It is very easy to become complacent with Information Security on a home computer or network, even for those who would otherwise preach IT Security in a corporate setting. There are several reasons why this attitude can develop, even in people whose line of work would otherwise cause them to be more vigilant. Part of the problem is the human tendency to note that ugly things have probably happened to other people because of their carelessness or because they somehow deserved it, but that those things could never happen to us.
Another contributing factor is that by having at least some policies or technologies in place for security, we tend to feel safe enough, and not bother to go the extra mile. (I’ve got a firewall, and antivirus, etc…) The final contributing factor is often the belief that the majority of security incidents are about hackers targeting financial firms, not home users.
Well, I have news for you: Although targeted attacks of corporate entities have gone up significantly over the past 12 months, there is still an awful lot of script kiddie malware floating around which is not going to be nearly as discriminating as a hacker on a mission. Not only that, but there are multiple uses for compromised machines. Quite often, these compromised systems are used in botnets as staging grounds to attack other systems remotely, which would make the owner of the compromised system liable for an attack on, say, some government or financial facilities.
So, even if nothing at all valuable is on your system, it could still lead to indirect losses when your system is confiscated as part of an investigation on why it was attacking a more valuable asset at a bank or government. And you really don’t want to burden of proving that you weren’t the one doing the attacking!
Just a single moment of carelessness, as indicated in this ComputerWorld account, can put you into serious jeopardy, and consume a great deal of your time and energy getting things back in order.
Check out these reports on the increase of targeted security attacks today:
- Isolated, Targeted Security Attacks Carried On E-mail
- Look out for this new breed of targeted security attacks
- Are Corporate America’s Networks Prepared to Fend-off Targeted Security attacks?
- Schneier on Security
- Online criminals shift focus of attack
It’s not just that they’re getting away from just going after operating systems. The attacks are moving up into the application layer, and they’re not just bombarding the entire Internet with worms, as in the past. Now, they’re attempting to keep a low enough profile that they can get more mileage for each vulnerability that is exploiting.
And of course, the human element continues to be exploited via phishing attacks, and other social engineering approaches.
If you don’t believe how much grief can be caused by an attack of your identify via you home network, take a look at the following account of someone who experienced major inconvenience:
As much as possible, you have to be on guard for any and all abnormal activity so that you can quickly mitigate potential damage. You can’t manage it, if you’re not monitoring it.
Finally, these articles provide some prescriptive guidance on the issue of Identity Theft and personal Internet security…
- HOW TO: Get Through Having Your Identity Stolen
- How to Dispute Credit Report Errors
- Protect Yourself from Identity Theft
- Reducing the Risk of Identity Theft
- Security at Home: Personal Information
- CERT®: Home Network Security
Please enjoy safe computing.