A few weeks back I gave a presentation to the Australian Seniors Computer Clubs Association as part of Staying Safe Online Week.
The presentation, Security In The Age of Connected Kettles, looked at where we are today with online security and some of the challenges facing individuals, businesses and communities as threats become more pervasive with cloud computing, personal technology and the internet of things while the people creating these risks become more professional.
Overall, it’s not a cheery scenario and I end with a call to action that we have to start insisting business, public sector and political leaders start taking online security seriously as a public safety issue.
Over ten slides we covered where we are today in personal and small business online security and some of the challenges facing individuals as computing moves onto the cloud and smartphones.
The ongoing online safety battle
Online safety is evolving as we move from PCs to tablets and smartphones, today the risks are increasingly appearing on our mobile devices although the desktop computer and email scams remain the biggest risk.
It’s increasingly about the money
A change to the security landscape in recent times has been the rise of professional malware. While a decade ago most of the hacks and viruses we saw were the work of people demonstrating their skills or causing mischief, today there is big money in compromising computers and capturing data.
The rise of ransomware
One of the best examples of the professionalisation of the internet’s bad guy is the rise of ransomware.
Ransomware locks your computer with a demand for payment to release your data; if you don’t pay you lose all your information.
Many of the online threats though are far more subtle; the theft of data from Target, compromises of Sony’s customer databases and ongoing security breaches illustrate how the risks are far greater than just on our desktop.
Smartphone lockups
Ransomware has moved off personal computers onto smartphones with both Android and Apple systems being attacked.
The ‘hacked by Oleg Pliss’ message is a good example of how Apple’s products are just as much at risk as other companies’ platforms.
Also the ‘hacked by Oleg Pliss’ lockup shows how the security aspects of cloud computing services are going to become more important to the average person.
Security basics
The basic advice for the average user remains the same;
- Strong passwords
- Don’t use common passwords
- Be careful what you click on or visit
- Keep your systems up to date
- Have good security software
However times are changing and many security issues are out of the average person’s control.
Lessons from Heartbleed
The Heartbleed Open SSL bug illustrated the limits of individuals in protecting their information. As a bug in the secure socket layer software, the Heartbleed Bug could expose sensitive data on websites using the service.
The disappointing thing with Heartbleed is that people following good security policies were vulnerable.
Probably the biggest threat with Heartbleed however is the Internet of Things, where relatively simple devices – the connected kettle – could expose security credentials.
The Target hack
Another example of how security is beyond the control of the individual user is the Target hack. Hackers found their way into the US department store’s network though an airconditioning contractor. From there, they were able to steal millions of customer payment details.
The Target hack is one of dozens of similar coporate security compromises and this will continue until security is taken seriously by company directors and regulators.
A pocket sized security breach
As the Oleg Pliss hack showed, smartphones are not immune to security breaches.
With our phones gathering increasingly more data on our behaviour, protecting the data they gather is going to become one of the biggest challenges facing us.
Rich data
Smartphones are not just gathering location data, as technologies like iBeacons roll out more information is being gathered from more sources.
When we go shopping, attend a football game or visit the doctor these technologies are collecting information on our personal habits and behaviour.
Not a generational issue
One of the myths around security and privacy is that concerns revolve around the generations.
The idea that only older people care about privacy or that younger folk understand technology is a myth.
Unfortunately however our political and business leaders come from a segment of society that doesn’t care about or understand the technology or issues.
If meaningful change is to be made in securing our information, then we’re going to have to demand our business and political leaders take these issues seriously.
Two comments upfront:
– IoT means everything communicating, but does NOT mean connecting everything to ‘the internet’: that you would do only to do a favour to the NSA . . .
– and if really you want to connect the kettle to ‘the internet’, then please note that there is not only internet security to worry about . . .
regarding the second:
yes, we do need security and privacy (!!!) gurantees for our communcations;
but please, who needs an ‘internet enabled’ kettle: unattended operation, and worse, remote control of a kettle without sufficient PHYSICAL and ELECTRICAL safety provisions is a stupidity, worse, could create a case of serious neglicence:
any idea how many people, in particular children, get burned by unattended kettles, how many houses burn down because of overheating of kettles or power connections?
A house should be seen as a system, or as combination of systems; and NOT as a collection of gadgets controlled by possible irresponsible behaving persons!
In this respect, we can learn a lot from for example car manufacturers . . .
Please, let’s get serious . . .
BR,
Cees