I was sitting thinking about some of the crazy sayings people have, some of which are true, such as, “Never put your eggs in one basket” or “A stitch in time saves nine.”
These and many others are as true today as when they were first coined and are just as relevant to us at home as they are in the middle of all that high-tech IT infrastructure. There's one saying though that doesn't quite ring true. If it did I guess we would all be out of a job and looking at other methods of making a dime. Call me a cynic (many do), but where would we be if, as the saying goes, "crime doesn't pay"?
The security industry is built on the foundations of mistrust and the criminal intent of others. Without that there would be no need to embellish the pages of business magazines with expensive advertising, nor would there be a product to promote, or for that matter, review. The fact that hackers and virus writers and indeed industrial spies have the tenacity to continue, regardless of the new and significantly better solutions that the industry develops, may indicate a little bit of the cat and mouse syndrome (on the lines of Tom and Jerry - naturally). You see if we were being honest with ourselves we'd realize that we do actually need this continuous flow of cyberabuse, not full out war, but a steady stream of drive-by hackers and script kiddies to bolster the corporate need for our legitimate wares.
It could even be a case of "Give the devil his due," because every vulnerability that the bad guys utilize will mean overtime for the good guys writing the patches, new software versions and the development of new tools to find better ways to deal with the known threats. All of these pay the employee's wages and also put money in the corporate coffers. And the nature of the beast determines that "If at first you don't succeed..." and these guys wait for the next 'unique' solution and the next un-crackable firewall and yes, you've got it, they just keep right on going till they beat the damn thing and give us more work to come up with something else to counteract their evil deed.
What would happen if the entire hacking scene got a dose of the 'consciences'? What then? Would we fuel our own fire or declare a victory? I feel the latter is unlikely and therefore, I am compelled to ask the question - whoever said "honesty is the best policy"? Okay, in short, what I am saying is very simple: "You cannot have your cake and eat it." You can't complain bitterly about the bad guys and then make a healthy profit off their backs; the ones who suffer are the customers who need better security now, not next time they are compromised. However, without crime we would have no business so I guess it's a case of "you win some, you lose some."
Jayne Parkhouse is reviews editor for SC Magazine (www.scmagazine.com).