Anyone not living under a rock should at least have some general awareness of security related issues as it applies to our way of life. Most people will be very familiar with security related issues as it applies to the "real" world. For instance, most people will have locks on their doors, have cars that can be locked, some societies have burglar proofing in front of their windows, gates, alarm systems to detect intruders etc. Our lives are surrounded by measures meant to protect us from security exploits.

The same applies to the "virtual" world - in the electronic bits that flow through the copper and optical fibre and air veins of our digital networks. Just as there are real threats to our real world, we encounter virtual threats in our virtual world. Do note that I am not using the words real and virtual by their common meaning, virtual is no less real than real. It is just referring to existing digitally, as opposed to physically.

In the virtual world we encounter many security issues as well. Most people have heard of hacking, passwords, anti-virus, firewalls, HTTPS, encryption etc. All those concepts refer to protecting oneself from various security related exploits. These exploits do not (usually) attack us directly, but rather our digital presence and our information.

By far the most energy is spent on the prevention of an attack. Locks, burglar alarms, firewalls, passwords, anti-virus, etc. are all there to prevent intrusion. However we rarely focus on intrusion detection. If you ask someone how many times a malicious person attempted to gain unauthorized entry to their homes, most people would not be able to answer that question. Most people (except some larger corporations with properly managed UTMs) would not be able to tell you how many times someone tried to hack in to their home network, their corporate network, their smartphones or their smart fridge. As long as they see no obvious compromise, they will remain oblivious.

Would you know if someone picked the lock to your home, and just walked through your home, just performing reconnaissance? And then locked the door again on her way out? I very much doubt you would. We only notice when something obvious has been changed, moved or removed. The same applies to our digital selves. When you try to browse to your favourite social site and instead only see advertisements for some shady product, or a big red warning that your computer has now been held ransom and your data been encrypted, or you stop having proper internet connectivity do you start to suspect an intrusion.

I have performed some tests to see just how bad this situation is. First ask yourself, for a typical server on the internet, not part of a large corporate but rather insignificant in all respects, how many intrusion attempts would you suspect occur per year? Per month? Week? Day? Here is a typical day in a typical insignificant server's life - and remember, these are not all the possible attacks against it, just a subset of some known attacks that are being monitored. It is at least this many attacks, possibly much more:

If that does not startle you, you must be an android. In 24 hours this insignificant server experienced no less than 1568 attacks. If the server was configured incorrectly, or running unpatched software, or configured with weak passwords, it would have been compromised immediately.

Now for the big question:

How does knowing about something change our perspective versus not knowing?

Whether we have installed monitoring software or not, i.e. whether we are observing a phenomenon or not, does not change reality. At least, as long as we do not delve into the quantum physics realm this logic applies. At the quantum level our observations collapses the wave function and that alters reality. However, we certainly behave differently when we are aware of something than when we are not. And if we react correctly, we may just be able to improve on our situation.

Knowing about the significant rate of attacks against a server forces us to be more pro-active, to want to know even more, to be able to detect more, to prevent more, to lock down better, to keep up with patches better. It forces us to face reality, that we cannot assume we would not fall victim to an attack because we are insignificant (i.e. not a high prized target like a government or military institution).

If you knew that bad people are trying every day at least three times to pick the lock on your front door, would you not immediately re-evaluate the quality and security of that lock? And thus prevent a potential breach of security?

There are two major kind of aspects we can possess knowledge of. Those aspects we can have an influence on or improve on in the future by having this knowledge, and those aspects we have no control over. An example of the former is knowing about the significant rate of attack on a typical server - that knowledge is powerful and beneficial because we can improve our security and potentially prevent many kinds of future compromises. An example of the latter is knowing when you will die. If it is set in stone, then does that knowledge really make your life better?

My opinion is that it is always better to be informed, to know about something, but only generally where we can change the future to improve on the situation at hand.

Now imagine 1568 attempts to pick your front door lock during the next 24 hours... Quickly go patch your servers and lock them down as best you can!