This post is also available in: עברית (Hebrew)
Last month, some of the world’s foremost experts on cybersecurity gathered in Lille, France for the International Forum on Cybersecurity, as well as politicians, members of the private sector, and leading academics. All came to discuss the dangers we face in our ever increasingly connected world.
Here are the “worries which keep them up at night,” according to Barbara Speed, technology and digital culture writer at the New Statesman:
We, it turns out, are a security nightmare. The weakest part of any cybersecurity fence is the human it’s trying to protect. We open emails we really shouldn’t visit websites that infect our machines, update our software too rarely (if at all), and leave our devices everywhere for any attacker to just nab, infect, and hack.
“You can have a really secured object, but it all depends on the user,” said law lecturer at the University of Rennes Maryline Boizard. “If your password is ‘admin’, that object is dead.”
- Which brings us to the second point: passwords are just an awful way of keeping things secure.
We, the dreadful humans, tend to forget passwords, set them too short, too simple, write them on pieces of paper hidden under keyboards – just generally make them easy to find, guess, or crack. And if an attacker get our passwords – that’s it. We may not even know it when it happens, but we essentially lose all control over our digital accounts.
That is why Google, among others, is pushing the trend against passwords, or as Google’s Nicole Jones said, waging the “war on the password.” Instead, the company is pushing two-step authentication using your mobile number. That’s why banks push for two-factor authentication using a little device to generate a one-time passcode before you can login to your account. With two points of failure, someone stealing your password no longer means losing your account.
- The Internet of Things is really bad at security.
Far, far too many products rely on hard-coded, generic, weak passwords such as “1234,” “abcd,” or even “admin.” A hacker gaining control of your kettle might not do much harm other than ruining your morning coffee, but when it comes to a child’s doll with built-in webcams that are connected to the internet – do you really want any enterprising prankster to spy on your kid’s playtime? Unfortunately, insecure IoT devices are “very appealing for the hackers,” said Fabrice Cole of 6Cure, especially when made with “low cost components.”
- Apps. They’re plain insecure, and we’re at fault again. Even if users have the latest, strongest protection on their home computers, they generally seem to care little if the apps they use are secure. And that’s worrying. All, yes – 100 percent, of paid apps on Android and 56 percent on the Apple store were cracked in 2013, according to a rep from mobile security firm Pradeo. Half of financial institutions’ apps on Android were vulnerable, and a quarter for Apple.
- Cybercrime has become professional
If in the past, mostly hobbyists, geeks, and bored teens bothered to try and break into secure systems for kicks, now there’s a whole cottage industry of professional hackers who obtain sensitive information to sell to the highest bidder. Companies, on their part, are reluctant but willing to pay ransoms to hackers to let them be.
According to a Europol representative, “we’re now seeing a lot more extortion as part of the business model.” Christophe Jolly of Cisco France said that we’ve seen an “industrialization of hacking” over the past decade.
- Technology is just moving too fast
Most worryingly it seems that security practices simply can’t keep up with advances in technology. Perhaps we need to accept that our devices aren’t secure, and probably never will be. John Suffolk of Huawei recalled that he frequently asks cybersecurity experts how to keep a device really, truly secure. The answer never varies: “don’t turn it on.”
As turning our devices off and keeping them that way is simply not an option for the vast majority, it’s best to keep some principles in mind: update the software, learn to recognise scams and malware, and choose a strong password if you have to use one.