In my fourth post in my tenure as Thwack ambassador for June, I thought I would talk about what appears to be the never ending battle between good and bad. If I can get to the end without mentioning 'cyber' more than that single reference and various different coloured hats, then my work here will be done. The purpose of this post is to hopefully spark some discussion around the topic and I would love to hear what your take is.
Attacks on computer systems are nothing new. The web is full of stories of viruses that seem to go back further and further in time, the more you look. The first I am aware of is the creeper virus, which was realised on ARPANET way back in 1971, before even this oldie was born. Over forty years later and the anti virus vendors have still failed to deliver adequate protection against viruses, trojans, worms and other similar bad things that I will bundle together under the label of malware. The problem doesn't just stop at the deliberately malicious code. Software bugs, interoperability issues between different systems, 'helpful' developer back doors. It seems that no longer has one attack vector been patched up, than another 100 fill its place. Technology has for the longest time been used by both sides to get a leg up on the other.
The fact that technology and our pace of life is advancing at an ever increasing rate means that this cycle is getting ever more frequent. Personally, I feel that this is one of the key reasons why it will never end. That sounds a bit depressing but I am a realist at heart (often confused by the rose tinted spectacle wearing brigade as a sceptic) so I strongly believe that if you follow a number of best practices, some of which I highlighted in my first post (Defence in depth), keep up to date with relevant industry news and events and have a good internal culture including all staff being bought in, good documentation/processes and buy-in from the top down and we work together as a mature community, we give ourselves a better chance of being protected. It's not unreasonable to state that the majority of drive-by attackers will give up and move on if you present a big enough obstacle to penetrate. If you don't offer any real defences though, thinking all is all lost, you will almost certainly experience that as a self-fulfilling prophecy.
Let me know what your thoughts are on my scribbles above and what you think the battlefield will look like in 20 year's time.