As long as computers have been connected to the internet, there’s been the threat from hackers. But we develop security measures to block these threats. And then new ones pop up. And then we stamp those out too. New threats, new countermeasures. It’s an ongoing cycle and one that will probably run as long as the internet does.
We’ve got pretty good at blocking most virus threats, most of us are adept at recognising spam emails, and we’re reasonably aware of what kind of websites we should and shouldn’t be visiting.
And yet cybersecurity is still a massive issue, particularly for businesses. The UK Department for Business, Innovation and Skills’ 2015 Information Security Breaches Survey found that 90% of large businesses and 75% of small businesses were the target of a cyber attack in 2014, which was a rise from the previous years of 81% and 60% respectively.
So whilst we clearly don’t have a true handle on current cyber threats, we need to keep one eye on the future and try and spot where new threats are going to come from so we can guard against them.
So just where could these cyber attacks come from?
Social Media
Whilst social media is very much the present, it’s also likely to be the future as well. It’s not uncommon to come across phishing, baiting or pretexting on social sites, but we’re getting pretty good at spotting those a mile off. But things change. We have Twitter, Facebook, LinkedIn, etc, now, but who’s to say what’s around the corner?
New social sites are bound to spring up and with that comes the unknown. People looking to exploit that uncertainty are bound to try and take advantage, so remain vigilant even if you feel confident using new software and sites.
Apps
Although apps are now considered part of our day-to-day life, they’re still only really in their infancy, and it’s only now that businesses are starting to realise they need apps in order to better service their customers.
In 2015, app usage grew by 58%, and although this is significantly lower than the previous two years (76% in 2014 and 103% in 2013), it still represents a large increase. So do we have to be wary of cyber security when it comes to apps?
Yes and no. I spoke with Phil Andrews, Lead Android Developer at app specialists Apposing, for his thoughts on the issue: “Cyber attacks in the app world are nowhere near as widespread as they used to be, primarily because the checks and guidelines apps have to pass are now so stringent. Being open source, anyone could develop an Android app with all sorts of nasty code, but thankfully this has been clamped down on.
“Apple are so, so hot on what they let onto the App Store that it can take a good couple of weeks for an app to be given the green light. The Google Play Store works a little differently in that you can submit an app and it be live within 24 hours. However, they will quickly block the app if it doesn’t adhere to their guidelines.
“Having these central stores to download apps has meant that it’s very difficult, almost impossible, for anyone to submit an app containing malware or any other malicious code.”
But what about away from these stores? Phil concedes that there are dangers of downloading apps but responsibility must ultimately lie with the user: “It’s not an issue with iOS as all apps must be bought from the App Store, but apps for Android can be uploaded anywhere for someone to download. Google and Amazon have their tight checks, but they can’t police the whole internet.
“If you download an app from an unauthorized site then you can’t really complain if your phone is suddenly affected with malware. Just stick to the main stores and you’ll be fine.”
App Collusion
A new potential threat concerning apps is app collusion. This is where two or more apps work together to extract information from the device. One app that has valuable information but limited permissions communicates with another app that has more permissions. This app with permissions may tell the other to pass over the valuable information before sending it out to an unauthorized party.
Security firm Intel Security recently released a report entitled McAfee Labs Threat Report: June 2016 in which they confirmed they had found evidence of app collusion. They discovered 5,056 versions of 21 apps capable of collusion, although these were mainly older versions of apps.
Phil admits that app collusion is worrying but not something that is particularly widespread. He said: “It definitely isn’t an issue that is talked about a great deal in the mobile world today, but it’s a clever solution to getting around the current safeguards in place, so I’d expect to see it becoming a much bigger problem in the future.
“If a couple of apps individually appear harmless, but work together to act maliciously, and they both make it through the review process, it becomes a much bigger problem. In general, apps are kind of ‘sandboxed’ when they are running, which basically means that they are contained and should really only be able to see themselves – they shouldn’t really be able to communicate or interact with other apps on the phone.
“But if the malware somehow works around this, then for the general user, there isn’t really going to be any sign at all that something harmful is occurring so they probably won’t even know. Your only help then is if someone creates something to detect that it is happening and catches it in the act, i.e. some form of mobile antivirus, which is still in its infancy really.”
Wearables
Although social media and apps are things we use every day, wearables are still very much in their infancy. Even the so-called big-hitters like the Apple Watch and Fitbit are relatively new and are yet to establish the ubiquity of other devices. And some experts believe that this could be where cyber attacks pop up next.
Speaking in this article, Tony Anscombe, Senior Security Evangelist at AVG, thinks we need to be wary of wearables. He said: Like any other device, wearables run on software and software can be vulnerable to attack. In essence, every extra connected device that enters the workplace is an extra route in for hackers.
“Assuming IT security is already in place and being monitored, the most important action for businesses to take is educating all their staff about the security risks personal devices pose to the workplace. Everyone in the organisation must know what the potential risks are and understand the reality that the watch on their wrist could compromise company data if not properly secured.”
Tony is primarily talking about company data, but the same applies for personal data too. And with wearables tracking biometric data – heart rates, blood pressure, etc – and with the technology likely to evolve further, who knows what information someone might be able to steal off you?
Again, vigilance is key, as well as a thorough understanding of the threats when you adopt a new piece of technology.
Ransomware
Ransomware has been around for a few years now, gaining prominence around 2012. As the name suggests, it works by locking down a device until a user pays a ransom of some kind.
With the Internet of Things growing every day, ransomware becomes an ever growing threat to even the most basic of tasks. It was recently reported by Trend Micro that Frantic Locker (lock-screen ransomware, also known as FLocker), is now capable of working on Smart TVs, locking the screen until you pay a fee.
So many of our devices are now connected to the internet – heating, alarm systems, even fridges and kettles – that it’s more important than ever to stay on our guard when it comes to what information we send out over the web.
If this becomes a larger issue, it might not be long before we have to install anti-virus software across just about everything we use.