As technology evolves, the opportunities for cybercriminals to attack individuals and organisations are constantly growing. At the same time, the amount of time and effort most individuals spend worrying about the potential for attacks is rapidly shrinking.
In some ways, home consumers these days will find much of their online security is now automated. Windows 10 comes with all security features turned on and set up when they get their devices. At the same time, Apple and Android are generally known to be relatively malware resistant, however true that idea may or may not in fact be.
At work, people are increasingly accustomed operating inside safe, well-thought-out protective IT networks that at least give the impression of not allowing users to make any serious mistakes. Of course, those of us with a little more knowledge know there are plenty of online risks both in the workplace, and at home.
New risks for a new era
Modern antivirus and firewalls make many common digital security issues a thing of the past. At the same time, the spread of technology to more and more parts of our lives serves to make us a bigger target for cybercriminals than ever before.
Identity fraud and data breaches
Identity fraud of every type is easier to commit in vast numbers with the power of computers. At the same time, more people have one or more online accounts, complete with a range of up-to-date personal data. These two facts serve to make data breaches an increasingly common form of cyberattack in the 21st century.
The potential fallout from a big data breach is vast, with an average loss per breach of $3.9 million USD, or $150 USD per lost record. This has led many governments around the world to bring in specific data protection legislation that makes organisations responsible for losing control of the data they hold on individuals. This legislation is often accompanied by hefty fines based on overall turnover, rather than on net profit.
People who have access to these databases are at particular risk of cyberattacks, since criminals can use their work credentials to steal data quickly and easily. Spear phishing is one of the more obvious methods used by criminals to target those with access to large databases of personal information as part of their work.
When handling sensitive documents or information, it is extremely important to only use software or applications that guarantee the highest level of security. For starters, multi-level encryption and multi-factor authentication should be standard requirements. For directors and executive boards, it is imperative that their board portal providers put security at the forefront of their product development given the nature of the files stored on such platforms.
Internet of (insecure)Things or IoT
The Internet of Things or IoT is another area where an increase in technological development has been accompanied by a big increase in digital risk. Common issues with IoT devices include poor security like standardised passwords, and mistakes with online accounts that let outsiders access IP cameras (even inside the home or businesses).
A large portion of IoT devices use insecure protocols to communicate, failing to use encryption and even using predictable power usage signatures so a bad actor could deduce which stock passwords to use based on device manufacturer and type just by monitoring fluctuations in the power supply.
Computer vision and other video
There are also personal privacy issues on the horizon to do with cameras of all sorts. Computer vision is now capable of identifying people using biometrics with an image of a face, or even via gait analysis. The power of Edge computing can now put enough AI processing power out there in each camera to make this type of analysis practical in multiple real-world situations.
While being able to instantly identify a potential miscreant by facial imaging is something many police officers would find useful out on the beat, it’s also an issue that’s caused a lot of concern for those worried about their civil liberties.
Even without AI video recognition, security needs to be tighter than ever where a video stream is going to be transmitted. Tales abound of strangers getting access to families’ home security videos, even streams from inside the house. There are a multitude of free sites online that show streams from insecure IP (internet protocol) cameras, usually from cameras in small businesses.
Smartphones, tablets, and smart watches all have the capacity to allow attackers access to your most sensitive data. The presence of cameras and microphones on these devices makes them into portable bugs, of potential use to both legitimate security services and criminals or stalkers trying to spy on your personal life.
Despite their best efforts, the Google Play Store and Apple’s iTunes app store both accidentally allow malware applications through their stringent security scans on a regular basis. In fact, the sheer number of new apps makes it impossible for these companies to keep their app ecosystems totally clear of security issues 100% of the time. This means it’s up to users to use their common sense and take the time to check reviews and reports.
New ways to protect and secure
It’s not all doom and gloom – advances in technology have also led to better ways to secure and protect our technology and our lives. The most obvious example is the rapid spread of biometrics. We can now use our smartphone’s biometric capability to log in and out of a range of online and real-world services. Additionally, biometric passports combine with biometric gateways to create fast-track immigration service gateways in airports.
Simple email-and-password login is no longer considered secure enough for most online services, including banking. The solution is multi-factor authentication (MFA or 2-FA). Using a combination of traditional sign-in methods, emailed links, biometric smartphone tokens, USB dongles, voice recognition, and more.
As we go further into the 21st century, we’ll find there are more ways to keep ourselves secure, but also more threats we need to worry about. The important thing is that we keep ourselves up-to-date with the digital risk landscape both at home and at work to make sure we can stay abreast of changes as they arise.