Three Cybersecurity Problems You May Not Know You Have

Think you're on top of your cybersecurity? Don't be too cocky: the next three problems may already have you in their grip.

February 01, 2016 by Alex Collins, IT Services Consultant

Cybersecurity ProblemsThink you're on top of your cybersecurity? Don't be too cocky: the next three problems may already have you in their grip without you even knowing it.

Compromised hardware

As the “Internet of Things” allows more devices to connect to networks, end-users will have to carefully consider the threats posed by hacked hardware. Most microchips are completely unsecured, and yet freely outsourced from thousands of companies worldwide.

“The number of people who are in a position to access and therefore potentially compromise chip designs is vastly smaller than the number of people who could create malicious software,” writes UCLA electrical engineering professor John Villasenor. “But, in absolute terms, thanks in large part to outsourcing, it is still very large, with many hundreds of thousands of people around the world directly employed in the chip design industry.”

These attacks aren't just in the future, they've happened already. A compromised freebie MP3 player from McDonalds was found to inject malware into its recipients' computers. Security vulnerabilities in Volkswagen's keyless entry devices made their cars easier to steal. And the NSA tricked SIM card supplier Gemalto into compromising their product's security keys.

Focusing on viruses, forgetting about malware

Many antivirus programs have gotten so good at their game, cybercriminals have decided to go around them rather than through. As a result, viruses have paled as an existential threat next to malware.

Against ingeniously devised malware, antivirus programs are “totally useless”, according to Mohammad Mannan of the Concordia Institute for Information Systems Engineering's. Antivirus programs cannot protect against the social engineering tricks deployed by phishing scams and other malware schemes.

Over 150 million phishing emails are sent every day… and the law of averages allows up to 80,000 targets to fall for the phishing scam hook, line and sinker, sharing personal financial information with the crooks on the other end of the line. And it's not just email – they're propagating via social media as well!

The solution may lie in “whitelisting” acceptable applications, rather than “blacklisting” dangerous ones. “Like a bouncer at the hottest club in town, whitelisting is extra muscle to keep the bad guys out,” Stu Sjouwerman, CEO of KnowBe4, told TechPageOne. “In whitelisting, you are setting an allowed list of software programs or executables and an allowed list of safe domains.”

With the threat of malware ever-growing and changing, whitelisting can respond far more effectively to changing threats than antivirus programs.

Staying behind the curve… or going too far ahead of it

Over a year after Microsoft ended support for Windows XP, some companies still hadn't gotten the memo. (We talked about making the switch over back in November 2013.) Obsolete technology is already an obvious back-door threat, as many security protocols dating back to the early 2000s were created for a world without Facebook and Google Docs. The argument for upgrading obsolete technology immediately hardly needs explanation.

Surprisingly, getting too far ahead of the technology curve can be just as dangerous. The rise of “Bring Your Own Device” (BYOD) and the Internet of Things presents new openings for cybercriminals to wreak havoc, explains a new report from the Information Security Forum (ISF).

"A lot of the threats we see now are enabled or created by technology," explains ISF's managing director Steve Durbin. "We've always lauded disruptive innovation, but the good guys are not the only ones who can take advantage of this."

In an interview with the Wall Street Journal, Durbin decried the “starry-eyed perspective” that drives much early adoption of new technologies. “Technology in my opinion has become something of a threat enabler. All of them potentially have opportunities for crime gangs to exploit,” Durbin explained. “When they go wrong they will go wrong quickly and we will have to respond to that. I don’t think we’re prepared for that yet.”