5 min read

Hot selling devices spell great insecurity opportunities

The volume of new mobile devices presents a tremendous opportunity for hucksters and cybercriminals to tap in

The growing list of mobile device options is exhilarating!

You can be in touch with anyone, anywhere–all the time. And anyone, anywhere can be in touch with you.It doesn’t matter if you’re at home, in the office, in class, at a party, thinking about a party, talking about a party…

Doing, thinking anything you tap, post it, BAM!! you’re sharing…with the virtual world.

Wait a minute, you don’t want to share it with “them?”

Don’t want them to tap into your device…your home…your business?

Tough!

Privacy is invaded all of the time. As the woman in green said, “I’ve been watching you all night from across the room.”

They’ve developed neat stuff like Zeus-Murofet, Conficker and Koobface SymbOS/Zitmo.A and Android/Geinimi, OddJob, Trojan.Tatanarg.

Trojans are the most abundant type of malware on the Internet, accounting for 60 per cent of the top 10 threats.

Tatanarg, for example, is a masterpiece.

It can hijack SSL/TLS connections (check the meaning at Wikipedia) between say the bank and proxy servers, use the bank data, insert its own and as far as you’re concerned, everything is cool, secure.

After all, you see the bank’s secure https sign, so what could possibly go wrong?

Financial Opportunities – The volume of new mobile devices presents a tremendous opportunity for hucksters and cybercriminals to tap in, find just the right information and capture very good profits with very little risk.

Whether it’s actual wireless phone calls or unique apps, the mobile device is giving nasty people a huge garden of devices to harvest from. Users just don’t think about security right now.

Gee…think we’ll stick with paper ‘n people.

They aren’t just targeting you. According to Symantec (the security folks), it’s global.

World of Hurt!

They track this stuff and have found that data breaches show no sign of leveling off and are increasingly costly.

And the boundary between hactivism and cybercrime is a little fuzzy.

Global Pirates – It seems like almost everywhere you turn, there is someone or some group out to make a statement and they want to do it right on your device. It was simple for Anonymous to plant viruses and Trojans in servers and devices. Security firms are always one step behind because you don’t know what evil someone will do until it has been done.

Then too, there are those really foggy areas that governments like to refer to as “in the public interest” and “national/international security.”

Hundreds of Opportunities – With so many people using their personal mobile device(s) when they’re at work, they’ve created a whole new level of security challenges/headaches for IT personnel. The smartphone, tablet, USB drive, notebook are all subject to physical and data loss. Who is held responsible? Why IT…of course. One of the best businesses to be in it seems is security hardware, software, service.

According to IDC, the security industry racked up more than $65B in sales around the globe and even the best of them are constantly challenged to keep up with the bad guys.

It used to be Windows PCs were the big target, but that’s so yesterday. Now it’s your new toys.

My Device, Your Data – We may be “convinced” that the business world is adopting tablet solutions in wholesale numbers. But tablets aren’t replacing notebook systems; and smartphones aren’t replacing all of the other devices. Sorry, but people are increasingly carrying five or six devices – smartphone, notebook, tablet, ereader, MP3 player–all needing protection.

World of Apps

Then too, there are those growing libraries of apps.

Who really guarantees that they’re really good, lead you to places that are really legitimate, don’t have any hidden backdoors?

In fact, McAfee (another group of folks who focus on security), recently reported a 46 percent increase in mobile device malware – 20 million new pieces of malware or nearly 55,000 new threats every day from 2009 to 2010.

Folks go where the action is.Okay, so Google in its rush to keep up with Apple, let a few apps in the library with Trojans; but geez, they did proactively go out to all of the infected devices and remove the pesky things.

That’s really neat.

Of course, the fact that they – or the appropriate government agency – can reach out any time they want, find your device, reach inside and do stuff shouldn’t bother you in the least…does it?

We have to come to an understanding that the value of sharing outweighs the risk of the failure/breach. When it doesn’t, get rid of the devices, the connections.

Go for a Drive.

Oh, that includes your car.Have you seen the guy call his wife shortly after she boarded a plane and asks her to unlock the car and then she starts it?

OnStar system, Safety Connect, Enform, Sync, Assist, Mbrace are all great in an emergency or a pinch! They wirelessly connect to the car and provide a fantastic service.Of course, bad guys can use the same access, insert malicious software, access the car’s electronic control unit and give a whole new approach to smash ‘n grab.

Because today’s autos are so widely connected and have major computing power, you may wonder if Rockstar might have to completely redesign GTA (Grand Theft Auto) to mirror state-of-the-art car theft. It may be real but not as much fun with advanced technology boosting, rather than smash ‘n grab.

There’s not a huge concern though because the automotive and hardware and software industries are taking the job of improving the security of your car very seriously.

O.K., so the bad guys are doing their darndest; but come on, we’re not riding a bike to work.

Speaking of work, it turns out your boss and the IT departments are also concerned.

All those neat devices people are insisting that they use in their work also make it very easy for hackers and disgruntled employees to work their magic.

More Targets – As IDC notes the popularity and versatility of the Internet grew, so did the number of devices that can be attached to it. Nearly everyone has a minimum of two devices they regularly use on the wired and wireless network. Unfortunately, few ensure every device is secure.

Risk consultants Kroll reported for the first time that companies were experiencing more electronic data theft than physical theft. It’s pretty easy – whether it’s for a legitimate business purpose, by accident or a malicious reason — to walk out with the company’s sensitive data on a USB stick.

Attack From Within – While IT organizations build as robust walls as possible around the company’s network and data, most of the loss occurs either maliciously or accidentally by people who are bent on “acquiring” the data for their own profit or it is moved out of the organization and lost by accident or careless actions. The most valuable and most dangerous asset walks out the front door every evening.

Businesses lost almost $1.7 million per billion dollars in sales worldwide, compared to the $1.4 million per billion dollars reported in 2009.

Whether it’s your information or your company’s, you know there’s hundreds of ways and thousands of folks out there who can reach in and suck out your important stuff.

Personal Security

The key isn’t to be paranoid because then you wouldn’t even get out of bed. Simply use reasonable security including:

– Use strong passwords – at least 10 character minimums, maximum of 90-day changes, forced complexity.

– Use secure file, folder permission.

– Use privilege account log-in.

– Delete unnecessary software.

– Remove insecure programs like TFTP.

– Use a securely configured browser on your devices.

– Keep your OSes and apps patched, current.

– Use up-to-date antimalware.

– Use a firewall with appropriate rules set.

– Use strong wireless protocols.

– WPA2, EAP-TLS, etc.

– Use HTTPS connected cloud-based email, services, sites.

– Be cautious, skeptical.

Of course, we’ve all heard folks walking down the street, sitting in a restaurant, getting on a plane, whatever hollering on their cellphone to order something spilling everything including credit card info…and more.

You can get a good bodyguard, but getting one to protect the mind/mouth?