Your Technology Needs to be More Radical than Your Cyber-Attacker’s
There is no doubt that the world has become completely digitized. Virtually every facet of our lives is impacted by internet technology, from social media, digitized data, artificial intelligence, smart homes—you name it, the internet dominates the world.
Digital is great but the Risks of Data Breaches Have Multiplied
Digital data has revolutionized the way business is conducted today. The benefits are enormous. And so are the risks. While digital platform developers are working diligently to improve the world for consumers, hackers are working diligently to steal crucial business data for personal gain. A mere glance at the news reveals that every business sector has been impacted by cyber crime. Not only are the economic disruptions staggering, but the risk of personal financial harm is significant. Recently, for instance, it was reported that FedEx became victim to a cyber attack, resulting in a significant impact on its worldwide operations. Protecting the cyber borders of data is more important than ever.
Cyber Criminals are Patient
Cyber criminals are primarily interested in extracting data from company servers, with the aim of disrupting operations. This requires companies to rethink their cyber security strategies, to focus instead on the “cyber supply chain.” Hackers have become very adept at sneaking into the system and slowly stealing data for months before they are detected. Cyber security professionals, therefore, need to focus their attention on both inbound and outbound traffic.
Organizations are not Paying Enough Attention to the Risks
In spite of the vulnerabilities and increased incidents of breaches, response and recovery of data continue to be the weak link in corporations today. Organizations should conduct cyber security emergency drills, similar to the national emergency drills conducted by the government in order to remain alert and abreast of the newest cyber terrorist strategies. Artificial intelligence is assuredly the next frontier, but the success of any cyber security strategy relies on vigilant and skilled people. A strong cyber defense system requires a team effort, constant attention, and a continuous assessment of and response to threats coming from all sources.
With increased connectivity, the real world and the digital world are becoming intrinsically connected. The Internet of Things is growing exponentially and more and more devices in offices, on roads and in homes form part of this interconnected network. Cars are propelled without people at the wheel, big data is no longer just tech jargon, and it is becoming simpler to track mobile phones, cars, and even people remotely. While this is an exciting time for technological growth, these incredible developments also have a downside. One of the biggest drawbacks to global tech progress is that third parties now have unparalleled access to private information, which is ostensibly securely stored online. This creates various cyber vulnerabilities to businesses and individuals that are unfortunately mostly ignored.
Corporate companies have insane levels of access to consumers’ digital movements and personal information. These examples draw a rather bleak picture – and this is only the tip of the iceberg in our increasingly connected world. Research is being conducted to identify and assess potential threats, and to formulate solutions. Some of the findings were:
The movements and habits of online users are being tracked without their consent
Even when users are aware of this and take steps, pattern-matching algorithms still keep track of their movements
Options to limit data infringements are limited
These is a mammoth lack of digital privacy in the world
The need to address data privacy problems is increasing
Cyber Safety Options for Consumers and Companies
Once a consumer opts in to an affiliation, there is little they can do to secure their personal data, but the following protective measures are advised:
Download reputable software for blocking and deleting cookies
Avoid downloading unnecessary apps
Use strong passwords and do not repeat the same password
Unfortunately, the risks are higher for companies and maintaining cyber safety is far more complicated. It is highly recommended that companies approach a cyber-safety professional to implement preventative measures and to deal with threats.
An International Issue
While the security of a country is its own responsibility, the digital world stretches across the globe and it is not always possible to determine whose responsibility digital safety is. It is interesting to note that there is a significant lack of experts in the field of cyber security, despite the upsurge in digital tech. Research has revealed that at least a million skilled workers are needed to ensure the digital safety of companies around the world. One sector that has taken off recently is cyber insurance. Unfortunately it is not without issues. Policies are not providing protection to policy-holders for reasonable data protection and are rife with exceptions. The reality that has not yet sunk in is that the economy will be affected if measures are not taken to deter cybercrime. The first step for companies and consumers alike is to start gathering knowledge. Without revealing the cause, a problem cannot be properly addressed. The only way forward is to harness information to explore potential solutions to this major threat.
WhatsApp is used by over a billion people worldwide – that’s billions of messages, all allegedly private, secure, and protected by the end-to-end encryption provided by Open Whisper Systems. But are your private messages really secure?
