As the saying goes, the only way to truly secure a computer is to remove the ethernet cable; I have heard this often in my early days learning I.T.; however, even that is not true anymore, is it? Cybersecurity is an odd field as there is really nothing one can do to completely eliminate the threats that our systems, networks, and users face every day. The best we can do is reduce the likelihood of the event happening, as well as the event’s impact. Although the thought that I’ll never be able to protect against viruses entirely can be almost maddening to comprehend, it also ushers in a new thought process that does nothing but motivates my work ethic and the quest for learning as much as I can.
There are undoubtedly many things one can do to considerably reduce the attack target of a managed system, its visibility from would-be cybercriminals, and even steps that would make performing the attack either too time-consuming or resource-intensive to be considered appealing. However, dangers are always present due to the fact that technology changes practically every second. You can spend months learning the ins and outs of a system and then spend another few months threat modeling and applying fixes to any found vulnerabilities only to discover that the next day, a patch or update on that system by its manufactures will be released, ultimately rendering all of your previous work useless. However, I suppose one could ask if we would really like a world where security was simple and lasted forever? I, for one, do not think my boss would keep me around if I were not needed to continuously test the systems I build, looking for gaps in each protective layer. Furthermore, I believe I would be bored out of my mind if it wasn’t a daily challenge to keep my organization’s security ahead of the competition and with those who seek to utilize cyberattacks like viruses in their attempts to best me.
I would argue that even with an impenetrable system, the human element is still present, and, as we all know, the everyday user is bound to click a spam email from a ‘Nigerian Prince’ or download a free guide to losing weight. There is literally nothing we can do to entirely thwart a virus from wreaking havoc on our systems, yet, on the other side of the equation, there isn’t necessarily a one-size-fits-all approach for cybercriminals to use that always guarantees their attacks will be successful. Us, on the defensive side, and cybercriminals, playing offense, is a never-ending football game that I honestly cannot wait to be a part of. Put me in, coach.
Simpson, M. T., & Antill, N. (2017). Hands-On Ethical Hacking and Network Defense. In Network and Computer Attacks. (Third ed., pp. 55-80). Boston, MA. Cengage Learning.