"No matter how incompetent the assassins, no matter how much they miss their target, there’s always one person who always gets hit." - Frank Farmer (Kevin Costner), "The Bodyguard," Warner Bros (1992)
The growing list of mobile device options is exhilarating. You can be in touch with anyone, anywhere all the time. And anyone, anywhere can be in touch with you. It doesn?t matter if you?re at home, in the office, in class, at a party, thinking about a party, talking about a party…
Doing, thinking anything you tap, post it and voila – you?re sharing with the virtual world. Wait a minute, what if you don’t want to share it with "them?" Don?t want them to tap into your device?your home?your business? Tough!
Privacy is invaded all of the time. As the woman in green said, "I’ve been watching you all night from across the room." They?ve developed neat stuff like Zeus-Murofet, Conficker and Koobface SymbOS/Zitmo.A and Android/Geinimi, OddJob, Trojan.Tatanarg. Trojans are the most abundant type of malware on the Internet, accounting for 60 percent of the top 10 threats. Tatanarg, for example, is a masterpiece.
It can hijack SSL/TLS connections between say the bank and proxy servers, use the bank data, insert its own and as far as you?re concerned, everything is cool, secure. After all, you see the bank?s secure https sign, so what could possibly go wrong?
The volume of new mobile devices presents a tremendous opportunity for hucksters and cybercriminals to tap in, find just the right information and capture very good profits with very little risk. Whether it?s actual wireless phone calls or unique apps, the mobile device is giving nasty people a huge garden of devices to harvest from. Users just don?t think about security right now.
They aren?t just targeting you. According to the security folks at Symantec, it?s global. They track this stuff and have found that data breaches show no sign of leveling off and are increasingly costly. And the boundary between hactivism and cybercrime is a little fuzzy.
Hacktivism, Cybercrime, Global Pirates Collide
It seems like almost everywhere you turn, there is someone or some group out to make a statement and they want to do it right on your device. It was simple for Anonymous to plant viruses and Trojans in servers and devices of the companies that challenged them. Security firms are always one step behind because you don’t know what evil someone will do until it has been done.
Then too, there are those really foggy areas that governments like to refer to as "in the public interest" and "national/international security."
Increasing number of less secure devices such as Media Tablets and Smartphones is worrying for the safety of networks
With so many people using their personal mobile device(s) when they?re at work, they?ve created a whole new level of security challenges/headaches for IT personnel. The smartphone, tablet, USB drive, notebook are all subject to physical and data loss. Who is held responsible? Why IT… of course.
One of the best businesses to be in it seems is security hardware, software, service. Frank studied the numbers and commented, "I want to keep it straight in my head what job I’m doing." According to IDC, the security industry racked up more than $65B in sales around the globe and even the best of them are constantly challenged to keep up with the bad guys. It used to be Windows PCs were the big target, but that?s so yesterday. Now it?s your new toys – who all have less computing capability to protect themselves when compared to contemporary multi-core desktops and laptops.
My Device, Your Data ? we may be "convinced" that the business world is adopting tablet solutions in wholesale numbers. But tablets aren?t replacing notebook systems; and smartphones aren?t replacing all of the other devices. Sorry, but people are increasingly carrying five or six devices ? smartphone, notebook, tablet, ereader, MP3 player?all needing protection.
World of Apps
Then too, there are those growing libraries of apps. Who really guarantees that they?re really good, lead you to places that are really legitimate, don?t have any hidden backdoors? In fact, McAfee recently reported a 46 percent increase in mobile device malware – 20 million new pieces of malware or nearly 55,000 new threats every day from 2009 to 2010.
Folks go where the action is. Google is rushing to keep up and overtake Apple, let a few apps in the library with Trojans; but geez, they did proactively go out to all of the infected devices and remove the pesky things. That?s really neat.
Of course, the fact that they ? or the appropriate government agency ? can reach out any time they want, find your device, reach inside and do stuff shouldn?t bother you in the least?does it? Right!
