Currently, security represents a big problem for computer activities, both on the Internet and intranet. The monstrous size of the security problem creates a challenge that is exceeded our ability to defense. The great economic losses are evaluated millions or billions of dollars according to the attack type it refers to.
The three known actors of this event: users, companies and programmers are the weak parts of the security information link. Of course, among them there are important differences in their magnitude and features. Users, the weakest link, are defined by their low technical knowledge about all the technological phenomena which they daily must interact, work and personal event. Perhaps educated by business marketing to use technology in a easy way, they think it is not necessary to “learn” anything, only using devices.
It is very concerning that many users don’t have any properly “criteria” to create passwords, and publishing crucial information on social networks. Finally, they are “victims” about data “extraction” by corporations and cybercrime groups. Companies are the second weak link in the security chain, they have “demolished” the labor market applying low cost philosophy, and moving decisions gravity center from engineering or technical area to legal department, marketing, advertising and finance. Low cost policy generates low income in the technicians (programmers, computer security, system administrators, etc), labor flexibility, don’t pay for personnel training, and “saving” to realize a testing sets, and security audits.
Finally, programmers and technical team end up loading in their “backpack”, problems generated by users and companies. Notice that low income, and labor flexibility “pushes” programmers to have a “passive” attitude and bad practices. Software development begins a hellish path: “copy paste”, unleashed use of libraries or “frameworks” unknown by the programmer, “spaghetti” code, poor design work, etc. Allowing design errors, programming language errors, and human errors. Consequences will be programs, with low performance,incoherent design (not allowing scalability, and refactoring), poorly documented and potentially with many “vulnerabilities”, that will be exploited later by hackers. This explosive “cocktail”: “ignorant” users, “thrifty” companies, and programmers “pressured” by relentless delivery dates, will result in what we call a “shabby” program, and justifying enormous loss figures mentioned above.
In the near future, due to the IoT technology there will be 50,000 million connected devices, it will be the age of “Web3”, “internet of things”, 5G connection, AI, blockchain, virtual reality and robotics, will allow connected infrastructures, driverless transport, digital communications, etc. will request complex programs and very critical security requirements. When we think that users, companies, and engineers (programmers, system administrators and hackers) are not, at this moment, ready to face the huge challenge that it’s coming, we only can expect an age of Cyber_Insecurity instead Cyber_Security.