Does Cyber Hype offer Hope

In the last few weeks we have seen another round of cyber security hype:

• Flame virus running rampant
• LinkedIn passwords broken
• Crypto broken
• RSA tokens broken in 15 minutes

Does this help the cause, identified in the National Security Strategy of increasing the education and awareness of cyber security?

Yes. But not helpfully.

These are all good scare stories to help confirm the cyber world is a bad, insecure place, but do the issues really matter to the general public:

• Flame.
  Turns out it was not quite as rampant as the first reports suggested. Interesting to cyber experts, but no real implication for normal users;
• LinkedIn.
  If using good security practice and using a strong unique password, not much to worry about*.  Changing it is a wise precaution;
• Crypto broken.
  As per this blog, it does not affect day-to-day users;
• RSA Broken.
  See RSA’s response, the “it’s broken” reports are misleading.

What does affect day-to-day users?

• Not having strong & unique passwords for each and every system you connect to
• Not keeping up with patching
• Not using up to date and trustable anti-virus technology

Until we manage to find a silver bullet to eradicate the need for these (and consumerism is making progress here – subject of a future blog), we need to provide much better education.
This is why I support initiatives like

• Cyber Champions
• Get Safe Online
• Article: For ‘enterprise security’ read ‘home computer security’

These offer some hope above the hype.

— end —

* I accept the LinkedIn privacy / mining / aggregation issues are more complex than suggested here.  The point is, this is not the major security impact for the end-user the hype suggests.