How individual behavior is changing cybersecurity

2. False sense of security grows

There’s evidence to suggest that the growing use of handheld devices may be making individuals less vigilant about cybersecurity than in the past.

A 2019 Verizon report on cybersecurity noted the “visibility and accessibility of handheld devices are contributing to the problem” with user-friendly designs that do not encourage people to be cautious.

Because these devices are “designed to make us flow from one application to another naturally, and almost without thought” users may not be as wary of security threats as they had been with computers in the past.

3. Android and iOS are at risk

In December 2019, Google deleted seven malware-infested applications from their Play Store. The applications were pulled because they opened back doors that allowed malware to be installed from external locations.

Though they are no longer available for download, Google isn’t deleting applications already installed.

Which applications? Alarm Clock, Calculator, Magnifying Glass, Magnifier with Flashlight, Super Bright Flashlight, Free Magnifying Glass, and Super Bright LED Flashlight.

If you happen to have any of these on your devices, delete them immediately.

And don’t think iOS users are safe from this sort of exploit.

Hacker News recently reported over 1 billion malicious ad impression exploit flaws targeting Apple users.

In some cases, intrusive pop up ads can forcefully redirect users to malicious sites. Earlier this year, a campaign allowed successful bypass of ad blockers on iOS devices and highjacked 500 million mobile user sessions in just one week.

Finally, researchers also recently found 1,000s of Christmas-themed applications with significant security flaws across both platforms, so if you have lingering holiday applications on your device, you should delete those as well.

4. Text messages are growing targets

In December, USA Today reported a database housing millions of SMS text messages that were left open online for an extended period of time.

According to the report “the team was able to access the text messages because the logs were completely unsecured and unencrypted.”

Just a quick reminder that your text messages aren’t safe from harm either.

5. Your home is at risk, too

Our homes now have the same risk as businesses, without experienced staff.

In December, D-Link Routers published a list of known vulnerabilities but are not fixing them.

Home Networks include all kinds of devices, applications, and connections including firewalls, antivirus software, malware scanning, printers, phones, televisions, lights, doorbells, refrigerators, thermostats, cameras, personal assistants, etc.

These Internet of Things (IoT) devices all have default settings and passwords readily available on-line and routinely need updates and patches.

6. Data breaches continue the rapid growth

Data breaches again dominated the news for cybersecurity in 2019,  with a whopping 5,183 breaches in the past year according to MSN.

According to research from Risk Based Security, the total number of breaches was up 33% over the previous year and nearly 8 billion records were exposed in all.

There are too many to list them all, but even a small sample of these breaches serves as a stark reminder that attacks can affect businesses and organizations of all sizes:

• Facebook recently announced 267 million Facebook accounts were compromised.
• On Dec. 19, convenience store and gas station chain Wawa reported that all 800-plus locations were exposed to a data breach.
• Cloud-based storage companies like Amazon Web Services and ElasticSearch repeatedly saw their names surface in stories of negligent companies in 2019, which left sensitive customer data unprotected in the open wilds of the internet.
• 72 school districts across the U.S. representing more than 1,000 schools were breached in 2019. Schools are now second on the “most attacked” list behind cities and municipalities and just ahead of third-place, the healthcare Industry — which just saw a major blow when 15 million patients had their info stolen before LifeLabs paid the ransom to retrieve them.
• Even locally in the Myrtle Beach area, healthcare organizations including Tidelands Health and Conway Medical Center, both experienced breaches announced in December.

7. Passwords remain the biggest problem

Password encryption continues to be a problem because individuals increasingly need many logins in their daily lives. Who can remember a dozen or more unique passwords?

Because of this, passwords are reused, rarely or never changed, or only slightly altered.

These passwords, which have likely been exposed by data breaches, can then be used to perform credential stuffing, an attack that gains unauthorized access to user accounts through large-scale automated login requests.

Microsoft reported that in the first three months of 2019 they found 44 million accounts reusing passwords found in breaches. In fact, 72% of consumers admit to recycling passwords up to 4 times.

According to the report, 90% of attacks start with individuals. Of those, 94% come from e-mail, and 45% from Microsoft Office attachments.

This fraudulent account takeover is responsible for millions of dollars stolen due to wire transfer account changes.

We have seen this at all levels, from public/private project owners to general contractors to subcontractors to employees and even human resources.

8. Antivirus protection is not enough

Only half of all malware is caught by antivirus software, according to 2019 reports. This is dramatically lower than the historical success of 67%.

Advances in attacks coupled with the volume of devices and applications are outpacing application defenses, which means just having antivirus software installed on your computer is no longer enough to mitigate your individual risk.

9. Biometrics is not the solution

If you think facial recognition or fingerprints is the solution, think again.

The Verge published an article recently reporting that security company Suprema fell victim to a hack exposing the fingerprints of over one million people.

Biometrics is a growing technology that can be effective on many levels, but when individual behavior in cybersecurity isn’t a focus, even the most high-tech companies can fall victim to breaches.

10. Things might get weird in 2020

A December ZDNet Article, warns about AI-powered deepfakes, as well as ongoing ransomware, IoT, and 5G as examples of how risks will continue to grow stranger and more diverse in the coming year.

Renown Tech analyst Forrester predicts deepfakes — which take a person in an existing image or video and replace them with someone else’s likeness  — could cost $250 million next year.

This risk comes not only through direct damage to individuals and brands but also in a toolkit for phishing gangs.

“AI tools are already available and in use faking the voice of company officers/executives, directing employees to fraudulently move funds,” the article states. “5G will serve to spread the disease and risk faster.”