Brian Krebs, the author of ‘Krebs On Security’ – a daily blog on computer security and cybercrime, talks about the cybersecurity problems, the future of hacking and Cloud Security Technologies.
– Which are the main cybersecurity troubles for common Internet users?
– I think that the biggest problem for the average Internet user is apathy mixed with a lack of interest in how to stay secure online. You know, one of the biggest problems I see with consumers in the security of the Internet is they’re afraid to experiment with computers, they think they might break something. And that’s a problem because you never learn that way. Most people learn about security when they have to, when something goes wrong. So I would say the most persistent and greatest threat that we see today is information stealing (keystroke logging programs) – they are embedded in almost every piece of malware out there. The greatest threat to the security of the user is the keylogger threat, but also the fact that very few users are prepared to have a problem like this. And when they do, they don’t know what to do and they think “Well, you know, antivirus is gonna detect this bad stuff. And so they are left in a kind of a pickle there because they think they’re protected (they are not usually), and when there is a problem, they think that a lot of times the antivirus software is gonna fix the problem for them. Sometimes it does, just as often it doesn’t. I’ll short my answer by saying I think a lot of this could be… a lot of the misery that Internet users suffer could be ameliorated or lessened if they were prepared, and a big way of being prepared for security disasters is to have backup plan – very very few people do.
– Hackers are sophisticating even more their abilities. Which would be the future of hacking?
– I would say greater automation. There’s a lively community of hackers that are building tools that, you know, used to require a lot of skill, to break into some place, leave behind a backdoor, steal the data. Now, most of this is automated. And it’s to the point that almost every aspect of computer crime has been automated and there is a services that you can buy or subscribe to that will allow you to basically point and click. Hacking – that’s what it is. I see that having a gangbuster future, there’s no shortage of very smart people writing these programs.
– Cloud Services are increasing year by year. How could this kind of technology affect the users’ security?
– I’m not sure how they will affect the security of the user. One thing seems clear, and that is the use of Cloud Technologies appropriately puts the emphasis where it belongs, which is on the data. Too many organizations and individuals think about security as putting up bigger walls around their systems, and that’s a losing battle because you put up a big wall, they just parachute in, behind the walls, you know. What is most important is focusing on what data is most valuable and protecting that, and being very aware of where it goes, who has access to it and when it’s been compromised. So in that sense I think Cloud Technology is kind of a buzz word, but the positive aspect of it is that it does tend to put the focus where it belongs, which is on the data.
– Which is your opinion about the new security technologies based on Cloud Computing?
– I’m not a Cloud Computing expert but I think that the more protection the better. The limited experience I’ve had in looking at the Cloud Security Technologies suggests that they are a nice addition to other technologies that people may use or rely upon for their security. Are they mature at this point for protecting Internet users and companies alone? I don’t think so. There’s a tremendous amount of growth there. I think, you know, leveraging the wisdom of crowds, crowd sourcing about the latest threats out there – it’s very promising technology and it’s gonna be interesting to see where it goes.