October 01, 2013
Cyber Security
Mary Siero, CISSP, CISM, CRISC
Like everything, cyber threats evolve and become more sophisticated over time. Since the widespread adoption of the Internet in the ‘90s, the types of threats posed to data networks have changed significantly
Early on, malware was more of a nuisance than a threat, both in the amount of malware that was released into the Internet and the technical capability of the malware itself. In terms of numbers, today’s figures from security researchers indicate that there are approximately 1.6 million new variants of malware released into the Internet each day compared to hundreds of variants released daily in the ‘90s.
Every second there are close to 18 new malware variants released that have the potential to attack consumers and businesses. Each variant represents a change from a type of malware that has already been identified. This change may mean that traditional detection mechanisms such as antivirus software will not be able to identify it as malware, and therefore will not provide adequate defense against it. Most people accept that antivirus software is at best 30 percent effective. Note that this doesn’t mean you don’t need antivirus software, only that you need more than just antivirus software.
A second major change to the threat landscape is particularly challenging to the hospitality industry. This change results from the widespread usage of social networks coupled with an increasing level of sophistication of social engineering attacks and an increase in mobile technologies. Due to the dependency of the hospitality industry on social networks and mobile technologies, these trends result in a perfect storm for the industry.
In recent years, social networking has grown at such a rate that it now has as many users as the population of some small countries. This fact alone puts a bull’s-eye on social networks for cybercriminals. Where there are a lot of people there is a lot of opportunity for the collection of reconnaissance data that can be used to conduct attacks. Keeping malware off of social networks is a tremendous challenge and even the best run social networks struggle with this. Currently Twitter has been identified as having the highest percentage of malware of all the social networks.
It is easy to see how social engineering has blossomed with the rise of social networks. Even if your target is not on a social network, someone has friended them and a path to finding information that can be used to compromise them has been created. Who doesn’t use social networks to keep up with what their children and grandchildren are doing? Cybercriminals know this is fertile ground; find a relative or friend of a target and somewhere along the chain you will find someone who does not have adequate security settings providing a way in. In this way targeted attacks on executives have increased in the past couple of years, as the cybercriminal looks to find information about them from their children or from their assistants’ social media accounts.
Finally the growth in smartphones brings all of this together. In the early days of smartphones attackers were more likely to trick users into signing up for premium services (like the joke of the day). While inadvertent subscriptions to premium services remain the highest percentage of mobile malware, new mobile malware enables theft of information from smartphones and even remote control of them. As consumers do more and more with their phones, this malware increases in sophistication and in numbers. Researchers have reported a 400 percent increase in mobile malware from 2011 to 2012. Who knows what this year will bring?
Entrepreneurs have also developed software targeting parents and their desire to know what their children are up to. Commercial software is available for under $50 that allows you to keep tabs on your children and read their email and text messages on their phones and keep track of their calls. An enterprising criminal can watch a 4-minute YouTube video and purchase that same software and use it to hack into smartphones.
These trends emphasize the increasing importance of security education for consumers and for businesses. You need more than just antivirus software on your PC to protect yourself. You need antivirus software on your smartphones and other mobile devices, security settings invoked on social media sites, and awareness training that helps to keep you vigilant in the protection of your customer data.
MARY SIERO, CISSP, CISM, CRISC, is the president of Innovative IT in Las Vegas, www.iitlasvegas.com.
©2013 Hospitality Upgrade
This work may not be reprinted, redistributed or repurposed without written consent.
For permission requests, call 678.802.5302 or email info@hospitalityupgrade.com. www.iitlasvegas.com