Security vs. convenience or privacy vs. security or freedom vs. control? Sometimes we have a hard time deciding what is better for us and what makes sense. For those in the cybersecurity field, convenience is un-security, your privacy is protected by monitoring your activities to identify the normal patterns in order to alert for abnormal signs. You can not have it both ways, you do need to give up control ( not freedom ) in order for some else to help you provide your with the desired level of security. The fundamental premise of security is monitoring. Think about your kids, you can not protect them unless you know where they are and what are their plans in order to be preemptive instead of reactive. Without this kind of access to their lives, you could not provide preventative services, you will always be reactive to events and will be late to protect anyone. It is not about losing freedom, but providing protective services so you can be productive and focus on your assigned tasks instead of reducing your productivity due to your lack of skills to protect yourself. Keeping up with the skills required to provide meaningful services is a full time job, so you have to outsource that skill to someone else who is qualified for the job. It is like mowing your own lawn since you do not want to give up control of your grass. It is convenient, cheaper, and more efficient to let professionals handle trivial tasks. Have you aver tried to do something yourself to save money and it ended up costing you more time and money than if you hired some else to do the job for you? I think, every one has.
So, think about cybersecurity and monitoring not as a loss of freedom, but a service that allows you to focus on what you good at, but only give access to those who have a vested interest to protect you, not to profit from it.
Many times, people are afraid of government agencies and ignore the businesses. Agencies like NSA has a vested interest to enforce laws and protect citizens, not to snoop or to profit from collected information. Collection is part of providing security in a legally controlled manner where no on person has authority over all data and their usage. On the other hand, businesses have a vested interest to continually and in real time monitor as many individuals as possible in order to provide advertisement or directed sales pitches. They thrive on knowing you more tan you know yourself regardless of law or regulation, if the can profit from it, they will use this information to anyone who is willing to pay for it. There is no write or wrong here since we use services mostly provided for free, thus we willingly give up privacy to our information. Like I'm using this blog, so by the end of this blog, I will get advertisements based on words I use in this blog and websites I might mention. When I click on save, the words will be indexed and associated with my id and a profile is built about me that will be marketed to anyone interested focusing customers like me.
So, while NSA might collect data on my international calls, it might be used to generate some basic profile about me and if I break the law, that information can be pulled and analyzed to find out what made me change or to act in a certain way. For profit organizations are like a wild wild west, they hire the best of the best to find ways to figure out how to make me buy things I don't need. They are interested in all my button clicks and even on clicks I was thinking about, but decided not to click. All this is in real time and marketed for profit. We never even bother to read policies on websites we sign up for and use. We never question what businesses do with the information we share or where this information is stored or even who owns the data we publish on the web.
My point, is that cybersecuriy is about monitoring to protect you and that is what agencies do for you, so you can focus on creating your wealth in whatever business you are in. Businesses are the entities that we should be more concerned about and limit what they do with information we provide. After all, the Internet was created for information sharing and just because I'm being analyzed as I'm writing this, I did not give up my freedom to talk about what I feel strongly about. I'm being analyzed to make sure we can reach many people in a secure and responsible way.
Technology pose challenges to those who provide services since data grows exponentially and it is harder to distinguish approved traffic from malicious traffic. Monitoring activities allows intelligent systems to identify normal traffic and learn consistent behaviors. I like to fill up my car at the same gas station and fill up to a value divisible by 10 plus $0.01. Security is about establishing consistency, so if I see charges on my credit card for $50.01 at a gas station, I can see that it is normal, but a charge of $50.54 is not. Now, that is a pattern that can be coded and entered into a system or an intelligent system can learn this pattern and alert for out of pattern charges. I might make a mistake and fill up my can to $50.75, but that is just a false positive that I can handle even if I get alerted for that charge.
Security is consistency!
Learn about the type of monitoring software can do and think about the patterns that might help professionals in this field do their job effectively. If you think about consistency and not monitoring, then you might appreciate monitoring and the purpose of cybersecurity.
http://youtu.be/RR3bS5g-KTE
I think the main difference is, people feel giving control to their companies is a trade off for services or even necessary for the service. Where as with the NSA, their own information will never be needed (as they feel not like criminals), and they are not getting any direct benefit. The power each has beyond your information is also greater, a nefarious company might use your data to steal or profit from you, but can't imprison you.
ReplyDelete