We used to know how to prepare for the risk of crimes. Stick up CCTV cameras, install alarms and invest in good locks and you’d be protecting your assets – at least as well as you could be. But now, cyber crime poses a digital danger that is more difficult to keep on top of. The bank robbers of today don’t even necessarily need to set foot in the building to make off with eye-watering sums of money.
It’s not always as easy or obvious as the old lock, alarm and camera but protection needs to be found. So how to fight back against the hackers? The important thing is to be aware of the risks and act as quickly as possible.
It’s now more than a year since Microsoft officially withdrew its support for Windows XP. It may well be several releases off the pace for Microsoft but it’s an operating system that is still fairly widely used – with 20 to 30% of organizations needing to make the transition from XP.
It’s a vital switch to make since XP is now vulnerable when it comes to security. Microsoft’s withdrawal for XP means there’s no automatic technical support and, crucially, no updates and patches. This leaves the field open for hackers who will be able to operate without new fixes for viruses and malware being launched – and this sort of thing can be extremely costly from both a monetary and reputational perspective.
Malware can pose a big risk for a business. Attackers don’t need particularly special technical know-how to target POS machines, for example. It’s not too tough for these people to repurpose Windows malware to suit their needs without having to worry about new fixes for viruses and malware being launched.
It can be a lucrative business for the hacker, too. Security breaches at Home Depot saw it report initial losses of $43 million in 2014 and high-end hotel chain Mandarin Oriental suffered from hackers harvesting the credit card data from the POS systems at some of its 45 hotels.
In the US, discount chain Target lost the details of an estimated 110 million customers after malware was deployed on its POS system.
The simplest way to stop being quite so open to hackers is to migrate to the latest operating system, with robust new technology backed up by regular patches and fixes.
That’s something many businesses fear as they anticipate a lengthy process involving lots of downtime and, especially in the case of POS, that’s downtime for machines on the front line that firms can ill-afford to be out of action. But there is a way to fight back against the security risk without costing too much time and money. The whole migration process can largely be done remotely and firms like 1E offer software that ‘wakes up’ machines at night to perform the updates at a more convenient time.
Getting onto the latest operating system and keeping on top of updates and patches will give you the best possible defense to repel an attack.
The Internet of Things
The Internet of Things is set to become increasingly important as even household items such as kettles and fridges embrace smart technology and the race continues to driverless technology. As devices and items connect with each other without direct need for human involvement, hackers spot an opportunity to step in and exploit it.
Jamison Nesbitt, founder of Cyber Senate, fears this will be the biggest cyber security risk for 2015. He told CNBC: "The IoT will be integrated into every market you can think of – from healthcare to the energy industry and transport network but it hasn't been designed with security in mind. There are millions of hackers out there who could compromise these interconnected systems. We have sacrificed security for efficiency."
It’s easy to be fearful of this – if the security of the Internet of Things is compromised then the harm that could be done to us goes beyond the digital and stretches into physical danger – especially with the motoring example.
Still, one positive here is that the security measures we build to protect against these problems can be developed arm-in-arm with the technology as it grows in the coming years.
William Bain, CEO of ScaleOut Software, explained to TechTarget that for businesses this will mean the need for good security strategies which will need to involve encrypting communications on things such as critical infrastructure, using secure network protocols and incorporating strong firewalls. All of that needs to be backed up by a designated team that keep on top of the challenges this poses and applies the same rigor as in other fields.
Mobile Security (needs pic)
We all do more and more on our mobile phones these days beyond simply making calls and sending messages and, increasingly, that means carrying out work tasks too. Technology has developed to be portable – and now wearable – helping fuel work ‘on the go’ and at home. It’s also feeding into the ‘bring your own device’ trend – with top-of-the-range smartphones and tablets increasingly used by employees in the workplace as companies accommodate the technology-of-choice of their staff.
As we perform more and more tasks on our mobile phone the need for greater cyber security increases. It’s an area that IT professionals are increasingly concerned about and for good reason. Because many people view their mobile phones differently to their computer they don’t necessarily apply the same focus on security that they would to their PC.
