Hot Selling Devices Spell Great Insecurity Opportunities
“No matter how incompetent the assassins, no matter how much they miss their target, there’s always one person who always gets hit.” – Frank Farmer (Kevin Kostner), “The Bodyguard,” Warner Bros (1992)
The growing list of mobile device options is exhilarating! You can be in touch with anyone, anywhere–all the time. And anyone, anywhere can be in touch with you. It doesn’t matter if you’re at home, in the office, in class, at a party, thinking about a party, talking about a party… Doing, thinking anything you tap, post it, BAM!! you’re sharing…with the virtual world. Wait a minute, you don’t want to share it with “them?” Don’t want them to tap into your device…your home…your business? Tough! Privacy is invaded all of the time. As the woman in green said, “I’ve been watching you all night from across the room.” They’ve developed neat stuff like Zeus-Murofet, Conficker and Koobface SymbOS/Zitmo.A and Android/Geinimi, OddJob, Trojan.Tatanarg. Trojans are the most abundant type of malware on the Internet, accounting for 60 percent of the top 10 threats. Tatanarg, for example, is a masterpiece. It can hijack SSL/TLS connections (check the meaning at Wikipedia) between say the bank and proxy servers, use the bank data, insert its own and as far as you’re concerned, everything is cool, secure. After all, you see the bank’s secure https sign, so what could possibly go wrong?
Financial Opportunities – The volume of new mobile devices presents a tremendous opportunity for hucksters and cybercriminals to tap in, find just the right information and capture very good profits with very little risk. Whether it’s actual wireless phone calls or unique apps, the mobile device is giving nasty people a huge garden of devices to harvest from. Users just don’t think about security right now. Gee…think we’ll stick with paper ‘n people. They aren’t just targeting you. According to Symantec (the security folks), it’s global.
World of Hurt
They track this stuff and have found that data breaches show no sign of leveling off and are increasingly costly. And the boundary between hactivism and cybercrime is a little fuzzy.
Global Pirates – It seems like almost everywhere you turn, there is someone or some group out to make a statement and they want to do it right on your device. It was simple for Anonymous to plant viruses and Trojans in servers and devices. Security firms are always one step behind because you don’t know what evil someone will do until it has been done. Then too, there are those really foggy areas that governments like to refer to as “in the public interest” and “national/international security.”
Hundreds of Opportunities – With so many people using their personal mobile device(s) when they’re at work, they’ve created a whole new level of security challenges/headaches for IT personnel. The smartphone, tablet, USB drive, notebook are all subject to physical and data loss. Who is held responsible? Why IT…of course. Source – IDC
One of the best businesses to be in it seems is security hardware, software, service. Frank studied the numbers and commented, “I want to keep it straight in my head what job I’m doing.” According to IDC, the security industry racked up more than $65B in sales around the globe and even the best of them are constantly challenged to keep up with the bad guys. It used to be Windows PCs were the big target, but that’s so yesterday. Now it’s your new toys.
My Device, Your Data – We may be “convinced” that the business world is adopting tablet solutions in wholesale numbers. But tablets aren’t replacing notebook systems; and smartphones aren’t replacing all of the other devices. Sorry, but people are increasingly carrying five or six devices – smartphone, notebook, tablet, ereader, MP3 player-all needing protection. Source – IDC
World of Apps
Then too, there are those growing libraries of apps. Who really guarantees that they’re really good, lead you to places that are really legitimate, don’t have any hidden backdoors? In fact, McAfee (another group of folks who focus on security), recently reported a 46 percent increase in mobile device malware – 20 million new pieces of malware or nearly 55,000 new threats every day from 2009 to 2010. Folks go where the action is. Okay, so Google in its rush to keep up with Apple, let a few apps in the library with Trojans; but geez, they did proactively go out to all of the infected devices and remove the pesky things. That’s really neat. Of course, the fact that they – or the appropriate government agency – can reach out any time they want, find your device, reach inside and do stuff shouldn’t bother you in the least…does it? Right! Frank looked around and noted, “I want to keep it straight in my head what job I’m doing.” It boils down to a matter of private, public cooperation and trust. We have to get comfortable with the inevitable failure, the inevitable breach. As Frank said, “The people who hire me, they don’t have to be convinced to save their own lives.” We have to come to an understanding that the value of sharing outweighs the risk of the failure/breach. When it doesn’t, get rid of the devices, the connections.
