With bugs in the system, how safe is the Internet?

No time to act
We are learning that some vulnerabilities are in the wild for years before being exposed, leaving attackers ample time to conduct their business. These “zero day” (as in defenders have zero days to prepare against an attack) exploits were once considered to be theoretical only, but are now commonplace.

Despite dire warnings of the end of the Internet as we know it, both the Internet and its users are more resilient than we give them credit for, and in many respects it is business as usual online.

But that doesn’t mean we should be complacent.

We know that computer crime is on the rise and criminals have access to hundreds of millions of stolen credit and debit card information. We know that they have control of millions of computers where they can extract our private data, use our computers as spam devices, or as part of large scale “botnet” armies that can launch denial of service attacks against critical systems. We know that huge amounts of corporate intellectual property has been plundered and transferred, lessening the economic viability of those companies.

We should be heartened by the fact that there are honest people working feverishly to protect us: security researchers and technicians who keep building better mouse traps.

Police and regulators are doing what they can to track down cyber criminals while educating end users and companies about how to be safer such as the federal government’s Stay Smart Online campaign. There are many responsible companies investing in updating hardware and software.

Like so many social issues though this problem won’t be fixed any time soon. Perhaps it never will. But it won’t all come crashing down around us either, in spite of some media reporting.

Beware of fear fatigue
There is always the danger that people become complacent as more and more security threats are reported so it’s important to be aware of the risks and take note of any advice.

Simply asking people to swap to alternate software or systems is not always the best as it assumes those other options are safe. As I said before, are they safer?

So what’s the best advice on how to get by in this threat environment?

As end users, we need to make sure we have unique and hard to guess passwords, and change them often. We should patch our software with updates as often as they are available. We need to use security software where possible.

When it comes to using the Internet we must be careful where we visit on the Web and whose e-mail and other messages we open: just like in the offline world there are safer places to visit and people to interact with.

But we must also demand more products that are fit for purpose, just as we do with the safety standards of physical consumer products.

We should expect companies to understand the value of the business they do with us, and of our data that they hold in trust. Boards and CEOs need to care about this as much as they do about their brand.

Alastair MacGibbon is Director, Centre for Internet Safety at University of Canberra.This story is published courtesy of The Conversation(under Creative Commons-Attribution/No derivatives).