Sometimes it seems like its the Wild West out there! Any look on Google for serious cyberattacks or cybercrime will uncover many instances of literally millions of people being affected by various crimes often perpetrated by unknown individuals. In the case of large businesses (like Target above) often they are not even aware that their systems have been hacked for many months after the incident! Research tends to indicate that large scale hacking and infiltration of companies goes undetected for an average of 211 days after the hack occurred! By which time the damage has been done. Be aware that this is just the beginning of what I would call "exponential crime". The "bad guys" have known for a while that technology allows them to commit crime on an unprecedented scale, with almost total anonymity. But all is not doom and gloom - there are some simple things that you can do to help protect you. It's just that too many of us are not aware of what they are or how important they are to do. So read on - there's some suggestions at the end ... A Brief History of Crime Many of us recall the TV shows and movies of our childhood - those American movies showing what it was like in the Wild West. Butch Cassidy and the Sundance Kid was one of my favourites. Then there were the Clint Eastwood movies! What has this got to do with CyberCrime? Well, stay with me while I try and tell a story. You see, back in the day if you were a criminal who made your livelihood out of robbing people you did it in a rather personal way. You had to hold up each person separately. You hid in the alley way and jumped out and said "Stick 'em up" followed by "Hand over your money" (or words to that effect). It was what the mathematicians would call a 1-1 relationship. At best, you might have been able to rob a bank in the town. But you had to do each bank, and each town, individually. For the bad guys, it was really inconvenient to have to just hold up one person at a time. If only there was a better way to be more efficient at their work. Thank heavens that technology came to the rescue of our criminal. The advent of the steam engine meant they didn't have to hold up one at a time any more. They could stop the whole train and rob everyone on board. Much more convenient. As technology evolved to make life (travel in this case) easier, the criminals had found a new way to scale their business - and all they needed to do was find out what the train schedule was! The Internet as we know it
Fast forward to 1993, and the world wide web started to become available for widespread use for the first time with the release of the Mosaic web browser. Google launched in 1998, Amazon first went online in 1995. Today Amazon accounts for around 33% of total web purchases and Google accounts for 65% of web searches. "So what?" you say. Well, just stop for a moment and consider the scale that then internet has brought us all. In 2016 Amazon was doing around 400 unique transactions per second on a global scale. That's around 34.5 million transactions per day. That's a lot of transactions and a lot of credit card details, email addresses, physical addresses being shared over the internet ... every day! Google is responsible for 5.5 billion searches per day. That's a lot of searches. With a lot of us making those searches. And to think that only half of the people on the planet currently have access to the internet - so there is a lot more still to come to the internet in the coming years (and soon if FaceBook and Google have their way). The software required to run massive systems like Google and Amazon (and your bank, your power company, your car) is massively complex. Consider that Microsoft Office is comprised of around 50 million lines of programming code. Then consider that Carnegie Mellon University research indicates that there are 20 to 30 bugs per 1000 lines of code in your typical commercial software ... do the maths ... there are over 1,000,000 potential errors that a hacker might be able to exploit. And how do you think hackers manage to do their work? One of their main modus operandi is to use known vulnerabilities in major systems - the current WannaCry ransomware attack is one of these. It exploits a known bug in some of the Windows operating systems. Now - of course companies like Google, Amazon, Microsoft (and indeed most if not all reputable companies out there on the web) will all have teams of developers constantly fixing bugs, because when there is software there will be vulnerabilities in it. And where there is vulnerability there is opportunity, and where there is opportunity lurks the criminal. Criminals are experts in this stuff. They are the early adopters of any technology. And they know that there are tens of millions, possibly hundreds of millions of devices out there connected to the internet - and they are betting that there will be plenty of devices that have not been "patched" or updated and that have these vulnerabilities - all they need is to look for them. And the web makes this so easy to do. So, consider now for a moment how much you rely/use various internet based systems. Many use social networks like FaceBook, SnapChat and Twitter. We've downloaded billions of apps from Google Play or the App Store or the web. We do banking. We connect our phones, iPads, TVs, Sky box, x-Box, Play Stations to the web. We see airlines, power companies, elevators, garage door openers, traffic lights, communications systems, accounting systems, health systems, motor vehicles, public transport systems ... in fact most systems ... communicating over some form of internet connection. And many of those systems hold a lot of information about you - that you have either purposely, or inadvertently, put online. You may have heard of the Internet of Things (IoT) - and we are already well into this. We have FitBits, Apple Watches, various "home kit" devices we control via our smartphones (lights, air conditioning, locks, fridges, TVs, security cameras etc). All of these devices online all of the time. They all need software to make them go, and they are all connected to the internet and are thus potentially accessible to anything, or anyone, on the internet. Are you comfortable that all of the systems you are connected to are totally secure? Probably not. As the internet, and the number of internet connectable devices, expands exponentially you must expect that problems increase exponentially as well. And there will be known, and unknown, problems. And the bad guys will try and exploit these. They have the prefect technology development to help them scale their business exponentially! Better than the people of the train, they can now target anyone on the web. In mathematics language this is now a wonderful 1 - many relationship! Keeping safe then is going to be pretty important. So - are we prepared and able to protect ourselves? What can I do to protect myself? There are some simple things that you can do to dramatically improve your safety and security. 1. Upgrade your software - system as well as applications 75% of all vulnerabilities are on systems that are around 2 years old and users have not updated or upgraded software. One of the key drivers for regular software updates is not for the addition of extra features, but for the patching of vulnerabilities and security updates. So keeping your system software updated always is the best thing you can do. At your place of employment (if it is like a school or larger business) there will be some form of upgrading of system software pushed automatically. Companies like Microsoft and Apple have regular updates that they deploy. So make sure that you install them as soon as you can. It may take a little time to do, but it will be a lot less time than you will spend if you don't and you fall victim to some form of cyber attack. And make sure you do this for all of the devices at home too - your phones, tablets, game machines, in fact anything connected to the internet. 2. Backup your stuff It's easy to backup your stuff. If you use an external hard drive to do this - use a system which does it automatically for you. If you use a web based backup, make sure you use a reputable one. Some devices offer online backup automatically though their systems - like Apple's iOS backing up through iCloud. Crashplan is a company that provides a range of backup options, both to local hard drive and to the web. They have a free version (which I use). But there are plenty of other options too. Just choose one that will work for you. And make sure that all of your important home devices are backed up too. 3. Don't use the same password everytime Do you use the same password for FaceBook, Google, Microsoft, your bank accounts, etc etc. Probably not a good idea. But remembering a pile of different ones is a pain too. So, use a tool that will help you here. There are a number of password tools that you can use, some are free. 1Password, LastPass and Dashlane are all reputable password managers. Some of them synchronise across all of your devices, which covers your phone, tablet, laptop etc. 4. Enable 2 factor authentication You can increase your level of security by using 2 factor authentication (2FA) if it is available. Some services and devices support this. If you are an Apple user then you can apply 2FA to your Apple ID. This article tells you how. Netsafe here in NZ have produced this article explaining 2FA a little and giving reasons why you might want to use it.
0 Comments
|
This blogThe information presented here is simply to share my thoughts and provoke thought. If it also provokes action, so much the better. Archives
December 2020
Categories
All
|