security in the age of connected kettles
TRANSCRIPT
• Online safety is evolving as we move from PCs to tablets and smartphones• today the risks are increasingly appearing on our
mobile devices although the desktop computer and email scams remain the biggest risk.
The ongoing online safety battle
• A change to the security landscape in recent times has been the rise of professional malware. • While a decade ago most of the hacks and viruses
we saw were the work of people demonstrating their skills or causing mischief, today there is big money in compromising computers and capturing data.
It’s increasingly about the money
The rise of ransomware
• One of the best examples of the professionalisation of the internet’s bad guy is the rise of ransomware. • Ransomware locks your computer with a demand
for payment to release your data; if you don’t pay you lose all your information.• Many of the online threats though are far more
subtle; the theft of data from Target, compromises of Sony’s customer databases and ongoing security breaches illustrate how the risks are far greater than just on our desktop.
Smartphone lockups
• Ransomware has moved off personal computers onto smartphones with both Android and Apple systems being attacked.• The ‘hacked by Oleg Pliss’ message is a good
example of how Apple’s products are just as much at risk as other companies’ platforms.• Also the ‘hacked by Oleg Pliss’ lockup shows how
the security aspects of cloud computing services are going to become more important to the average person.
Security basics
• The basic advice for the average user remains the same;• Strong passwords• Don’t use common passwords• Be careful what you click on or visit• Keep your systems up to date• Have good security software
• However times are changing and many security issues are out of the average person’s control
Lessons from Heartbleed
• The Heartbleed Open SSL bug illustrated the limits of individuals in protecting their data• As a bug in the secure socket layer software, the
Heartbleed Bug could expose sensitive data.• The disappointing thing with Heartbleed is that
people following good security policies were vulnerable.• Probably the biggest threat with Heartbleed however
is the Internet of Things, where relatively simple devices – the connected kettle – could exposing security credentials
The Target hack
• Another example of how security is beyond the control of the individual user is the Target hack• Hackers found their way into the US department
store’s network though an airconditioning contractor. From there, they were able to steal millions of customer payment details• The Target hack is one of dozens of similar coporate
security compromises and this will continue until security is taken seriously by company directors and regulators.
A pocket sized security breach• As the Oleg Pliss hack showed, smartphones are
not immune to security breaches• With our phones gathering increasingly more data
on our behaviour, protecting the data they gather is going to become one of the biggest challenges facing us.
Rich data
• Smartphones are not just gathering location data, as technologies like iBeacons roll out more information is being gathered from more sources. • When we go shopping, attend a football game or
visit the doctor these technologies are collecting information on our personal habits and behaviour
Not a generational issue
• One of the myths around security and privacy is that concerns revolve around the generations.• The idea that only older people care about privacy or
that younger folk understand technology is a myth.• Unfortunately however our political and business
leaders come from a segment of society that doesn’t care about or understand the technology or issues• If meaningful change is to be made in securing our
information, then we’re going to have to demand our business and political leaders take these issues seriously.
Paul Wallbank
http://paulwallbank.com
Twitter: @paulwallbank
Decoding the new economy