Sign up to our newsletter
It’s hard to argue that 2014 wasn’t a major year for security news – with many stories breaking beyond specialist publications and into mainstream news, the once niche topic of computer security was hard to miss. A steady stream of data breaches, the celebrity nude photo hacks, and Sony Pictures’ historic trouble with hackers ensured that this year began with President Obama promising a heavy focus on security in his recent policy announcements.
But how is 2015 shaping up in terms of security trends? We caught up with ESET security specialist Mark James to get his take on threats, security and how people should ensure their year is free of malware.
“Passwords remain a scary thing,” says James, referring to the worryingly insecure passwords that remain the most popular year to year. “It’s a scary thought that people haven’t learned – we still see the same passwords we saw the year before. I don’t know if people don’t learn, or if they don’t see it as a problem.”
With high-profile data breaches reaching millions at a time, I put it to him that it’s surprising that we haven’t seen any shift in such sloppy attitudes towards personal security, but James speculates that over-exposure to big numbers has the unintended consequence of making them lose their impact.
“Sometimes I think news stories can go counter productive, and people are jaded to another 60 million passwords being lost. I remember when there were the first whispers of big companies being hacked, everyone was extremely concerned, but as more and more fell, people almost flip the news story because ‘it’s just another company that didn’t secure their data correctly.'”
The biggest flurry of these were the Point-of-Sale malware data breaches that hit numerous companies across the United States, starting with Target in late 2013 and most recently causing Chick-fil-A to investigate a possible data breach in January. This was just the tip of the iceberg, with the US Secret Service estimating in 2014 that more than 1,000 businesses had been affected. Things have been relatively quiet recently though – is the worst of it over, or is it lower profile due to the sheer saturation of stories?
“I think it’s a bit of both. It’s partially lower profile – the problem in this industry is that people are only interested in big news: if it’s not a millions strong data breach then it’s mentioned, but then we move on. On the other hand, moving away from Windows XP is helping – although 20% of machines are still running it: more than people running Windows 8 and 8.1 put together! I think a lot of these companies have also realized that they have to listen to their tech guys.”
James is optimistic that traditional frictions between employees and technical staff is becoming less of a problem as security moves higher up the news agenda, a development that he sees as essential for companies hoping to remain malware free in 2015. With smartphones getting better and attracting more sophisticated mobile malware, and Internet of Things devices providing their own share of ’cause for concern’, this kind of cooperation will be more important than ever.
Despite the new threats, James’ advice for avoiding malware in the year ahead remains a list of old favorites. Keeping anti-virus up to date, he says, “will hit a large percentage of that initial infection out of the way. “This needs to be backed up with a good bout of common sense: avoiding keygens, cracks and means to get free software, yes, but also being aware that if something is too good to be true, it probably is. “Big companies didn’t get where they are today through selling off cheap electronics because they’d been opened in the cellophane.”
Keeping software and the operating system up to date is essential, as is avoiding suspicious emails and attachments. “For me, I always use what I call ‘the front door technique’: if this guy were to appear at my front door and say, ‘Hey Mark, fill out this form for a $100 iTunes voucher’ – is it going to happen? No.”
James is also cautious about social media usage. “I normally use social media personally so my family know what I’m up to when I’m away – it makes me cringe and shake when I see people say ‘We’re off on holiday on Friday for two weeks’ – to me that just seems to say ‘we’re not in the house for two weeks, come and burgle me!'”
“Your immediate friends and family are totally trustworthy, but you have no control over who they mention this to.”
Strong passwords round off the list. “It’s not all about a 20-character, completely random alphanumeric symbol password that realistically you’re never going to remember, unless you’re using a password manager. It’s about a compromise: a group of words together, some numbers thrown in, some capital letters. It doesn’t need to be as complex as it seems to be.”
He lists these tips with the speed and precision of a man who is used to giving out this advice, a mix of common sense and preventative measures that James readily admits can cause some minor inconvenience. “People are always going to struggle to have that compromise between a reasonable amount of security and the complexity of having something they need to think about. We want everything easy, but we can’t have both, sadly.”
Author Alan Martin, ESET