As another Christmas shopping season approaches, annual rhetoric about threats to information and payment security have started to ramp-up as they do every year ... and THIS article is no exception.
On the whole, 2016 has been a difficult year for data security as evermore sophisticated and prolific cyber-criminals continue their relentless deluge. Recently, a distributed denial of service (DDoS) attack was deployed through a botnet army of conscripted Internet of Things (IoT) devices, crippling connectivity to popular consumer web services including Amazon and PayPal. The DDoS itself was of historic size and proportion, viewed by many as a harbinger of what’s to come with so many insecure and poorly hardened devices being rushed to market.
In days gone by, people would preserve valuables by storing them at a specific location, under lock and key in a physical strongbox or safe … which was perfectly reasonable and effective protection at the time. Our assets were secure as long as we kept bad-guys like safecrackers and lockpickers away from them. Times have changed and neither assets nor the security protecting them tend to be physical anymore.
Most of our valuables are tied to or secured through an electronic device or a plastic card that travels with us into every environment we encounter … but that begs a question: What if we forgot about keeping the bad guys away and are unwittingly carrying our assets into the very places where hackers (modern safecrackers and lockpickers) are waiting in ambush? Just as with placing assets into harm’s way, vulnerabilities in IoT security can beg the same question as before, but from another perspective: What if IoT connectivity leaves an open door, invites criminals inside our security perimeter … and exposes our assets?
Only counting the tricks that security experts already know about, there are quite literally thousands of methods for a hacker to take what they want from you. Although many users are adopting and maintaining antivirus / anti-malware technologies, installing firewalls, committing to complex encryption or embracing multi-factor authentication and password-keeper mechanisms … all that effort can cause a false sense of security and misplaced trust to manifest. Security tools can be powerful but they’re only as effective as the person who wields them … or keeps them out of the line of fire.
Hastily over-trusting stringent security measures can cause complacency and encourage or reinforce bad, shortsighted or naive consumer behaviour. Combining complacency with the distractions and fervor of holiday shopping in a busy mall or retail store is a recipe for disaster. It only takes a couple of seconds for a scammer to bump-into a purse or wallet and either complete a ‘tap-to-pay’ transaction or sniff and steal credentials from any wireless-enabled or ‘smart’ cards inside, regardless of how secure the owner may feel. Shopping with impunity can be as risky as walking into a crowd of pickpockets … while wearing a blindfold.
Locking-down our devices and then using them carelessly to surf the web, download torrents and pirated content or follow click-bait ‘to-good-to-be-true’ deals can and will expose us AND our assets to the very people that know how to get at them. Don’t let the pretty lights, cheer and shiny tinsel fool you … security with complex authentication, expensive antivirus and a firewall is prudent, but it can all be thwarted by haste and convenience-addiction.