3 easy steps to better cyber protection

It seems it is hard not to go online and see the warnings and growing concerns about the threat cyberattacks pose to our nation and to us as individuals. An analysis by Panda Security found that approximately 50 percent of computers it scanned were infected with some type of computer threat. As graphically illustrated in a previous column (“Threat intensity of cyber aggression to rise in 2012,” January/February 2012), the threat intensity of acts of cyber aggression supports the increased attention and concern.

Multiple reports provide supporting evidence of the dramatic increase in threat intensity. One report stated that in 2011 there were approximately 70,000 new strains of malware daily. We all have an important role to play in cyber defense. Every computer and connected device is a potential cyber weapon waiting to be loaded and used by criminals, terrorists and rogue nation states.

Related coverage:

Accurately stating the cyber threat situation

Users of connected devices are on the front line of cyber defense. As a user, you now have a responsibility to make sure your connected equipment is not compromised through your omissions or negligence. Here are three really easy things you can do so you don’t become part of the problem:

• Make sure your system is up-to-date, having all the patches applied.
• Install antivirus/security software and keep it up-to-date.
• Make sure the firewall that comes with your operating system is operational.

Taking these three steps will make a big difference. Last year two separate reports concluded that 99 percent of Windows-based malware attacks can be stopped by the simple steps of turning on firewalls and applying routine software updates. Now add the increased protection that antivirus/security software provides, and you can see how these three simple actions make a big difference.

One approach is to establish minimum security standards for every connected device. Some security professionals believe these tasks should not be left to the users. A firewall that cannot be turned off should be mandatory. Others have proposed that every computer sold be required to have antivirus software installed that can’t be disabled and updated for the life of the computer.

How would you feel if the computer or smart phone you use is compromised by your actions or inactions and used as part of a cyberattack that causes disruption of the critical infrastructure or to commit a cyber crime? A 2008 cyber briefing stated that approximately 30 percent of the bots used to generate the distributed denial of service cyberattack traffic against Estonia were in the United States. That statistic really struck home as to how everyone must play their part in defending cyber space.

Could you be held responsible? Could legal consequences be on the horizon? One lawyer who asked not to be identified said, “We are expected to maintain our cars and trucks. We make sure the brakes are working so we don’t crash into other vehicles or other physical structures and cause damage.” I think we are nearing the point where we may see similar computer maintenance expectations.

It seems like we have had the same approach to computer security for more than a decade. The situation did not get better, it became worse. It is time we come up with a different approach. The good news is that we are beginning to see a new group of startups with new and unique ideas about cybersecurity. In 2011, the Defense Advanced Research Projects Agency (DARPA) stated that it would drastically increase its budget for cybersecurity research. DARPA officials went on to say that their investment in cybersecurity research will increase by about 50 percent during the next five years. In addition, MITRE, a nonprofit technology research organization, established its Advanced Cyber Security Center that will work on this critical problem. However, the new approach needs to move well beyond updates or new technology. We need to address the training of users and protect against their all-too-frequent blunders. Although we have heard it before, it rings true again that the combination of people, process, and technology are still the three keys to success.