For many employees in companies and private users, security is complicated to understand. The first part of this small blog series is about the reasons why we struggle with IT security.
When it comes to technology or IT, many people switch off immediately. Often it is said: “too complicated” or “that’s not my topic”. When it comes to quantum physics, this is certainly understandable because it is about complex specialist knowledge and something unusual – I cannot have a say on this topic. HOWEVER, with IT security, the case should be different: The topic is significant for all Internet users – regardless of age, gender, occupation, or other factors. It is about nothing else than the security of one’s own “digital selves”, for example, the security of the Amazon or Facebook user account. In the case of companies, even their economic existence is in jeopardy. But for many of us users, securing computers is a Mobile device, and IT systems from cyberattacks are very complicated and abstract. Why is that?
The Danger Is Not Visible.
An excellent example of this is the medical field: I’m in a high-security laboratory somewhere in the world. The highest security level applies here. Scientists are researching viruses and bacteria that can depopulate entire stretches of land, for example, Ebola or Lassa viruses. Well protected, I look at Yersinia pestis – also known as the plague – under a microscope. You can see elongated structures that resemble a capsule. The danger posed by these pathogens is easy to grasp for us humans. Another factor is also decisive: diseases such as the plague, flu infections, measles or chickenpox are visible through external symptoms. If someone has a high fever and a severe cough, it is clear that this is an illness that needs treatment. We also take precautions to avoid contracting diseases. For example, we are putting on a medical mask in the current Covid19 pandemic to endanger ourselves or other people.
People have a general need for protection, and nobody wants to be in danger. This desire is based on our very own instincts. Our senses show, for example, whether a food is edible. Our instincts warn us of various dangers, but this does not work for all risks.
We often talk about instincts, but what exactly is it? The term describes a kind of reaction pattern that occurs in different life situations or situations. Therefore, an instinct is a kind of inner disposition that urges people to take a particular action. To a certain extent, an instinct puts an automatism or mechanism into effect based on a key stimulus, making a person act accordingly. For example, if I saw a predator in the wild, I would immediately try to run away to avoid the danger.
IT Security Is Often Incomprehensible.
I have a virus analyst, CyberDefense show me the details of a malicious program. The choice falls on one of the numerous Emotet-Variants with a worm component. What I then see are many lines of program code with memorable characters and numbers. Is that malicious code or just randomly typed letters, numbers and characters? While the plague bacterium is visible under the microscope in the high-security laboratory, Of course, I trust the analyst, who explains to me precisely which program code enables which malicious function. With that, I understand how dangerous the malware is and poses a serious threat to me. Many other people may have switched off again at this point.