End User Encryption Vulnerability
In early January, 2017 a ‘Backdoor’ was found in the WhatsApp system that could potentially give a third-party access to your messages. A ‘Backdoor’ is either placed by design, or by shortcoming, and it allows for unauthorized access to data, in this case, your messages. WhatsApp has previously stated that their popular messaging system is completely secure and encrypted, and indeed their encryption protocol is very safe. The problem lies not in the protocol itself but in the way it is implemented.
Defect or Feature?
When confronted with this security problem, Open Whisper Systems’ suggested that the vulnerability is not a defect, it is in fact a feature of most standard end-to-end encryption software. It seems that when posed with the dilemma between ultimate security and streamlined user-experience WhatsApp chose the latter. While they have clearly and publicly declared that they would oppose any request, even from a government department, to gain access and / or monitor user activity, there is a vast difference between choosing not to divulge information and blocking any access to it.
So what does this security vulnerability mean for the end-user? The detail lies in WhatsApp’s ever-changing encryption key that is broadcast by a contact and is not verified by WhatsApp security. Each time a contact broadcasts a new encryption key, it is not re-verified so as not to cause a break in the message delivery process.
How to Protect Your Messages
If you’re conscious about your privacy, it’s important to verify the encryption keys broadcast by your contacts before you send messages. Enable security notifications in the application itself and make sure that you manually accept and verify each encryption key broadcast by your contacts. However, you should be aware that this does not promise airtight security, seeing as WhatsApp will only notify you that the encryption key has changed after your message has been delivered. If you want to be extra cautious, conduct your private conversations on platforms like Signal that chose security over user-experience, and enable the verification of new keys before they are used.
Innovation in all industries is moving at lightning speed, and transportation systems are no different. Intelligent transportation systems (ITS) are created with a single goal: to improve the existing infrastructure of systems. Because of the major changes happening these days, traditional education and expertise in construction or civil engineering are no longer enough. Officials also have to be well-versed in technology. Sophisticated ITS systems are used to acquire and manage vast amounts of valuable data. This data is used to craft intricate technical specifications to optimize organisational flow.
Fraught with Danger
While ITS systems are invaluable to improving infrastructure, using ITS systems is charged with security risks. These threats have to be identified, understood, and correctly managed. Risks include:
– Loss of data
– Lost revenue
– Disclosure of sensitive information
– Electronic asset theft
– Service interruption
– Introduction of malicious software
– Cyber extortion
– Cyber terrorism
According to recent research, nearly 800 data breaches were tracked in the US in 2015. To avoid being a statistic, transportation firms need to improve security policies through risk assessment and due diligence procedures.
Although ITS may be responsible for data breaches, digital security issues also come from employees who may be negligent, steal data, lose or steal company equipment, or inadvertently install malware onto systems. Transportation agencies should ascertain where vulnerabilities lie, assess risks, and implement robust security programs.
The Problem with Insurance
As awareness of cyber liability grows, the demand for cyber insurance increases. It is important to note the deficiencies of standard commercial insurance. When it comes to cyber security, policy-holders are not thoroughly covered. Transportation officials can mitigate risk by requesting contractors to provide coverage for some of the risks, for example:
– Exposing confidential digital data
– Installing computer viruses
– Loss of service
– The criminal use of a computer system
With this kind of coverage, transportation officials may be able to recover some of the expenses that come with identified cyber and technology threats like fines and penalties, legal costs, losses due to identity theft, fraud, and data loss.
Insurance is Not Enough
Besides the recent revamp in the insurance world, there is also an increased awareness of cyber risk around the globe. This is creating a better understanding of the risks and how it can be managed. As research is done and reports are compiled ,it is becoming obvious that there is an enormous challenge in using ITS technologies to optimize transportation. Assessing cyber risks should be a priority when it comes to planning 21st century transportation projects. Even though cyber liability does not currently form part of the average transportation official’s vocabulary, it is an unavoidable reality.
Steps to Contain Cyber Risk
Transportation companies should start by identifying the issues, and then applying the following vital steps:
– Take a proactive approach to cyber safety
– Maintain insurance requirements with insurance companies and contractors
– