Is it time to take a 'safety first' approach to cyber-security?
How safe are we from cyber-attacks when corporates like, Sony, Apple, Facebook and Linkedin are hacked easily?
To say it in one word: “Not”.
No one is safe from hackers, even if you have the best security solution in place. However, having a security solution can help keep the damage under control, allowing one to get help, security software experts said.
“One hundred per cent security is a myth. Malware writers exploit the vulnerabilities in the operating systems and applications,” said Aji Joseph, general manager at ESET Middle East.
Fraser Howard, principal researcher at SophosLabs, also said that no anti-virus provider can say they provide 100 per cent protection.
An anti-virus software is only the first, but necessary, line of defence. Apple’s Mac systems were hacked couple of days back, with hackers exploiting the vulnerability in the Java plug-in for browsers.
“How many of the consumers know that Oracle’s Java has to be updated manually and it does not update automatically like other software?” asked David Emm, senior regional researcher at Kaspersky Lab.
He said more than 200,000 new malware samples are detected daily, with the number continuing to grow.
The average personal computer (PC) has eight vulnerabilities in its software.
This is a primary “weak spot” for targeted attacks and the internet still remains the primary source of malware.
Emm said “18.2 million malware samples are discovered by us every quarter and, at the same time, 1.69 billion malware attacks are blocked every quarter.”
Most of this malware circulates for a very short time, perhaps only a day, but Emm cautioned that it was not possible to stay protected “without good anti-virus software”.
Even though cyber attacks have been growing year-on-year, high-profile targeted attacks on enterprises have been on the increase over the last three years.
The motives of the attacks vary, with around 90 per cent being random attacks while the remaining 10 per cent were targeted attacks.
With they way things have been going, it appears that the intensity of targeted attacks will not let up in the years to come.
According to the recent Norton Cybercrime 2012 report, more than 1.5 million people in the UAE have fallen prey to cybercrime, suffering $422 million (Dh1.5 billion) in direct financial losses.
Every second, 18 adults become a victim of cybercrime, resulting in more than one-and-a-half million cybercrime victims each day on a global level.
According to the report, 31 per cent adults have been victims of social or mobile cybercrimes in the UAE, compared to global average of 21 per cent.
The report puts the direct costs associated with global consumer cybercrime at $110 billion in 2012.
Emm believes the attacks will not be the same as last year and will be more complicated.
“Cyber criminals have realised that the attack tools and technologies are less important than choosing the correct victim. A smarter process in choosing the target will become apparent. We can expect that less mass attacks will occur and that more sophisticated, well thought-out attack routines will become mainstream. These attacks will focus on targets of high return rather than random victims,” Nick Black, technical manager at Trend Micro, said.
Any of the targeted attacks can be “scary” if you are the victim — regardless of whether you are an individual or corporate entity. The concept of being targeted, with the intention of your data being stolen, is in itself a scary concept.
Individual consumers are at risk of having their credit card details compromised or their account used fraudulently.
However, for corporates, the loss can be that of a customer data base for a bank, the leakage of a business plan to a competitor for a private sector enterprise or the compromise of the latest geological surveys for an organisation in the oil and gas industry — all of which are potentially damaging to their financial positions, not to mention the loss of credibility, loss of revenues and possible legal suits raised against them.
The situation gets more complicated with increased usage of mobile devices — such as smartphones and tablets — and the frisk they pose in the workplace.
“Consumers and enterprises should remain vigilant. The intent of attacks remains the same — data compromise. Criminals now have more vehicles to deliver these attacks, that is, mobile devices, unprotected WLAN’s, social media sites, web mail and others,” Black said.
The vulnerability of the smartphone is also a âweak spot’ that draws hackers.
A typical scenario is for a hacker to create an app. Embedded in this app is a snippet of code that takes control of a handset function such as texting. Once the app launches, it starts sending text messages to addresses. The phone can also be made to dial offshore pay-per-call numbers. The smartphone owner will be aware only when he gets a huge phone bill. As with the aforementioned apps, a spy can also watch and listen to your every move, even when your phone seems “asleep.”
Cases of malicious smartphone apps posing on markets as free or low-cost applications are also on the rise.
“We are only at the beginning of the wave. We’ve definitely got to start worrying about security on mobile devices,” said James Lyne, director of technology strategies at SophosLabs.