Monday Author: Susanne Skinner
There are only two kinds of companies: those that have been hacked and those that don’t realize they’ve been hacked. ~ FBI Director Robert Mueller
Welcome to the Internet of Everything. It’s big. Very Big. It hyper-connects us and it exposes us. Cell phones, medical devices, cars, computers, gadgets and even people make inter-connectedness the fastest growing and least regulated industry we have. When it comes to the security of the internet there are two categories—actual security and our perceived confidence in that security.
The most dangerous criminals are now organized groups of hackers that create malicious software to commit crimes. Hacking is right up there with terrorism as the next big thing. “Hacktivism” is a business, posing massive threats to companies and governments. The perpetrators are not necessarily motivated by financial gain, although illegal transfer of wealth is a major objective. Many hackers prefer to use their skills to take a retaliation joy ride or further a cause through the media. They do it because they can.
These thieves do not require entry to a server room. In most cases they are not even in the country where the servers are located. No fingerprints or footprints—cyber criminals wear the cloak of invisibility.
Security has always been an issue, but the scale is different today; an increase in devices and their complexity equals more exposure to risk. Viruses spread at warp speed with less technical expertise on both the vendor and the user sides. Vulnerabilities are hard to identify and impossible to patch.
Danger Will Robinson
The world is different today. The magnitude of the problem is reflected by technologies that have outstripped the past two decades. We have more intricate mechanisms embedded in millions of consumer products, and all of them are connected to the internet. Complacency is not an option.
In the IoT or Internet of Things (the interconnections between devices with an addressable interface that can communicate online) the very industries that produce these devices find themselves unable to keep pace with the need for repairs and patches. Security is susceptible to the twin pandemics of spam and viruses and the end users—that’s you and me—are the victims of internet insecurity.
The internet is still in its infancy from an accountability standpoint and its capacity to defend malicious intent. So who’s looking out for us? That would be the National Security Agency, which oversees the U.S. Cyber Command. They are tasked with protecting America from cyberattacks, which have an estimated global cost of $1 trillion a year.
Symantec Corp and McAfee Inc., which both sell software to protect computers from hackers, estimate the theft of intellectual property costs American companies $250 billion a year. These numbers are often disputed and difficult to confirm because companies are reluctant to admit they’ve been hacked; they under report their numbers to minimize the loss of confidence from clients and customers.
One of the biggest categories of cybercrime is one of the least discussed—insider theft by disgruntled or ex-employees. There are also industrial crimes where the attacker is a foreign country hacking a government network to gain classified information. These are patient criminals—once they get in they will wait months or years until they find what they want. Nuclear power plants and electrical grids are two of the greatest national security concerns; disabling them can cripple a city in seconds. Finally, there are the everyday hacks that steal personal and financial information.
They Know What You Did Last Summer
How do they get our information? It’s simple – we tell them. The first step is finding a victim and that’s easier than you think. We’re sitting ducks. Six methods that get us every time are:
- Spam: Selling pills, winkle creams, fake watches and Russian brides through email still works.
- Phishing: emails pretending to be from your bank or service providers designed to steal your account details or gain access to your company’s internal services.
- Social media: Links embedded in commercially generated spam that appears to come from a friend or colleague on services like Facebook and Twitter.
- Blackhat SEO: Focuses on search engines instead of humans, manipulating SEO to produce poisoned results for trending topics: they make you want to click.
- Drive-by downloads: The unintentional download of a virus using a browser, app, or operating system that is out of date and has a security flaw.
- Malware: Worms, viruses and other malware still infect systems and recruit people’s computing devices for their own purposes.
Invest in reputable anti-virus software, get regular updates and remember your Delete key exists for a reason.
Let’s Be Safe Out There
The internet is accessible to everyone. While some things may seem innocuous nothing really is. If you have information about your personal life that you don’t want stored on a hard drive in a data center somewhere, the best defense is to not put it out there.
Internet tracking is a back door to bad things. Every transaction or interaction leaves a data signature that someone somewhere is capturing and storing. Do you really need to know what Charlie’s Angels character you are, the city that most represents your personality or what 80s rock song you look like? These are the murky waters of data mining where even your gender and age put you at risk. The mechanics that govern data mining are so far below the water they are invisible to us. It’s a cyber black hole.
Because of the way data is often tagged and collected it’s technically possible to aggregate everything a user does on a site into one individualized profile. From there, it’s also possible to link those profiles to real-life user identities. It’s a hacker’s dream and it’s not that difficult because thirty percent of us still don’t use passwords.
Seven Security Precautions
Precautions to enhance security in the Internet of Things:
- Use strong, unique passwords and pins with dual authentication
- Maintain a clean computer and back up your files
- Censor yourself on social networks
- Use secure web sites with URLs that begin with “https”
- Keep financial records separate
- Beware of social engineering; a trick to give up information. Think Nigerian Prince
- No fake friends – not everyone is who they say they are
The anonymity of the internet and our increasing e-commerce way of life means no site is 100% secure. The weakest link in the chain remains the human interface. In a world of virtual communications the cloak of invisibility reminds us that security must always outweigh convenience.
Be smart, be vigilant, be careful. Trust No One.
Related Post: Do You Know Where Your Data Went?