There are plenty of people who say anti-virus is not necessary on a phone. While that is a matter of debate it’s not the same as saying that security is not necessary. Most anti-virus available for phones comes with other functions that are especially vital – such as back-up features and remote wiping.
The latter is particularly important, as Jan Gahura, director of non-Windows products at Avast, explained to digitaltrends.com: “To have a smartphone in your pocket without a remote wipe possibility is a dangerous thing. It’s even more dangerous than losing keys to your house. Of course someone can steal your private data using a fraudulent application, but that’s certainly the harder way.”
Derek Halliday, of Lookout, agreed, adding: “Mobile phones have become our wallet, contact list, communications, and more. You wouldn’t leave your bank account open to everyone, so why take the same chances with your phone when it contains so much information?”
Experts also suggest connecting to open insecure wi-fi is a danger – as is downloading apps from anywhere other than a reputable source such as Google Play or the App Store. It’s clear that the fight against hackers means treating security as seriously on a phone or tablet as you would a PC or laptop and that begins by the smart use of security apps – with remote wiping a must – and avoiding taking security risks.
Everything we do online requires a password and it’s easy to be drawn into making them all the same. The problem with this is that what we gain through convenience we lose in security. In this scenario, if just one hacker can learn – or even buy – that one word then all manner of things could be at risk, not least all of your hard-earned money. There really is no alternative to creating good strong passwords and regularly changing them.
Consider using a password manager to help with this. These can help to remember a whole host of different passwords for different situations as well as protecting you from the sort of software that can remember your keystrokes to help uncover your passwords.
This also prevents the need to write your passwords down. You wouldn’t leave your keys lying around for anyone to swipe and this is the cyber equivalent.
Consider two-step authentication, too; it might seem a hassle but if someone needs both a password coupled with a separate device to gain access to your account this will make life doubly difficult, the equivalent of installing a double lock on your system.
As with many of these examples it’s all about applying the theory behind the practical steps we take to stay safe in the physical world and translating these into things we can do in the digital world.
So much of what we do digitally is now stored on a cloud. This is something that avoids the need for big and expensive equipment and makes flexible working much easier. But it brings its own cyber security risks too – placing our valuable data in one place that criminals find tantalizingly tempting to target.
It’s important to follow the sort of password procedure that we’ve already explored when accessing the cloud and encryption is vital here, too. Don’t allow your sensitive files to float around in cyberspace waiting to be discovered – get them under lock and key. An opportunist burglar will walk along a street and wait until they encounter a house with unlocked doors and windows to make their life easier and the cyber criminal has the same mindset. Why waste time and effort overcoming your complex system if someone else has left themselves wide open to attack?
Get your house in order and you’ll stand a much better chance of becoming a target. When it comes to cloud – and all other IT systems – it’s also important to regularly audit the devices that connect to this. Keep a close eye out for any potential weak links and pounce on them before they cost you dearly.
The world’s biggest risks online for businesses essentially come down to two categories – the hacker who wants to gain access to your important data and the person who wants to disrupt your operations through a ‘distributed denial of service’ (DDOS) attack. These, essentially, boil down to your IP address being swamped by fake traffic to the extent that it cannot be accessed. These are notoriously difficult to fight back against and any common methods of defense have largely been overtaken by ‘bigger and badder’ DDOS threats.
The only thing you can really do is try to spot an attack early – they often begin looking like big spikes in traffic – buy yourself extra time by having spare bandwidth capacity and call your ISP at the earliest opportunity to get help.
Don’t be afraid of calling for help. Whether it’s on or off line we all encounter problems that are beyond our capabilities – in these instances we fight back with help and by highlighting an issue at the earliest possible opportunity.
The clearest lesson to learn about cyber security is that this is an ever-evolving battle to keep out attackers. In truth we always needed to get new locks, alarms and cameras as thieves worked out ways of getting around these and, in the same way, we need to be on top of the very latest anti-virus products, software patches and malware-avoiding methods. By being quick on your feet, rigorous and having strong back-up systems in place it’s possible to fight back and operate as safely as possible.
About the Author: Alex Jones is a freelance culture and technology writer who is passionate about gadgets and the world around him. His work can be seen on publications such as the Huffington Post and The Daily Record.