Two inky-black trails jet across the night sky. They’re destined for a majestic edifice. It seems as though whatever is creating each dark trail has a singular purpose, unwavering in its intent.
Then there’s a mild noise as each “missile” hits an invisible wall. The source of each cloud stream appears to be deflected. They rebound, scatter, and fly off in unexpected, somewhat disparate directions.
Later others make their way into that same castle. This time, they act with the aid of an “inside man.”
If you’re not too young, or too old (and frankly, even if you are), you’ll potentially remember these scenes from the Harry Potter movies.
Funny thing? They’re a great picture of security in general, and Cybersecurity in specific.
Anyone creating websites, for example, is likely familiar with things that must be done to protect the assets on those sites from attack. Those same folks, or others specially tasked, are equally cognizant of tools to track attempts at intrusion.
One website I’ve built is regularly tested by outside entities (not something I control) for the potential of intrusion. The intent is obvious, individuals—some malicious, some not—are “fishing for data.”
Obviously, I do all I can to secure the data found on the site from exposure.
In the case of this particular oasis on the web, an extremely limited set of folks is “on the inside.”
In that reality, we’re currently blessed. Why? Because the more people involved in the internal workings of such, the greater surface for potential exploits.
You may not know this, but most “successful” unauthorized data access events, involve folks akin to those we discussed from the aforementioned Harry Potter movie, to wit, that same “inside man.”
Far too often, the person in question has no knowledge he or she is being “used” by the person seeking to do harm, or profit from the information gained by breaking into data storage to which a malefactor has no right.
Simply put, an “unwitting dupe” is convinced to give up information that gives another attempting to gain access an “open door” for just such activities.
This sort of thing literally happens probably hundreds of thousands—maybe even millions—of times a day.
There are literally armies of ‘bots, hackers, and crackers out there, who spend their days seeking unsanctioned entry to places where they can “suck data out of” storage locations.
I can hear it now. Some of you are saying, “If the data wasn’t out there in the first place, those individuals wouldn’t be able to access it.”
It’s true, but you need to understand, where there are those collecting information on you they really shouldn’t, in most cases, you’ve not only agreed to people having that data, you’ve literally provided it to them.
On top of this reality, if they don’t keep what they collect, you would have to re-enter it, and by the way, it would be nearly impossible to validate you are who you say you are when dealing with you.
Making this more complicated, that latter truth matters because others will attempt to impersonate you, in order to gain the ability to do things like, purchase items in your name, using your bank accounts and credit cards.
For those of us who make a living designing ways for you to have ready access to the places you like, or need to visit, this translates into a constant battle with the “baddies.”
Imagine, you’re working on a wall used to hold water in a pool. You get things as they need to be.
The night after you do so, someone sneaks in, and finds a way to punch a hole in that wall.
You see that puncture, and move as quickly as you can to repair it.
But the person with evil motives—or some other individual with equally bad, or worse designs—comes along the very next evening, and finds a way to create another breach in your container.
Most plumbers will likely tell you, it’s difficult at best, to stop leakage indefinitely, even without those seeking to cause it to happen.
But imagine constantly having folks attempting to break through.
Such is the lot of people dealing with Cybersecurity issues (read here, “Anyone developing anything for public consumption, that takes in, and most particularly stores information provided by others.”).
Part of the solution to this conundrum, is the use of “platforms” (systems upon which developers build) that are constantly updated and improved to ensure they take the most recent lessons learned about security in mind.
What that means though, is that we must regularly upgrade and update those platforms.
To make this more challenging, oftentimes, the changes made “break” the things we’ve already completed, making it so we must go through and change those things just to keep them working as designed.
Tired of your bank or shopping platform changing things, and your having to continually work to understand their usage?
Being fair, sometimes a complaint of that being the case is totally valid.
Often though, the changes are made to cause your experience, and the associated information, to be more secure from exposure and attack. Of course, that doesn’t mean it’s unreasonable to be put out when the changes are made.
Just remember though, much of the time, those modifications are to keep untoward folk from getting to your already-too-exposed data.
One more thought.
If you want to create, or have maintenance performed on, a website for your business, and choose to use people to do that who aren’t up on the latest security practices, you’re setting yourself up for failure.
Worse yet? You should get used to the idea of periodically reviewing and updating such, for security purposes, if for no other reason.
Remember too, this doesn’t just apply to websites, but to any computer related tools open to others through public means.
Boiling things down, as long as there are those intent on gaining access to the information of others with ill intent (and you may rest assured, there always will be such folks), Cybersecurity, and jobs like mine, will continue to exist, and be exceptionally important.
As always, here’s hoping you’re well, that those around you are likewise, and that you, and they, are happy and healthy. Thanks for taking the time to read this.
