A major point of David Greer‘s talk at AIFS was the hyper-connectedness of people. Most computing professionals are already hyper-connected and most connected people will be in less than five years. Hyper-connectedness here is used in the context that people use a lot of different devices to connect to the Internet, their home computer, their work, access resources and do whatever they want to do by using these facilities remotely. They have many interfaces to the Cyberspace.
So now the attack vector expands: “you or your child uses your home computer to share information through social networks or email and through this process may infect the computer with a virus. You then could use this computer to “work from home” and indirectly infect a work related file or through network connections, infect your corporate workstation”. Interestingly (inspired by a friend who advocates “people get hacked and not machines”) I had blogged about such a possibility back in 2007.
@gkoutep tells me, for quite some time now, that we are to expect “single target” attacks. The need for discipline for us who use different devices to connect to networks that we manage and/or the Internet is more than pressing: Shall we connect to our corporate network using a friend’s computer in case of an emergency? Although most systems now boot from USB drives (which avoids the possibility of an infected host system) what about our friend’s home network? Will “proper procedures” for exceptions be followed, or should one wait until being in front of a better controlled terminal?
While in the “old days” we could relax temporarily some restrictions in favor of convenience, friendship (being friends with the BOFH could result in exceptions) or emergency, this is no more. (Digital) Trust is not what it used to be (or what we believed we could get away with when bending the rules).
We live in a hyper-connected world aiming to facilitate everybody’s daily stuff, but will the need for discipline and caution lead system administrators (and other computing professionals) to start de-hyper-connecting?