2016 was a busy year for cyber-security professionals. It goes without saying that 2017 is likely to be far worse as more and more cyber-security threats emerge and the number of internet enabled devices continues to grow. I briefly took a count of how many internet enabled devices I have in my home and it was near 25… which even included a coffee machine, heating and a desk lamp.
Throughout 2016 the rise of Ransomware, digital extortion schemes, targeted attacks, LinkedIn’s historic 2012 breach, Yahoo!’s breach, political attacks and many more made the headlines our news feeds, newspapers and even our TV screens at one point or another.
But that hasn’t changed how we use our devices right? That’s not “our fault”. Just a quick password change, write it down on a piece of paper and pop it in the back of your wallet/purse until you can remember it. Job done.
Wrong…
A lot. It’s our attitude to the way we download apps, install them, and just assume they are as good as they say they are.
We got angry when we heard Facebook was going to make all our posts public (which was a hoax – although great for privacy setting awareness and I hope it happens again), but none of us probably checked which apps were allowed access to our data, which we had already allowed. So when we changed a few posts and maybe added a phone number to our account for an extra layer of security, they can see our change and update their records too.
That even means, when we create ourselves a lovely new email address to stop receiving spam, those apps had access to it. So we will likely see those nasty emails again. Meaning it was probably our fault all along for not checking those settings, or approving “Super emoji app’s” request for our “basic personal data” which was then sold on the “Big Data” market.
So this brings me on to my first top threat:
Everybody can be their own worst enemy when it comes to cyber-security.
Posting personal data online, using the same password for every website, simple answers to secret questions (first dog… mother’s maiden name… etc), pin numbers including date of birth or ‘1234’ and that’s just to name a few.
It’s the way we are using our tech, and the way we wish to live our modern-day lives, that’s putting us at risk.
Yes, it should be our right to post what we like, where we like (within T&C / Law restrictions of course), but sadly in a world with “internet gangsters” we must be more considerate.
Which also brings me on to my second largest threat:
Targeted attacks are going to be a huge problem in 2017, as generally targeted attacks tend to pay off in a bigger way. If you manage to crack an individual’s security on “one platform”, you’ll probably have access to many more and our social media behaviour is making it as easy as ever for hackers.
But why not hack a huge website? Well this data could be more useful than just a list of email addresses and therefore more profitable. Also, we also might not notice and continue to provide them a source of income.
This doesn’t mean that every cyber-security breach is our fault… there are a whole list of other cyber security threats that could, and will, cause problems in 2017. I would expect it won’t be long before we are reading again about: ransomware, worms, identity theft, the Internet Of Things (internet enabled devices such as smart devices), and even our mobile phones being a source of a cyber-enabled crime or breach.
It’s our habits that should be changed, but that can only come from education and hard-work. My recommendation would be that everybody took a moment to even consider looking through some recent (or old) posts on social media. If you think they might give a hacker an insight into your password, questions or just an edge on how to hack into your account, then review who can view it, or better yet delete it.
You could even look to seek further education into Cyber Security threats.. I’ve heard of a lovely company called Midshore Consulting that are offering “Managing Cyber Security” training via their brand new online platform… perfect. (www.midshoreonlinetraining.com)
When it comes to websites we regularly (or rarely) use we are putting our data, and faith, into their hands. So, it’s worth thinking about sites we didn’t really need to register on, and perhaps even removing our data if necessary to stay safe. Hopefully the upcoming GDPR (General Data Protection Regulation) will help strengthen their cyber security loopholes.
But for my final words, it’s action rather than re-action which should be at the forefront of our minds when it comes to cyber security and keeping our much-loved data, safe.