09 Apr Will we ever be truly secure online?
The recommendation this week that everyone should change all of their passwords as a result of the ‘Heartbleed Bug‘ has taken the world by surprise. Sort of.
The scale of the problem is so enormous that many people will adopt an attitude along the lines of, “Well, if it’s affecting billions of people, they’re never going to target little old me.”
Whether people choose to take the risk or not is personal preference, but the entire ordeal raises an interesting question: will we ever be truly secure online?
I think the answer, sadly, is no.
Digital security is still in its infancy. A century ago, a bank was guarded by a handful of guards, big walls and a vault. Today, we might expect CCTV, biometric scanners, lock-code mechanisms and other technological defences guarding the contents of the bank’s inner sanctums from would-be thieves. I imagine that in a hundred years time, digital security will barely be recognisable.
Yet it is still technically possible to rob a bank, if you know the intricacies of the system inside out. And given the nature of the internet, and the frankly staggering scale of interconnectivity around us, it seems probable that security will continue to play catch-up.
For while banks and high-security buildings upgrade their systems to stay ahead of the game, the Heartbleed Bug has demonstrated how online security is in a constant catch-up: patching vulnerabilites and exploits discovered previously. Heartbleed itself has been exploitable for over two years.
And the scale of this latest exploit is quite mind-blowing. In school, we were taught that when buying online, we must look for the padlock at the top of the page. That, we believed, guaranteed the safety of our details and information. Not so, it transpires; at least not for the last couple of years.
If one believes technology to be fast moving, the world inhabited by security experts and hackers moves at light-speed. Exploits are discovered and patched on a daily basis all over the world. For each line of code that is written, the possibility of human error in that code exists. Furthermore, as each line of code is placed after the last, the possibility of a security hole existing somewhere in the code, based on how each line interacts – even if each line of code exists is written well – grows. We find ourselves with leaks, gaps and potential exploits all over pieces of software and our security protocols.
The faith we place in these systems is almost unwavering. We have got to the point now where, even if something like the Heartbleed Bug were to drop every week for the rest of the year, we’d still go about our daily lives. We’d keep plugging in our bank details to order that pizza, or sign up to the gym, or buy car insurance. The reason? We don’t really have a choice. The world has changed, and the risk and potential of being online has been accepted by most. It would take something cataclysmic for that to change.
When you think about it like that, that’s actually pretty scary.
Thankfully, I don’t think that’s likely to happen. Much like real-world security, where terrorists and counter-terrorist agencies largely cancel out the threat, those who want to exploit and steal our details will be faced with ever-growing numbers of data security systems, experts and resources.
Will we ever be faced with a cataclysmic data security breach – one that is likely to change the way in which we interact and provide information online? Hopefully not. Will large exploits still appear going forward? Unfortunately, that much is certain.