PCR caught up with BullGuard’s security expert, Steve Bell to find out what the security implications of IoT are, how retailers can make money from auto-renewals, and why all organisations should take security as seriously as the financial sector.
What have been the biggest security threats to businesses over the past year?
By far it’s the theft of bankcard and banking details. Whether it is raids on banks or retailers’ servers, the trade in stolen credit card and banking details (PayPal accounts remain a popular target) is thriving on the dark web. There’s been no let-up in this type of activity. While we haven’t seen the large-scale attacks that took place on US retailers 18 months or so ago, it’s still on-going. And of course this poses tremendous reputational damage for the businesses that are hacked.
Data leaks are another on-going threat, whether this is the result of wilfully malicious action by an individual or simple ignorance. The Sony hack, in which sensitive data was exposed, is a recent example of the damage that can be done. This also segues into BYOD strategies, as data is particularly vulnerable when employees are using mobile devices to share data, access company information, or neglect to change mobile passwords.
One further point is to make security a boardroom issue. In banks and financial services it’s a top priority, but in other organisations the idea of a sweeping security policy is relegated to those lower down the chain. This needs to change.
And what about consumers threats?
Social media based threats and identity theft are two stand out areas. Hackers are continually developing new techniques to exploit social networks to send users to dubious web sites and malware infected links. Identity theft is also on the rise and it links into social media platforms. From the criminals’ perspective, it’s a relatively risk-free endeavour that can bring lucrative rewards. And all of this ties into the theft of card details and banking information.
How can we expect cyber threats to evolve over the next year or so?
We’re going to see more mobile malware aimed at Android-based devices. This is a given. As the world increasingly moves towards mobile computing so do hackers driven by the opportunities. Research has already uncovered huge rises in instances of Android specific malware – we’re talking a predicted two million instances by the end of 2015. Of course, this has implications for both consumers and businesses.
As is always the case, hackers are becoming more sophisticated as people become more educated about standard attacking techniques such as phishing, Trojans and even ransomware – though that doesn’t mean these attacks won’t stop being successful.
The business world is fairly well planted in the world of virtualisation and we have now seen attacks aimed at virtual infrastructures. There have been attacks on corporate systems involving hackers deleting virtual drives and replicating the files on their own servers before engaging in a spot of blackmail.
For businesses, third-parties can use the same default password to remotely connect to all of their clients. If a hacker guesses that password they’re potentially given access to a large proportion of a network. Many relatively recent high profile attacks were due to contractor’s login credentials being stolen. Given that many businesses are heavily reliant on third-party providers, it’s an area that needs focussing on because it can so easily be exploited.
How has selling security changed over the years?
At the consumer level it’s an easier sell. Very few people today would go onto the internet without some form of security. At the business and especially SME level, security needs simplifying. Vendors who can offer simple comprehensive security in one package from mobile protection to network safeguards and malware detection will hit the jackpot in the SME market.
How can retailers make money from auto-renew subscriptions?
Through repeat business, with little investment required. The right security software that provides rigorous and easy-to-manage protection at the right price will have people clicking the renew button. However, to really benefit from this, retailers need to have a revenue share deal on renewal business with the vendor, such as the one that BullGuard has with its partners.
How are new products and trends affecting security?
The Internet of Things – or should that be the Insecurity of Things – will open eyes to the need for security. At the moment IoT tells us one stark thing: security is an afterthought in the rush to get products to market.
Look no further than the spate of high-profile car hacks, which appear blindingly easy for those with a little technical aptitude – and we’re talking about millions of cars being affected. Of course, there are exceptions, but the general sense is that as the advent of IoT, smart homes and wearables gathers pace, security will be an afterthought.
Even then it will only be taken seriously following a high profile breach – such as a smart home being burgled via a remotely controlled fridge or heating system. We hope the industry will prove us wrong.
Throughout November, PCR is running a dedicated Sector Spotlight on Security – Click the logo below for more articles.