Criminals get a head start, but we can chase them down with laws, industry tools, and consumer protection
In cybersecurity, the bad guys almost always have a head start on the good guys. There are several reasons for this, but basically security is fundamentally reactive, and there is asymmetry in the battle.
Firstly, security reacts to stop attacks and plug the gaps so they cannot reoccur. But security does not know how or where or with what the next attack will occur. Security companies are continuously trying to second-guess future attacks to make them harder for the criminals, but attacks are unknown quantities until they happen. By the time people, businesses and security firms have come to terms with one type of attack, the criminals have moved on to a new modus operandi.
Secondly, there is asymmetry between attackers and defenders. Every computer is faced with thousands of criminals and criminal groups, ranging from elite nation-state hackers to organized crime to wannabe hackers using crime-as-a-service hired tools. The defender must beat every one of the attackers, while only one attacker needs to beat the defender.
Attacker’s tools
There are three primary tools that assist the attacker: zero-day vulnerabilities, the dark web, and the optimism bias.
Zero-days: All software has bugs. Bugs often translate into vulnerabilities. A zero-day vulnerability is one that has been found but not yet patched (fixed) by the vendor.
Criminals find and exploit zero-day vulnerabilities. There is no defense against a zero-day attack beyond detecting the attack and mitigating it as quickly as possible after it has happened.
The dark web: The
Support the originator by clicking the read the rest link below.
