Cybersecurity; Today we will dare something different. The following introduction is necessary to better get into the mood. iGuRu.gr, as well as our friends from SecNews.gr, occasionally publish big headlines about online attacks.
Here we report that we publish only the attacks that were successful.
Introduction
Can you imagine what is happening globally if somebody decided to publish and attacks that were not successful?
Checking the logs on the server that hosts iGuRu.gr, we observe hundreds of such attacks every day, automated by bots but also by would-be hackers who seem to have studied the structure of the web enoughσελίδαs.
It is also known that our site and our friends from SecNews, sometimes publish vulnerabilities on major websites and online infrastructures.
So, while these specific publications abroad are normal, and help in the disclosure of vulnerability and coercion for immediate repair, Greece is always a risk.
In Greece, we are used to hiding it all under the carpet, and staying there, piling up to someone to pick it up.
But the phenomenon of carpet is not only found in Greece.
Cybersecurity
Information about near-successful or successful cyber-attacks on companies and government agencies often remains hidden. Despite the efforts of specialized and reliable security companies, agencies and companies rarely share critical information, rarely cooperate to controlsecurity systems and very rarely issue early warnings to other organizations that may be at risk.
But let's talk about today's companies working in the field of cyber security defense. Every piece of information stays locked in their "lockers" as they translate it into dollars. Have you noticed security companies working together for the common good? The phenomenon is very rare, as exceptions that confirm the rule.
Why is it so difficult to understand that the exchange of such information and cooperation can contribute to problem solving and risk management in many other areas?
What is behind this long-standing corporate reluctance to exchange information on cyber attacks (whether successful or not)?
Why, whenever we want to publish such information, look at 1000 eventually, fearing a legal system created before the Internet?
Reporting of each incident can only be good for the collective interest, but individual participants may encounter any kind of legal problems, reputational problems, or market failures if they are heard to be hacking.
The Internet has no restrictions, and there are no security doors. Digital locks consist of bits. Thus, it is understandable that there are violations, and as we have seen, they also occur in the "best families."
Reticence and secrecy do not protect anyone, and it maintains a myth and a legal system that can not protect the digital world of today.
The release of the data can help us understand the full size of a vulnerability that will play an essential role in our defense.
Suggestions;
All of the above is not easy, as it contains words that do not like too many: Liability and Rizzle.
In addition to the individual responsibility of each of us, Internet service providers, security companies, and governments are also responsible.
Maybe we have seen examples (confirming the rule) of suppressing attacks from alliance security companies (Microsoft, Symantec, Kaspersky, etc.) but one cuckoo does not bring Spring.
A framework should be set up to allow businesses to share incident data with other anonymous data. This will reduce the risk of bad reputation through exposure.
The states now, because everyone needs the support of the government.
Legal circles and law makers should very seriously consider disclaiming legal liability for companies or individuals who choose to share incident data for the purpose of combating cyber-attacks, providing timely warning to others at risk.
Advanced? Probably not, for the simple reason that the Internet is running faster than us.
Why do I get rid of it? This goes to the security companies, which should start acting as a team… ignoring the profits…. or discovering new wealth resources.
With a final account we understand that the least utopian scenario is the statutory release of data.
