivirus program is not even enough; it needs to be supplemented by antispyware, antispam, and intrusion prevention systems.
The cybersecurity industry’s growth is a byproduct of the need to protect our continuous, uninterrupted internet connections. In order to gain peace of mind, organizations must now invest in a suite of security products. The cost of these services includes those of the license and support contacts—not to mention the way layers of security can slow down the overall productivity of the host PC.
System administrators need to invest in training about how to properly secure their organization and how to use the existing security tools their companies have acquired over time. Knowledge to secure a network installation is never cheap, and new developments always happen, which is why system admins are required to boost education. By 2022, it is estimated there will be a shortage of 1.2 million IT professionals managing corporate networks.
But last May 25, 2018, the EU regulation known as GDPR was established and essentially paved the way for a safer personal and corporate future in computing. By adopting the Terms of Service, companies operating globally have committed themselves to compliance. All enterprises in the EU-member state must now invest in a stronger overall security infrastructure. This reality has redefined the corporate goal from “for profit only” to “for profit, but also for user privacy and security as well.”
The corporate world has received positive feedback for this measure, especially given an estimated 81% of decision-makers are now serious about investing in all the procedures, policies, and equipment necessary to protect their data.
Julia Sowells280 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.