Frank looked around and noted, "I want to keep it straight in my head what job I’m doing."
It boils down to a matter of private, public cooperation and trust. We have to get comfortable with the inevitable failure, the inevitable breach. As Frank said, "The people who hire me, they don’t have to be convinced to save their own lives."
We have to come to an understanding that the value of shar
ing outweighs the risk of the failure/breach. When it doesn?t, get rid of the devices, the connections.
Go for a Drive
Oh, that includes your car. Have you seen the guy call his wife shortly after she boarded a plane and asks her to unlock the car and then she starts it? OnStar system, Safety Connect, Enform, Sync, Assist, Mbrace are all great in an emergency or a pinch! They wirelessly connect to the car and provide a fantastic service.
Of course, bad guys can use the same access, insert malicious software, access the car?s electronic control unit and give a whole new approach to smash ?n grab.
More Sophisticated Carjacking ? Because today?s autos are so widely connected and have major computing power, you may wonder if Rockstar might have to completely redesign GTA (Grand Theft Auto) to mirror state-of-the-art car theft. It may be real but not as much fun with advanced technology boosting, rather than smash ?n grab. Source – Rockstar
There?s not a huge concern though because the automotive and HW/SW industries are taking the job of improving the security of your car very seriously.
Security at Work
O.K., so the bad guys are doing their darndest; but come on, we?re not riding a bike to work.
Speaking of work, it turns out your boss and the IT departments are also concerned.
All those neat devices people are insisting that they use in their work also make it very easy for hackers and disgruntled employees to work their magic.
Frank looked around, saw the situation and said, "This house is wide open."
Number of challenges IT sectors are battling against in terms of cyber security. Source: IDC
As the popularity and versatility of the Internet grew, so did the number of devices that can be attached to it. Nearly everyone has a minimum of two devices they regularly use on the wired and wireless network. Unfortunately, few ensure every device is secure. Risk consultants Kroll reported for the first time that companies were experiencing more electronic data theft than physical theft. It?s pretty easy ? whether it?s for a legitimate business purpose, by accident or a malicious reason – to walk out with the company’s sensitive data on a USB stick.
While IT organizations build as robust walls as possible around the company?s network and data, most of the loss occurs either maliciously or accidentally by people who are bent on "acquiring" the data for their own profit or it is moved out of the organization and lost by accident or careless actions. The most valuable and most dangerous asset walks out the front door every evening. Businesses lost almost $1.7 million per billion dollars in sales worldwide, compared to the $1.4 million per billion dollars reported in 2009.Whether it?s your information or your company?s, you know there?s hundreds of ways and thousands of folks out there who can reach in and suck out your important stuff.
The key isn?t to be paranoid because then you wouldn?t even get out of bed. Simply use reasonable security including:
- Use strong passwords – at least 10 character minimums, maximum of 90-day changes, forced complexity
- Use secure file, folder permission
- Use privilege account log-in
- Delete unnecessary software
- Remove insecure programs like TFTP
- Use a securely configured browser on your devices
- Keep your OSes and apps patched, current
- Use up-to-date antimalware
- Use a firewall with appropriate rules set
- Use strong wireless protocols ? WPA2, EAP-TLS, etc
- Use HTTPS connected cloud-based email, services, sites
- Be cautious, skeptical
Of course, we?ve all heard folks walking down the street, sitting in a restaurant, getting on a plane, whatever hollering on their cellphone to order something spilling everything including credit card info?and more.
"You don?t have to be Homer Simpson to have someone extract all of your critical personal and corporate information from your mind. Today?s insecure mobile devices and poorly protected cloud storage make it surprisingly easy for hackers and criminals to capture just the data they want/need to do further damage to your company and/or you."
You can get a good bodyguard, but getting one to protect your mind and mouth? As Frank said, "I – I can’t protect you like this."