Cybercrime Frontline Blog

This past week, I presented at a large cybersecurity conference in Monterrey, Mexico. The conference wasand attended by many leading companies based in Latin America. Mexico is a gateway to Latin America from the United States and is important in a large number of ways to the cybersecurity of both the region and the global Internet community. Monterrey is a city that is home to a large number of multinational corporations and Mexico City, the country’s capital, is also one of the world’s largest cities. Both of these facts highlight the critical importance of Mexico to cybersecurity.

One issue raised during the conference is worth special attention. Some of the attendees expressed uncertainty about how the individual Internet user can contribute to cybersecurity. The view seemed to be that government and corporations have greater power to secure infrastructure, so the individual has only a minor role in cybersecurity. I believe this is a misguided view. This is much like saying that because the government maintains the roadways, that we can ignore the safety of cars on the roads. This is clearly illogical, yet the same view is sometimes applied to cyberspace. Individual Internet users may actually be increasing in importance to cybersecurity.

For years, Cybercriminals have harnessed the collective power of unsecured computers to operate “botnets” --groups of remotely controlled computers. These botnets are used to launch “denial of service” attacks against governments and companies. Such attacks can paralyze a business by blocking online communication channels. Botnets may also be used to send vast amounts of spam, some of which may even contain phishing attacks designed to infect new computers. Looking closer at the corporate environment, cybersecurity is only as strong as the weakest link. Some recent threats against industrial machines are believed to have been introduced by individuals who ignored good security practices and infected the systems.

The individual Internet user needs to follow good security practices not only for their own protection, but because of the critically important contribution that each individual makes to the security of the entire Internet eco-system. A lack of security at the individual level risks an entire government or corporate network. An individual infected device can also be used as part of a botnet to harm other individual users. For these reasons, the individual Internet user remains critically important to maintaining a safe Internet for everyone.