This presentation was given to the Australian Seniors’ Computer Clubs Association as part of stay safe online week.
We looked at the current situation with online security; the evolving threats to mobile platforms, the emergence of highly organised criminal rings and the phenomenon of ransomware.After looking at the current situation we then looked at the broader trends and what we as individuals, groups and businesses need to do to protect our data and our rights online.
2. • Online safety is evolving as we move from PCs to
tablets and smartphones
• today the risks are increasingly appearing on our
mobile devices although the desktop computer and
email scams remain the biggest risk.
The ongoing online safety battle
3. • A change to the security landscape in recent times
has been the rise of professional malware.
• While a decade ago most of the hacks and viruses
we saw were the work of people demonstrating
their skills or causing mischief, today there is big
money in compromising computers and capturing
data.
It’s increasingly about the money
4. The rise of ransomware
• One of the best examples of the professionalisation
of the internet’s bad guy is the rise of ransomware.
• Ransomware locks your computer with a demand
for payment to release your data; if you don’t pay
you lose all your information.
• Many of the online threats though are far more
subtle; the theft of data from Target, compromises
of Sony’s customer databases and ongoing security
breaches illustrate how the risks are far greater
than just on our desktop.
5. Smartphone lockups
• Ransomware has moved off personal computers
onto smartphones with both Android and Apple
systems being attacked.
• The ‘hacked by Oleg Pliss’ message is a good
example of how Apple’s products are just as much
at risk as other companies’ platforms.
• Also the ‘hacked by Oleg Pliss’ lockup shows how
the security aspects of cloud computing services
are going to become more important to the
average person.
6. Security basics
• The basic advice for the average user remains the
same;
• Strong passwords
• Don’t use common passwords
• Be careful what you click on or visit
• Keep your systems up to date
• Have good security software
• However times are changing and many security
issues are out of the average person’s control
7. Lessons from Heartbleed
• The Heartbleed Open SSL bug illustrated the limits
of individuals in protecting their data
• As a bug in the secure socket layer software, the
Heartbleed Bug could expose sensitive data.
• The disappointing thing with Heartbleed is that
people following good security policies were
vulnerable.
• Probably the biggest threat with Heartbleed
however is the Internet of Things, where relatively
simple devices – the connected kettle – could
exposing security credentials
8. The Target hack
• Another example of how security is beyond the
control of the individual user is the Target hack
• Hackers found their way into the US department
store’s network though an airconditioning
contractor. From there, they were able to steal
millions of customer payment details
• The Target hack is one of dozens of similar coporate
security compromises and this will continue until
security is taken seriously by company directors
and regulators.
9. A pocket sized security breach
• As the Oleg Pliss hack showed, smartphones are
not immune to security breaches
• With our phones gathering increasingly more data
on our behaviour, protecting the data they gather is
going to become one of the biggest challenges
facing us.
10. Rich data
• Smartphones are not just gathering location data,
as technologies like iBeacons roll out more
information is being gathered from more sources.
• When we go shopping, attend a football game or
visit the doctor these technologies are collecting
information on our personal habits and behaviour
11. Not a generational issue
• One of the myths around security and privacy is that
concerns revolve around the generations.
• The idea that only older people care about privacy or
that younger folk understand technology is a myth.
• Unfortunately however our political and business
leaders come from a segment of society that doesn’t
care about or understand the technology or issues
• If meaningful change is to be made in securing our
information, then we’re going to have to demand our
business and political leaders take these issues
seriously.