web analytics

Bill Bennett

Menu

Tag: security

Technology has never been riskier. There are holes everywhere and ratbags only too keen to exploit them. Keeping informed about threats and issues is the key to staying safe online.

UK spy chief: “For better cybersecurity, the west has to go it alone”

“Cybersecurity is an increasingly strategic issue that needs a whole-nation approach. The rules are changing in ways not always controlled by government.

“Without action it is increasingly clear that the key technologies on which we will rely for our future prosperity and security won’t be shaped and controlled by the west.

“We are now facing a moment of reckoning.”

– Jeremy Fleming’s speech notes as reported in the Guardian.

Fleming heads GCHQ;  the UK spy agency. It provides the UK government with signals intelligence.

China in the cybersecurity frame

He doesn’t mention China by name in these speech notes. Yet it is clear that’s what he means when he talks about the west not shaping key technologies.

There is no other plausible candidate.

Elsewhere, the Register reports Fleming actual speech. He says:

“China’s  size and technological weight means that it has the potential  to  control the global operating system”.

Fleming’s main cybersecurity concern is China, but he has strong words to say about Russia. It has sophisticated world-class state-sponsored hacking. Russia was behind the attacks on the SolarWinds software used by US government departments.

Emerging technologies

He says China is working on emerging technologies, but it has a competing vision of the future. It’s a vision that doesn’t respect liberal western thinking.

His answer is for the west to develop its own technologies. He also wants allies to work more closely to build better cyber defence networks.

Up to a point this is an extension of the earlier campaign against Huawei. That resulted in western governments banning the company from building strategic 5G cellular networks.

At the same time it reflects increased tension between China and the west.

There’s a deepening rivalry between China and America. Western nations are being asked to pick sides. This now extends beyond commerce, both sides have increased their military activity.

Russia is opportunistic and threatens Eastern European nations. That presents the rest of Europe with a security problem.

Behind these rivalries nations are fighting a tech war online. Many of the threats facing computer users come from state controlled teams.

Mood swing

There’s a mood swing against globalisation and world wide technology supply chains.

Many tech companies have become dependent on China. That presents western countries with a diplomatic problem.

It make it harder for them to criticise Chinese aggression or human rights abuses. There’s always a threat China could turn the manufacturing tap off.

The UK is preparing legislation that will allow the government to block foreign take-overs. That’s another step away from the liberal economic model that has dominated the last 30-odd years.

None of this will pass New Zealand by. We’re in a difficult spot. We are caught between our traditional alliances and our trade relationship with China.

It’s going to be a bumpy ride.

You can hear me discuss this story on RNZ Nine-to-Noon with Kathryn Ryan

A look at Facebook’s vulnerability

“They’re not good in any industry they have to compete in or have to be innovative in. They can buy and they can copy, like they just did the other day, again, with another thing. What did they borrow from? From Clubhouse or whatever. They just can’t do anything innovative.”

Facebook may look invincible. Yet as Kara Swisher and Scott Galloway discuss, it could face a rough future. See: Why Facebook Is the Most Vulnerable of the Tech Giants.

It’s hard to like Facebook. At its worst, the company’s business model depends on manipulating emotions. At times it does this in dangerous ways. The more it seeds fear, loathing and misinformation, the richer it gets.

When it’s not undermining democracy, Facebook makes money by spying on its users. It then sells the fruits of its espionage to the highest bidder.

Facebook has no respect for its users.

Over half a billion customers have details leaked

Last week we heard the personal details of over 530 million users are circulating online. Facebook treated the issue as a public relations problem, not a security breach.

To put that leak into perspective, 530 million people is around seven percent of the world’s population.

Facebook says it has no plans to notify users of the data leak. At no point was there anything resembling an apology or an admission of guilt. So far it has focused on deflecting blame.

Old news

The leak may be old news, Facebook says it is. It says it fixed the problem. Yet it underlines the lax attitude and incompetence. A company packed with high-paid engineers should be able to protect user information.

There’s evidence that Facebook has known about the problem for a long time.

To date the tech giant has skirted past crisis after crisis. Everyone knows you can’t trust Facebook. 

Each act of incompetence or cynicism looks like it could be the last straw for certain users. Each time the business recovers and moves on. It is not going any time soon.

The latest news is also unlikely to sink the company. Although if you listen to what it says, you might think otherwise.

Facebook has made a lot of noise about Apple’s privacy plans for iOS 14.5. Anyone with an iOS app must warn users about the data they collect.

Squeals

Judging by Facebook’s squeals, you’d think transparency will destroy the world’s economy. As the Wall Street Journal puts it: Apple and Facebook Clash Over Ads, Mom-and-Pop Shops Fear They’ll Be the Victims.

Facebook launched an ad campaign insisting that those who will be most hurt by Apple’s changes are small and medium-size businesses, which represent the majority of the social network’s more than 10 million advertisers.

If their business depends on lying to Facebook users, that’s not a real problem. 

Swisher and Galloway end their discussion acknowledging that for a potentially vulnerable business, it remains popular with investors. That’s true.

Facebook isn’t going to fall overnight. There’s enough wealth in the business for it to switch its focus and remain huge. Microsoft did this when it flipped from PC software to cloud computing.

 

 

Bosses overestimate workers’ online security know how

Humans are online security’s weakest link. That’s not news. Yet New Zealand bosses will plug every other hole before they attend to the problem.

One problem is that managers have an unrealistic view of worker’s security smarts.

Aura, an Auckland-based security company is on to the problem.

From a recent Aura press release:

Businesses can have the best protection available, but if a staff member unknowingly lets a cybercriminal into the system then it won’t matter.

Independent research commissioned by Aura Information Security reveals staff are not as secure as their IT managers may think.

While 62 percent of New Zealand businesses say they carry out security training exercises with their staff, 37 percent of Kiwis say they have received training on good cyber security practices .

Good password practice

This disconnect is further emphasised by password practice. Many IT managers encourage staff to use password managers. This guards against the most common password mistakes aren’t made.

Yet, few staff take this advice. Aura says a third of employees admit to reusing the same passwords for work and personal devices and accounts.

For me, this gets to the nub of the problem. Companies are happy spending money on things. They buy security software, firewalls and even tools like password managers.

This sets up a false sense of security. It would be unfair to say they buy security products and sit back feeling safe. But there is an element of this.

In too many cases companies don’t train their staff how to use the shiny new security tools. Nor do they check on how things are working in practice. If they do any training it can be out of context. You have to explain why password hygiene is important. People need to understand the risks are and what the consequences could be.

Software updates

Another problem with people not updating their software to the latest versions. Updates include fixes to security recent holes. A lot of the time you can configure software for automatic update, your employees need to know this. They may need to handle the updates themselves.

All this is harder now many people work from home. They may even use their own hardware and software.

Which is why it’s important to educate people on online security basics.

Take phishing – that’s tricking people into sharing private information. It remains the most common attempted online crime.

Phishing relies on people not being trained to recognise security threats. There will be workers who don’t know this, let alone how to respond.

Tools can help online security, but the best defence is to help people develop safe habits. If you’re spending money on online security, think of budgeting at least half of the total on education.

N4L report shows schools face online threat rise

While there’s plenty to digest in Network for Learning’s first data and insights report, the security challenge facing schools stands out.

The report coincided with turbulent times for schools, teachers and students. Part of the period covered was when students were sent home and asked to continue studying online as the nation locked down to respond to the Covid pandemic.

Attacks peaked a week after students returned to their classrooms after the nationwide pandemic lockdown. At one point New Zealand’s schools were on the wrong end of more than 2,000 online threats a minute.

distributed denial of service attacks on the N4L network

You can see how distributed denial of service attacks peaked at this time.

The report covers online safety between April and July 2020. That’s term 2 in New Zealand. It includes 22 days of remote learning when students were away from N4L’s managed network.

During this time N4L blocked more than 120 million individual threats. This represents a 13.7 percent increase on term 1.

Phishing

Phishing remained the most common threat. N4L blocked more than 150 attempts per school per day during term 2. The number of attempts was 44 percent lower than in term 1.

This suggests criminals attacking school computers had moved on to fresh pastures.

Meanwhile, the number of virus and malware incidents climbed during term 2. As did unauthorised attempts to access school networks.

Schools were not alone. All forms of online crime surged as the pandemic sent students and workers home. There were more threats and the severity of threats increased. Many were designed to prey on people’s anxieties triggered by Covid. The criminals also saw opportunity with people using less secure home networks.

Low-hanging fruit

Online criminals tend to focus on low-hanging fruit. There are enough targets with little or inadequate security to keep many of them busy. N4L’s report doesn’t say this, but you can deduce that the crooks find easier pickings when students log on from home than when they use the internet at school.

Not all threats for school students working online are from criminals chasing money.

While N4L works to keep students safe from harm, pornography represented just 1.4 percent of blocked websites. It also works to keep students focused on learning. Two-thirds of blocked sites were file-sharing, social networking, games, online storage and free software downloads.

New Zealand school internet use continues to rise. The N4L network consumed 174 terabytes each day in term 2. The average consumption is around a gigabyte per student.

N4L CEO Larrie Moore says: “This year we are building our security operations capabilities, providing greater cyber security support to schools and continuing a four-year Ministry of Education programme to upgrade the wireless networks inside schools.”

Online criminals seize pandemic opportunity

More New Zealanders than ever were on the wrong end of phishing, fraud, ransomware and malware incidents in the three months to September.

Cert, Computer Emergency Response Team, says 2610 incidents were reported in the quarter. That’s up 33 percent on the previous quarter and close to double the level of the same time a year earlier.

The cost of crime is rising even faster than the number of incidents. Cert says people reported crimes worth $6.4 million in the quarter. Again that’s almost double the same period a year earlier.

Cert is the government agency set up to help and advise businesses, other government agencies and individuals who face online crime.

Reported crime is only part of the story

It points out the numbers reflect reported crimes, the actual level of incidents and losses incurred will be higher. It could be much higher. People aren’t willing to admit they’ve been duped. Nor are they happy being identified as victims.

While phishing and credential harvesting were the most reported incidents, distributed denial of service attacks on high profile organisations like the NZX made headlines during the quarter.

The quarter saw the emergence of Emotet, malicious software spread by email. If users click on links in the message, the software will install and steal sensitive data including passwords.

Security software

You can use security software to help guard against malware. Not everyone needs it and there is a downside to relying on technology to protect you from crime.

If you are confident and tech savvy, save the money you’d spend on malware and invest it in making better backups so you can recover faster if hit. Buy at least one local external drive and find a cloud service you can work with.

Less confident users might prefer security software. It should stop malware from infecting your computers. Keep in mind that it won’t protect you from most other online attacks. Anti-malware software can lead to a false sense of security. Fraud and phishing tend to work by convincing you to click on links or hand over information. It’s hard for software to fix that.