Content Insider #263 - Insecure Security
Security is Only as Secure as the User
By Miles Weston
Source - "Angels & Demons," Columbia Pictures
"1668, the church kidnapped four Illuminati scientists and branded each one of them on the chest with the symbol of the cross to 'purge' them of their sins and they executed them, threw their bodies in the street as a warning to others to stop questioning church ruling on scientific matters. They radicalized them." - Robert Langdon, "Angels & Demons," Columbia Pictures (2009)
At the end of last year, the World Conference on International Telecommunications met behind closed doors in Dubai to discuss the future of the Internet. The secretive meeting of 290 plus countries produced scare headlines that countries were out to hijack the Net and Web.
There were a ton of proposals some say could endanger privacy and the unfettered, free flow of information as well as making it easier to track and trace users.
A few weeks later, coverage faded like last week's news.
It's pretty tough to manage, control, dictate something that exists nowhere and everywhere ... a network of networks.
Countries can still block and filter access, but there's always a way around the situation. There's always a group of really smart and devious folks who just love a challenge.
That's probably why Sherman Hand recently wrote:
- More than 1 million computers are successfully exploited every single day -- one every 14 seconds
- 39 percent of the world's computers are infected by some type of malware of
- 90 percent of the world's companies suffered network breaches last year
- One out of every seven adults has his or her online financial information, identity, or passwords compromised every year -- 280 million breached records in the last eight years
- 82 percent of malicious websites are hosted on hacked legitimate websites
Source - ABI Research
Yes, Probably, Maybe - Most firms are certain they have lost valuable information/data; and if it's financial records, few readily admit the loss. The bar chart indicates how many incidents the firms have had over the past 12 months.
- A single hacking event can easily cause more than $100 million in damages
- Hackivist groups such as Anonymous routinely break into the world's largest companies and global investigation authorities
- Hacks routinely result in millions of leaked passwords
- Back in 2003, a worm - SQL Slammer - infected almost every possible unpatched computer it targeted in 10 minutes
Source - SmartBrief
Mobile Freeware - With nearly one million iOS, Android and Windows apps available, and with most of them free, they are like honey to a bear for most users ... just too hard to resist. While app store owners are working to protect you, it is still "let the freeloader beware."
- Malware is popping up on every mobile platform.
- Spam is still above 65 percent 10 years after passing the CAN-SPAM Act.
- One out of every 14 Internet downloads is malicious.
- The annual cost of cyber crime is estimated at $114 billion.
- Successful prosecution for Internet cyber criminals is less than 0.01 percent.
- Hacking by nations is so pervasive that Google automatically alerts users of potential state-driven threats.
- Complex malware proves again and again it can bypass any computer security defense.
No wonder the online/on device security business is so huge.
Source - Infonetics Research
Big Biz & Growing - Computer security has historically been a fairly steady business; but with mobile computing, tablets and smartphones being used everywhere - including the office - it has become increasingly important. The challenge is that security is always one or two steps behind the bad folks.
So how do you protect company and personal content?
You encrypt it. You know, AES (Advanced Encryption Standard) that resisted decryption by even the most powerful supercomputers available.
So how did folks get around it?
Countries built more powerful supercomputers.
Hacktivists and cybercrooks take a more economic route ... they tie hundreds of thousands of hijacked PCs and tell 'em to work together and drill away.
They simply tell the systems what Robert Langdon said, "I need access to the Vatican Archives," and let them go to work.
All of that sounds both good and hopeless.
Good because countries and companies are working hard at it to protect themselves and their "special data."
Bad because that means the keyboard interface - user - goes along fat, dumb and happy figuring "Hey, it's their job, their responsibility to cover my behind."
We've all heard how even really smart folks have been hooked in to really dumb situations when they're on their computers and increasingly, on their tablets and smartphones.
Source - Xcentric
One Born Every Minute - It's surprising some of the dumb offers people send out to entice users. While organizations install and maintain extensive (and expensive) security solutions, it is just real hard to keep the keyboard interface from being dumb, dumber.