Go for a Drive
Oh, that includes your car. Have you seen the guy call his wife shortly after she boarded a plane and asks her to unlock the car and then she starts it? OnStar system, Safety Connect, Enform, Sync, Assist, Mbrace are all great in an emergency or a pinch! They wirelessly connect to the car and provide a fantastic service. Of course, bad guys can use the same access, insert malicious software, access the car’s electronic control unit and give a whole new approach to smash ‘n grab.
More Sophisticated Carjacking – Because today’s autos are so widely connected and have major computing power, you may wonder if Rockstar might have to completely redesign GTA (Grand Theft Auto) to mirror state-of-the-art car theft. It may be real but not as much fun with advanced technology boosting, rather than smash ‘n grab. Source – Rockstar
There’s not a huge concern though because the automotive and HW/SW industries are taking the job of improving the security of your car very seriously.
Security at Work
O.K., so the bad guys are doing their darndest; but come on, we’re not riding a bike to work. Speaking of work, it turns out your boss and the IT departments are also concerned. All those neat devices people are insisting that they use in their work also make it very easy for hackers and disgruntled employees to work their magic. Frank looked around, saw the situation and said, “This house is wide open.”
More Targets – As the popularity and versatility of the Internet grew, so did the number of devices that can be attached to it. Nearly everyone has a minimum of two devices they regularly use on the wired and wireless network. Unfortunately, few ensure every device is secure. Source – IDC
Risk consultants Kroll reported for the first time that companies were experiencing more electronic data theft than physical theft. It’s pretty easy – whether it’s for a legitimate business purpose, by accident or a malicious reason — to walk out with the company’s sensitive data on a USB stick.
Attack From Within – While IT organizations build as robust walls as possible around the company’s network and data, most of the loss occurs either maliciously or accidentally by people who are bent on “acquiring” the data for their own profit or it is moved out of the organization and lost by accident or careless actions. The most valuable and most dangerous asset walks out the front door every evening. Businesses lost almost $1.7 million per billion dollars in sales worldwide, compared to the $1.4 million per billion dollars reported in 2009. Whether it’s your information or your company’s, you know there’s hundreds of ways and thousands of folks out there who can reach in and suck out your important stuff.
Personal Security
The key isn’t to be paranoid because then you wouldn’t even get out of bed. Simply use reasonable security including:
– Use strong passwords – at least 10 character minimums, maximum of 90-day changes, forced complexity
– Use secure file, folder permission
– Use privilege account log-in
– Delete unnecessary software
– Remove insecure programs like TFTP
– Use a securely configured browser on your devices
– Keep your OSes and apps patched, current
– Use up-to-date antimalware
– Use a firewall with appropriate rules set
– Use strong wireless protocols – WPA2, EAP-TLS, etc
– Use HTTPS connected cloud-based email, services, sites
– Be cautious, skeptical
Of course, we’ve all heard folks walking down the street, sitting in a restaurant, getting on a plane, whatever hollering on their cellphone to order something spilling everything including credit card info…and more.
Brain Drain – You don’t have to be Homer Simpson to have someone extract all of your critical personal and corporate information from your mind. Today’s insecure mobile devices and poorly protected cloud storage make it surprisingly easy for hackers and criminals to capture just the data they want/need to do further damage to your company and/or you. Source – Matt Groening
You can get a good bodyguard, but getting one to protect the mind/mouth? As Frank said, “I – I can’t protect you like this.”