Sunday, February 25, 2018

Cyber Insecurity


Remember the “good old days” when cyber security just meant having a hard-to-guess password that you changed every few months and an up-to-date anti-virus program running on your computer?

Those were the days, weren’t they?

But with the increasing prevalence of cyber criminals hacking their ways into computer systems to steal our personal data, or encrypting our files so we can’t access them until we pay a ransom, those old defenses are about as good as a rusty padlock on a screen door.

Keeping ourselves and our data safe now means we all need to take a more active role to ward off these attacks. It means we need to be vigilant about updating and patching all the software we use on our devices to close off newly discovered flaws criminals can exploit. It means adopting two-factor authentication, where you have to enter more than just your password, but a constantly changing code generated by another device that only you have. It also means being constantly suspicious of any request – electronic or otherwise – asking us to divulge personal info like social security numbers and passwords.

In today’s connected world, you should feel paranoid, because the world really is out to get you.

The problem with all this is that it’s very time consuming and practically a full-time job. Not many of us – IT folks included—always do it. And to make matters worse there is a new threat looming on the horizon.

And this time it has nothing to do that computer or laptop on your desk, the tablet in your lap or that smart phone in your pocket.

This time the threat can be coming from that innocuous thermostat on your wall, or your TV, or your refrigerator, or wireless security camera/doorbell or even that band-new crockpot on your counter!

All these “smart” devices, collectively called the “Internet of Things,” that we are bringing into our homes to automate them, is opening us up to a new venue for cyber criminals to attack.

Now, I know what you are thinking.

“So what if some hacker breaks into my fridge? What the worst they can do? Run me out of milk?”

If only.

That smart refrigerator probably has your credit card information stored in it, so you can re-order that milk and that’s the first thing cyber crooks are going to look for. They know that that information will probably be less protected in a refrigerator device then it would be elsewhere, making it an easy target for them to steal.

And that smart thermostat on your wall?

Imagine a hacker gaining control of that and waiting until the coldest day of year to shut off your heat until you pay them a huge random?

Think that’s unlikely? Think again. Take a look at these results I got when I did a quick search on this topic: nest wireless thermostat hackable

Even if all you have is a smart crockpot – and for the life of me, I don’t understand why anyone would want such a thing – you are still vulnerable. Because once a hacker breaks into that, they are then inside the proverbial castle walls, and now that they’ve bypassed all your external defenses, they are free to wander your electronic hallways, which are less well defended, until they can find and break into your treasure vault.

So what can we do about this new threat?

First and foremost is to always be aware of the potential threats these new devices can bring. Do your homework. Find out what kind of security that shiny new gadget has built into it. Is it strong or easily defeatable? Can it be updated? Does the manufacturer regularly release patches and software updates? How easy is it to update? Also do a Google search on that device to find out if it’s been hacked before or how easily it could be hacked.

If you don’t like any of the answers, don’t get it. And if you do decide to buy one of these devices, then the first thing you should do no matter what is change default password that comes with it.
After that, download and install the most up-to-date firmware.

Even after doing all this, don’t get complacent. You should regularly check for security updates and install them.

The final step?

Start pressuring the government and manufactures alike to make security for these devices a top priority instead of just an afterthought.

No comments:

Post a Comment