Caring about Security in an unsafe fast-paced world
A few words about
my childhood and how this connects to my deep will to care about security. Since the moment I started fiddling around with computers, I realised how important it is, keeping my private data, for personal consumption only. For every digital movement I used to do, installing a program or simply creating a file with the wrong permissions, It was clear that a risk was arising. A shallow understanding of the aforementioned operations might affect your computer in such a way that the entrance to a private digital world can be violated easily. Malicious guests can access personal data or even worse impersonate you, enjoy the journey and then hurt you financially and not only. At a young age, I remember how people used to point Limewire (if you are too young to remember this, Limewire was a Java file sharing application) to their personal directories. Attackers would take advantage of such data and share them on mIRC or keep it for themselves and use them for malicious purposes.
The world
likes to move fast. Users execute workarounds prefixed with sudo
and install software from untrusted sources just because it is free. Most people click on the Accept All
button when a website transparently notifies them that they will be profiling users. How many times did you push the OK
button on the Access to Photos
or Access to Microphone
or Access to GPS
questions of your iDevices? How many times did you consider why an application that supposedly doesn’t need voice input requires that permission? I don’t think that you must reject the convenience of using all these apps but please do so with a light dosage of scepticism. Please genuinely care about who created an application and why it asks to violate your “personal space”. Everyone owes to be vigilant to this weird landscape that distributes your data to a place located in “the cloud”.
Against me
is the pace on which we shifted towards software delivery. Such a shift took a toll on Information Security. Companies don’t realise how quickly the shit will hit the fan should a Security breach has been identified. Unfortunately there are only a handful of companies out there that go strong about information and cyber security. Most companies rely on the 80⁄20 rule hoping that no attacker will go the extra mile to exploit this remaining 20% that requires 80% of an employee effort to be secured. Security vulnerabilities and computer attacks is a risk and a risk is not to be taken lightly. Would you ignore a trustpilot review that throws a product that you potentially want to buy down the bin? Probably not! Why don’t you care about Security?
Update: Re-reading this article recently made me want to apologise about the tone that is being used throughout it. I value security a lot, maybe more than I should and writing this article after a marathon of meetings about prioritising security work didn’t help.