1(630)802-8605 Ravi.das@bn-inc.net

Well, Happy Friday everybody!!  It’s a rainy and cold day here in Chicago, but we are making the most of it today.  After all, itis the weekend, and I have all sorts  of good things lined up, of course, mostly all freelancing work.  But as we close out the week, I wanted to bring up a topic that I had mentioned in yesterday’s post (or sometime this week, don’t exactly remember when).  The topic deals with Encryption.

As mentioned, Encryption is a fancy term for simply scrambling data so that while it is in transit, it is rendered as useless if a malicious third party were to intercept it.  Take for example the E-Mail messages that you send back and forth on a regular basis.  Most E-Mail packages have a built in functionality where after you compose the message and hit the “Send” button, the message is automatically garbled.

Then, once the receiver has actually received the E-Mail, then it is unscrambled into a readable format.  This the most basic example I can give.  Of course, it can get a lot more complicated than this, such as when you talk about it Public Key Infrastructures, Asymmetric Cryptography, Public Keys, Private Keys, etc.  Also keep in mind that there are complex mathematical algorithms that are associated with it, but this is a topic for a different time.

In this regard, it is the United States that is pretty much the world leader in Cryptography technology.  But according to a report, it is ranked amongst the worst countries in the world in terms of offering Encryption based services to the citizens of the United States, and also in terms of protecting its overall IT Infrastructure.  The other countries that made the top five in this list include the following:

  • China;
  • Canada;
  • South Korea;
  • The United Kingdom

According to the report, these countries have a collection of over 61 million servers in which there is at least one exposed network port that is open for hackers to tap into and launch a Cyber based attack.  To make matters even worse, there are also some 13 million database servers that are also exposed in this same fashion.  The following are the database platforms that are exposed:

  • PostgreSQL;
  • Oracle DB;
  • Microsoft SQL Server;
  • Redis;
  • DB2;
  • MongoDB.

The report also states that these countries are most at risk for a large scale Cyber attack, because they depend so much on an Internet based infrastructure for communications, and business transactions to occur.  It also stressed the grave importance of protecting these servers, of course, in my view, everybody states this fact, but the  nothing ever really happens in the end to enhance the levels of protection.

Probably the biggest threat that was launched against the United States IT infrastructure (and for that matter, probably the rest of the industrialized world) was the “WannaCry” Cyber attack that was launched in 2017.  The primary target was that of the Microsoft SMB Server, and while this has dropped off the hit list of the Cyber attacker, there are still some 500,000 exposed servers that remain today.  Finally, the report also stated that in the end, it is not just these five countries that are the most exposed to a large Cyber attack because of the lack of Encryption based protocols being implemented.

As this quote sums it up:  “Even as there are engineering efforts to bolster the domain name system and bring it to modern levels of encryption and security, we still see millions of poorly maintained, misconfigured computers, ready to be abused by intelligence and espionage agencies, sophisticated criminal organizations, and casual, unsophisticated threat actors.”  (SOURCE:  https://www.scmagazine.com/encryption-us-is-the-most-exposed-country-report/article/771988/).

The authors concluded that Cyber threats against database servers and services as well as SMB related servers will be most at risk.  This report can be downloaded at this link:

https://www.rapid7.com/globalassets/_pdfs/research/rapid7-national-exposure-index-2018.pdf

My thoughts?  Well, I am not really surprised in the end by this at all.  Although the United States is a technological powerhouse, and I am proud to be a US citizen, it still lags far behind the rest of the world when it comes to being on top of Cyber security in every aspect.

For example, take a look at the United Kingdom as an example.  Although they may not be heavily invested in the latest technologies like we are, their police forces are probably amongst the best in the world, even along with those of Israel.  They always are vigilant about any credible threats that they receive, and best of all, they get the cooperation of the people to report anything suspicious.

In the end, this just goes to show that Security technology is not always the key to combat Cyber threats and attacks.  Human vigilance as exemplified by these countries is probably even more important.  Back to what I said in yesterday’s post:  Security is like a balance scale.  You need the bests of both of worlds in order to make all of us safe from Cyber terrorism.