Security in the age of connected

kettles

• Online safety is evolving as we move from PCs to tablets and smartphones• today the risks are increasingly appearing on our

mobile devices although the desktop computer and email scams remain the biggest risk.

The ongoing online safety battle

• A change to the security landscape in recent times has been the rise of professional malware. • While a decade ago most of the hacks and viruses

we saw were the work of people demonstrating their skills or causing mischief, today there is big money in compromising computers and capturing data.

It’s increasingly about the money

The rise of ransomware

• One of the best examples of the professionalisation of the internet’s bad guy is the rise of ransomware. • Ransomware locks your computer with a demand

for payment to release your data; if you don’t pay you lose all your information.• Many of the online threats though are far more

subtle; the theft of data from Target, compromises of Sony’s customer databases and ongoing security breaches illustrate how the risks are far greater than just on our desktop.

Smartphone lockups

• Ransomware has moved off personal computers onto smartphones with both Android and Apple systems being attacked.• The ‘hacked by Oleg Pliss’ message is a good

example of how Apple’s products are just as much at risk as other companies’ platforms.• Also the ‘hacked by Oleg Pliss’ lockup shows how

the security aspects of cloud computing services are going to become more important to the average person.

Security basics

• The basic advice for the average user remains the same;• Strong passwords• Don’t use common passwords• Be careful what you click on or visit• Keep your systems up to date• Have good security software

• However times are changing and many security issues are out of the average person’s control

Lessons from Heartbleed

• The Heartbleed Open SSL bug illustrated the limits of individuals in protecting their data• As a bug in the secure socket layer software, the

Heartbleed Bug could expose sensitive data.• The disappointing thing with Heartbleed is that

people following good security policies were vulnerable.• Probably the biggest threat with Heartbleed however

is the Internet of Things, where relatively simple devices – the connected kettle – could exposing security credentials

The Target hack

• Another example of how security is beyond the control of the individual user is the Target hack• Hackers found their way into the US department

store’s network though an airconditioning contractor. From there, they were able to steal millions of customer payment details• The Target hack is one of dozens of similar coporate

security compromises and this will continue until security is taken seriously by company directors and regulators.

A pocket sized security breach• As the Oleg Pliss hack showed, smartphones are

not immune to security breaches• With our phones gathering increasingly more data

on our behaviour, protecting the data they gather is going to become one of the biggest challenges facing us.

Rich data

• Smartphones are not just gathering location data, as technologies like iBeacons roll out more information is being gathered from more sources. • When we go shopping, attend a football game or

visit the doctor these technologies are collecting information on our personal habits and behaviour

Not a generational issue

• One of the myths around security and privacy is that concerns revolve around the generations.• The idea that only older people care about privacy or

that younger folk understand technology is a myth.• Unfortunately however our political and business

leaders come from a segment of society that doesn’t care about or understand the technology or issues• If meaningful change is to be made in securing our

information, then we’re going to have to demand our business and political leaders take these issues seriously.

Paul Wallbank

http://paulwallbank.com

paul@paulwallbank.com

Twitter: @paulwallbank

Decoding the new economy