Human OS – are we the biggest risk?
Increasingly sophisticated and convincing cyber attacks have continued throughout 2014 to catch out the weakest link in the security chain – namely us humans. In 2014, despite the best efforts of all the tech giants wizardry, updates, patches and fixes, humans have remained the root cause of some of the biggest data breaches of the year.
McAfee’s recent Phishing Quiz polled 30,000+ participants in 49 countries. Alarmingly, 80% fell for at least one phishing email in the 10-question quiz. Among business users, the best score came from IT and R&D teams – but their score was just 69% correct in detecting which emails were legitimate – so even the more informed can be duped. A further new development to watch out for is the rise of “vishing” where an attacker makes a phone call, alluding to be a colleague in another department and encourages the employee to click on a link in an email without checking it thoroughly. Once the attachment is launched, pandora’s box is opened.
Three main causes identified for the rise were:
1. Our innate desire to help others
2. Lack of education about security threats.
3. Open source intelligence (OSINT) or online information gathering (the connections identified make social engineering an easy next stage for most effective attack.
There are many things management can do to reduce risk and it is not about a tick in the box from Compliance – there has to be engagement with staff. Often staff will ignore security warnings to get things done. There is an argument, put forward by the White House’s former cyber security expert Howard Schmidt that software companies should design better security controls to create a safer “ecosystem” including strong authentication, encryption and secure email to help users do what they need to do without risk.
Fundamentally, it is everyone’s responsibility to think about security and employee awareness should be constant vs being left to a management one off training session they will soon forget about. Understanding different employees interaction and understanding of technology will help make your message relevant to say different departments, workers/managers. Impact will ramp up with staff if you provide real life examples to get their eyes trained on so they can spot spam and phishing attempts. Ultimately the culture has to be one of vigilance and encouraging staff not to trust what you see, just because it is in your business inbox, is the only way to avoid paying a high price in the long term.
Managing passwords securely
In a world of biometrics, two-factor and other authentication methods most still use traditional passwords to login to servers and services. To keep as secure as possible, passwords must be unique for each account and complex enough to resist brute force attacks.
When you only need to access a handful of accounts, these passwords can all sit in the safest possible place – your head. When these accounts need to be accessed by others, or when you need to access dozens of accounts, this is less practical. To relieve this headache Password Managers can lend a secure hand, but choosing the right one to store the keys to the kingdom is vitally important to avoid a single point of failure arising.
The correct Password Manager needs to allow a user to login and access account details without compromising the data it holds. If all that stops someone accessing your list of passwords is a simple password itself, then you risk exposing everything. Passwords, accounts and any customer details held must be encrypted and the authentication method allowing access needs to come from another already trusted source – and not the application’s own database. In additional the tool should never list the passwords themselves in a big viewable list which can be easily screen captured and shared outside the application.
Important as all this is, the user experience of the tool needs to be intuitive, fast and reliable. If the Password Manager itself is not quick or a pleasant experience you may end up finding employees bypass the app and your passwords get stored in other far less secure ways, such as physical notes or documents on employees storage, and no matter how secure a password is, if it can be found by unauthorised personnel you are leaving your company systems open to all.
Googles greatest competitor
Google is in the midst of an anti-trust complaint for its monopoly on online search (for more details click here to read our coverage). Google holds a hefty 90% search market share with other search options Bing, Yahoo and others taking the rest.
Technically Microsoft’s Bing is the next biggest name in search, but Google Chairman Eric Schmidt doesn’t see things quite the same: “Many people think our main competition is Bing or Yahoo. But, really, our biggest search competitor is Amazon,” he said in a recent speech in Berlin. With Amazon having no search product of its own this is peculiar to hear. Mr Schmidt went on to point out the difficulty in comparing search like-for-like. “People don’t think of Amazon as search, but if you are looking for something to buy, you are more often than not looking for it on Amazon,” he said. “They are obviously more focused on the commerce side of the equation, but, at their roots, they are answering users’ questions and searches, just as we are.”
The timing of this of course cannot be ignored. If Google was not being observed as closely as it is, with such a huge fine looming over its head, would their stance be quite the same? Microsoft and Google have not always enjoyed each other’s company, making playful jabs at each other when appropriate. Even with Google’s search and arguably smartphone monopoly, the tech giant is still very wary. Admitting who their greatest competitor is, Schmidt says its “Someone, somewhere in a garage.. gunning for us. I know, because not long ago we were in that garage. Change comes from where you least expect it.”
Data analytics use to prevent spread of Ebola
The terrifying spread of virus outbreak Ebola in West Africa has caused thousands to die and threatens countries throughout the world. Data scientists believe that data analytics could help in tracking and directing aid faster and more effectively. Even in the poorest countries in Africa, mobile phones are widely owned and could be the source for authorities deploying medical treatment centres, as well as identifying places where perhaps movement controls need to be put into place rapidly to stop the spread of disease further. With passenger travel, the availability of digital data means that at least here, the ability to track and chase potentially infected people is easier, if somewhat retrospective.
The US Centre for Disease Control and Prevention (CDC) is working with a mapping software company Esri to collect and display mobile phone mast activity data from mobile operators to identify where calls to helplines are mostly coming from. Sharp increases from one area would suggest an outbreak, requiring urgent response. Where the alternative is anecdotal information, ground surveys or police and hospital reports, this use of technology is more dynamic and holds greater chance of having impact (as it did for UN relief operations defending cholera outbreaks after the Haiti earthquake of 2010).
Mobile phone data alone though is not enough. Big data analytics is about pulling together many different data sources from which it can see patterns. Frances Dare, MD of Accenture Health comments: “We have health clinic and physician reports, media reports, comment on social media, information from public health workers on the ground, transactional data from retailers and pharmacies, travel ticket purchases, helpline data, as well as geo-spatial tracking.” There has certainly never been so much data available. Whether it can have any impact on the rate and spread of the disease is questionable, but if it can help allocate resources more effectively, then it has to be a step in the right direction if supported by global resources and commitment, which currently are all too lacking.
Humanity’s public library
To have knowledge is a great thing. To share knowledge is greater. Technology is making a huge difference throughout the world and nowhere more so than in the developing world. Two thirds of the world’s population is estimated to be without internet access and it is the communication part, not the information part which costs the money.
In step Outernet, an innovative company seeking to put knowledge on a more level playing field by creating a core archive of the world’s most valuable knowledge for free, updated monthly and providing regular news in future. Delivery is via re-purposed broadcast satellite TV equipment to DIY receivers which can relay information to smartphones and computers.
Technology research company Ovum comment that locals are more likely to be interested in things affecting their livelihoods ie. weather, healthcare, crops etc. However, the needs and opportunities for this group have captured the attention of some of the heaviest technology players: Google announced in June 2013 it was looking to use balloons in the stratosphere to give internet access to buildings below, and Facebook announced in March 2014 it was planning to use drones and satellites similar to Outernet’s with Mark Zuckerberg creating a business consortium Internet.org to drive their project forward. In such a consumerist world, we are likely to witness more innovation through technology recycling as resources become scarce – and sometimes a simple solution can be as effective and have greater impact as its more costly first world cousin’s solution.