Dark alleys of cybersecurity

The security of the so-called “cyberspace” has deteriorated beyond belief. Some people tell me that my stories are far-fetched and that I view the security and computer industry with some sort of a depressing negativism. I disagree. The problem is, I am trying to stay positive and optimistic. My tales rarely go to the full extent of what is happening. The reality is much worse and scarier. Why do we tend to think then that Internet reality is all cheerful and pink? Because our judgement is severely distorted by our perception of the Internet world.

When you walk around town, you come across various parts and you are usually able to assess the dangers in a valid way. You walk on a wide street, there are sufficiently many people around but not too many to invade your personal space. The street is well lit or it’s day time. There is a policeman on the corner… What do you feel like? Your body tells you it is all safe. Your image recognition and other parameters are assessed automatically and provide a relaxing feeling of “it’s all right.”

Now imagine you are walking at night through a dark part of town. Small streets, poorly lit, the people are scarce. You are approaching a dark alley, it smells funny, there are some indistinct shadows moving ahead. A police siren wails in a distance… How do you feel? You tense up, ready your “fight or flight” reflex you inherited from stone age that keeps you alive in situations like this. Your body sends a clear signal: this place is dangerous. You have assessed your situation correctly.

Let’s now go onto the Internet. We can do it from various places with various devices but let’s stay traditional for the this example. You sit at home, at your desk, wearing comfortable home clothes, your slippers are on, the evening is outside but inside it is all warm and cozy, you have your cup of coffee at your elbow and you visit a website. A bad one. One from the dark alleys of the Internet.

What do your senses tell you about the website you are visiting? Or even about the state of your own computer? Well, basically, nothing. Your standard human senses are dealing with the standard stone age parameters: you are at home, in safety, it’s warm, you feel protected, there is food, no danger. The body is sending you the signal to relax. However, that signal has nothing to do with what you are doing at the moment. You assessment of the situation may be completely wrong.

And therein lies the problem. We are not equipped to recognize the dangers of the Internet. Whatever we do at the computer screen, our feelings of comfort and safety are not influenced at all by our actions. Therefore, we cannot rely on those most basic instincts of whether something is safe to do or not anymore. Not when we are in cyberspace.

The only way to assess adequately the dangers of the Internet is to learn to think about them logically. To perform a logical assessment of the danger of entering a website you must intentionally exclude the cozy bodily feeling from your equations. The equations will also require education and practice. You must learn logically what a good behavior is, what a bad site might look like, what a suspicious activity is and so on. Just the way you learn to drive a car. It takes knowledge, training and cool logical thinking to drive the car without causing accidents all the time. Training and education will over time result in a new kind of situational awareness that will allow you to assess your situation and your actions on the Internet correctly.

Failing that, think of the Internet as a dark alley full of indistinct but dangerous looking shadows. It might help. Or, better, ask someone who knows to help.