The Visibility Constraint
Imagine two players playing a game of chess, with one major difference from a typical game: Player A enjoys a full view of the board, while Player B only has very limited visibility, even of his own pieces. Needless to say, due to this visibility constraint, the game has become infinitely harder for Player B.
This game is played on the internet all the time; it’s called cyber security, and the players are hackers versus innocent, everyday internet users. While both players have their own constraints, the victims’ visibility constraints put them at a great disadvantage.
When it comes to protecting internal networks from cyber attacks, most organizations can only track what’s happening in their own network. But many cyber attacks are part of an overarching campaign targeting entire industries or countries. With organizations’ limited visibility focused only on their own network, the campaign’s other victims are all working alone to protect their network, rather than working together—giving hackers all the more chances for success.
Organizations’ limited visibility opens the way for hackers to operate more freely and use the same types of attacks on multiple targets. If their attack is discovered by one organization, other victims might still remain in the dark. It also means that the same infrastructure used to target one organization can be re-used to target another, thus reducing the constraints the attackers face and enabling them to generate more attacks.
While there have been multiple initiatives aimed at getting organizations to share intelligence with one another, so far these have had little success and limited impact on their ability to protect themselves. The influx of news about organizational breaches is somewhat of a testament to this.
Visibility Constraints and Identity Theft
When it comes to identity theft, the situation is no different. Much like breaches to internal networks, identity thieves often have a number of targets. A typical identity theft attack can start in a compromised e-mail account, move to a cloud storage service by “recovering a lost password” and from there, after uncovering in the cloud storage service the right set of scanned documents, reach the much coveted bank account. Check out this story of how hackers took control of three different online accounts in order to steal a $50K Twitter handle.
A visibility constraint applies in this scenario as well. In most cases, the e-mail service will not share real-time intelligence on attacks with the cloud storage service or with the bank (and vice versa). This information could be crucial to protecting a victim’s identity at any point during the attack, and the hacker benefits from this constraint, freely moving from service to service until he reaches his goal.
None of this is to say that the online services we consume don’t invest enough in our security. Indeed, many service providers are quite mindful in protecting customer identities. Still, much like Player B, they are at a disadvantage before the game has even begun.
As long as we continue to look at our online identities as fragments of information spread across different online services, as standalone pieces, we’ll always have this visibility constraint that gives hackers a great advantage, and we’ll always face the problem of cybersecurity with a serious disadvantage.
Keep yourself protected from hackers
Perhaps now more than ever, it’s crucial to take a hands-on approach regarding your privacy and the security of your personal data and online accounts (Gmail, Facebook, Dropbox, etc.). Fortunately, you can use a number of freely available tools to help better protect your personal information. Here are a few suggestions:
- Get an antivirus solution for both your PC and phone. Check out these recommendations for the Best Free PC Antivirus Software and Top 5 Android Security Apps.
- Never reuse the same password across multiple online accounts, and always make sure you use strong passwords that include letters, numbers, and at least one symbol. To keep track of your passwords and keep them safe and secure, use a password manager like LastPass or PasswordBox.
- Use two-factor authentication on all of your accounts to enhance security.
- Get LogDog, a free anti-hacking app. It protects your personal data and valuable accounts (Gmail, Facebook, Yahoo and more) and alerts you to any suspicious activity so you can take control of your account before a hacker does.
The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.