The answer to the question in the title is easy. The bad guys are winning. Cyber crime is expanding both in volume and sophistication.
Securing your confidential information is now a matter of national security rather than just hype! Cyber criminals can steal your information assets as well as cause permanent damage to your computer system and resources. Your compromised digital devices can be enrolled in bot armies that attack other computers like those at the Pentagon, the power grid or our the energy and transportation sectors.
The time to take cyber security seriously is now. You must make certain that your computers at home, in the office or on-the-road mobile device is secure. You otherwise place your family, colleagues, business and customers at serious risk.
You can lose critical information or even be held liable for failing to comply with existing security regulations and controls (i.e. PCI or ISO 27000) or for just using sloppy and weak security measures. You need to be aware of the threat environment that exists in cyber space. You must take affirmative steps to shore up your digital security posture or you are destined to become a victim.
The author recently sustained a particularly insidious and sophisticated cyber attack at home. A pop up appeared on a family member's computer announcing it was time to install an upgrade to Microsoft Office. The family member felt something was strange about the message and we investigated.
The pop-up was really good malware. It claimed to be a legitimate announcement of a software update and even came with product serial numbers, a Microsoft logo and more trappings. The message urged us to download the security update and listed credentials from RSA (a major encryption provider).
We decided to contact Microsoft support. The representative doubted the legitimacy of the message. I offered to take a screen shot of the pop-up and to send it to the publisher. When I issued the command to "capture" the screen contents, the fake message instantly disappeared. I was stunned.
My next course of action was to manually request legitimate updates through the computer's operating system. My computer contacted the remote site and returned the message that all of my applications were updated. Microsoft's technician and myself were now certain that the attack was designed to take advantage of a known vulnerability (it did occur on "Exploit Tuesday") and that was asking the user to authorize writing unknown code to our computer. What would have been written on our computer if we had "authorized" the download is unknown.
Many people would have innocently approved the download of the so called "security update". Doing so would have filled the victim's storage media with the malware that the cyber criminal was trying to install. Worse yet, the attacker would have gained continued access to our confidential information resources.
The rate of growth in malware and the seriousness of losing confidential information needs to be reversed. The only way to do so is for every computer user to become aware and proactive. The problem shows little evidence of going away on its own.
Nearly everyone uses the digital processing infrastructure is subject to continuous attack. Cyber threats are pervasive. Computer crimes pay off and pose very little risk to the criminal. Individuals have little hope of recovering any losses.
There are number of public sources that people can access to get the basics on how to protect their computers. Interested readers are invited to go to the author's website to download the free ebook, "21 Ways You Can Fight Cybercrime".