Something for Nothing
Human vulnerabilities--ignorance, inattention, greed, gullibility-are a whole lot easier to exploit than really beefed-up systems. And they're probably a lot more fun for the hactivist and cybercriminal.
There are actually two types of people these bad guys/gals like to find in the organization - the overly brilliant rogue and the clueless computerist.
The ubergeek ignores or subverts security controls inconveniencing the work of others at the very least and at his/her worst, leaving back/side doors open to the system.
The naive, amateur is just as bad because he/she can get a message that he/she has overused storage or exceeded email quota and needs to go "here" to let managers correct the situation. Or they get an official looking email from their bank, government agency and need to clarify a situation "here."
And if you think it's only or mainly a computer issue, you're ... wrong!
Bad guys/gals follow the money and we all know the real action is with mobile devices today ... we (especially our kids) use them for just everything ... including purchases.
Source - New York Times
Born Online - Gen Cers (generated connected) don't realize there was a time when people weren't constantly online, constantly available, constantly sharing. When they first go online with a computer, tablet or smartphone, parents should help, guide, advise, observe their activities and help them learn to be cautious.
In fact, a security specialist noted that it took mobile malware writers only two years to achieve - and surpass - everything that had been developed and refined for the PC in 10 years.
Camerlengo Patrick McKenna looked the situation over and said, "We are under attack from an old enemy."
iPhone users like to take comfort (unwarranted) that all the bad folks are focusing on Android phones with their mobile malware writing but that ain't exactly true.
Always On - We were more than a little surprised to see how much time the average mobile Internet user actually spends on his/her online activities. Unfortunately, texting wasn't included in the study because we know the kids would have burned up hours instead of minutes; but then, texting is data minutes, not wireless activities.
With the average smartphone, users can expect to encounter malware attacks 10 percent of the time; and with smartphone web browsing becoming the preferred access tool - especially for millenials and GenCers - experts estimate that they'll encounter malicious links as much as 40 percent of the time.
That's probably why mobile device security is a big business and getting bigger by the minute.
Growing Up - While mobile security sales are only just beginning, many organizations are going to place more faith in hardware security solutions, especially when the devices are used as mobile wallets and within corporations. The best security though is sound hardware and software plus cautious users.
Experts agree that mobile hacking is still in its infancy; but with hundreds of thousands of iOS and Android (O.K. Windows too) apps out there, it's not too soon to begin offering protection.
Or, as Camerlengo Patrick McKenna said, "Open the doors, and tell the world the truth."
That's especially true if mobile shopping and wallets are ever going to amount to a hill of beans.
Mobile shopping, mobile wallets and mobile banking all look real appetizing to bad folks; and after the past successful mobile shopping holiday, they're salivating.
Security experts agree that smartphone users are more likely than computer folks to click on dangerous links or download over-aggressive apps, especially with so many free or nearly free apps to choose from.
Ten years ago hactivists and cybercriminals were just a minor nuisance. Today, they're bringing down companies and countries. Smartphones, tablets and, in fact, the whole BYOD (bring your own device) movement have created tremendous areas of concern.
Road Hazards - Perhaps it would be easier for hardware, software and security managers if there were only a few challenges that they faced daily. The problems are there are opportunities for disaster everywhere and they are all relatively new and unproven territories.
Add to that cloud computing/storage, cheap flash drives and emboldened hactivist groups have made the online world one everyone really needs to understand and act cautiously - question everything - when they venture out.
According to Symantec, cybercrime is a $388B worldwide business - bigger, more profitable and less dangerous than drugs.
Source - "Angels & Demons," Columbia Pictures
Vittoria Vetra explained why the Net/Web still stands, "The antimatter is suspended in an airtight nano-composite shell with electromagnets on each end. But if it were to fall out of suspension, and come into contact with matter, say with the bottom of the canister, the two opposing forces would annihilate one another. Violently."