Why you are your best cyber security

In case you’ve been living under a rock, online security is back on the agenda in a big way because of a little thing called heartbleed.

It’s not something you get from too much saturated fat, it’s a vulnerability in the website authentication system, the mechanism that assures us we’re not sending our credit card number or bank login to a clever fraud instead of who we think we are.

Heartbleed is a technology problem much smarter people than the rest of us are scrambling to patch up as we speak, but statistically, it’s an anomaly.

Encryption (the technology that keeps your details secret as they travel around the internet) is already hard to break, and it’s getting better all the time. As soon as new malware surfaces, cybersecurity companies waste no time pulling it apart to see how it works and issuing patches and updates to protect you from it.

So why did targeted cyberattacks still increase 42 percent last year over 2012? If the technology is so hard to break, something’s obviously going wrong.

Unfortunately, the most robust security infrastructure in the world can’t change user behaviour. “I don’t see any sign people are better with their passwords,” says Symantec’s US security response director Kevin Haley. “There needs to be a technology solution because people don’t change.”

Natural digital selection

Bugs have evolved along with our online behaviour. They used to be about defacing websites for bragging rights or dodgy email attachments that sent themselves to everyone else in your address book.

Around 1998, according to Kevin Mandia of US security firm FireEye, Inc, cybercrooks realised they could make more money by intercepting and hijacking our financial details as we started banking and buying online.

“1998 to 2003 was the heyday,” Mandia says, “then there was a shift because we had so much regulation and legislation around things companies had to do to be compliant. A wall came up and servers got more secure.”

That prompted what Mandia calls the third wave of cybercrime – going after individual users. If the technology was getting too good to break, maybe we’d would be dumb enough to fool directly.

The operative term in the 42 percent statistic above is ‘targeted’. Also called phishing attacks, it’s when the bad guys pretend to be someone they’re not to try and swindle you. The email warning you to change your Paypal password is a classic example – the link takes you to a site that looks like Paypal, but actually sends your login details straight to a cybercriminal.

The threat of tomorrow

We often laugh about the fake Paypal and Nigerian banker scams now, but someone somewhere is still falling for them. “The technologies we deliver only address one part of the puzzle,” says security systems engineer Nick Savvides of Symantec Australia. “We work hard to make security transparent but we’d be missing a trick if we didn’t recognise some level of user awareness is important.”

Such awareness becomes even more important when the bad guys take to the next step up – spear phishing. Where a phishing attack is a broadcast effort that sends a slew of emails hoping to trick whoever they can, spear phishing involves what’s called ‘social engineering’.

Our posts on social networks and the websites we visit leave an electronic paper trail of our interests and preferences. If you love Facebook games, friending you and suggesting you try a new game is a good approach for a cybercrook. The ‘game’ might actually be a bug that gives the bad guy unfettered access to your phone or computer.

In one recent example, over 25,000 Instagram users willingly disclosed their login details in exchange for vague promises of ‘likes’ for their pictures, sending them straight to an Eastern European organised crime gang.

You often hear of the security arms race – the crooks come up with sneakier approaches, and antivirus providers have to improve in turn. It’s the same for the rest of us. As we learn our lessons, so do the gangs trying to extort us (look up ‘ransomware’ or ‘watering hole attacks’ for some sobering reading).

But while headlines of pensioners being tricked out of their life savings can be terrifying, caution – not fear – is the answer. Sun Tzu’s The Art of War urges us to know the enemy and is weapons, and keeping a few simple behaviours in mind is your best defence.

Dos and Don’ts

* Don’t click on suspicious links in emails or social network.
* Don’t email personal information.
* Don’t enter personal information in a pop-up web page.
* Make sure the site is safe before you input personal information – watch for the padlock in your browser window, ‘https’ in the website address and/or the green address bar.
* Use security software and install updates promptly.

Full client and publication list:

  • 3D Artist
  • APC
  • AskMen.com
  • Auscam
  • Australian Creative
  • Australian Macworld
  • Australian Way (Qantas)
  • Big Issue
  • Black Velvet Seductions
  • Black+White
  • Bookseller & Publisher
  • Box Magazine
  • Brain World
  • Business News
  • Business NSW
  • Campaign Brief
  • Capture
  • CHUD.com
  • Cleo
  • Cosmos
  • Cream
  • Curve
  • Daily Telegraph
  • Dark Horizons
  • Dazed and Confused
  • Desktop
  • DG
  • Digital Media
  • Disney Magazine
  • DNA Magazine
  • Empire
  • Empty Magazine
  • Famous Monsters of Filmland
  • Fast Thinking
  • FHM UK
  • Film Stories
  • Filmink
  • Follow Gentlemen
  • Geek Magazine
  • Good Reading
  • Good Weekend
  • GQ
  • How It Works
  • Hydrapinion
  • Inside Film
  • Internet.au
  • Loaded
  • M2 Magazine
  • Marie Claire Australia
  • Marketing
  • Maxim Australia
  • Men's Style
  • Metro
  • Moviehole
  • MSN
  • Nine To Five
  • Paranormal
  • PC Authority
  • PC Powerplay
  • PC Update
  • PC User
  • PC World
  • Penthouse
  • People
  • Pixelmag
  • Popular Science
  • Post Magazine
  • Ralph
  • Reader's Digest
  • ScienceNetwork WA
  • SciFiNow
  • Scoop
  • Scoop Traveller
  • Seaside Observer
  • SFX
  • Sydney Morning Herald
  • The Australian
  • The Retiree
  • The Sun Herald
  • The West Australian
  • thevine.com.au
  • TimeOut
  • Total Film
  • Video Camera
  • Video&Filmmaker
  • Writing Magazine
  • Xpress
  • Zoo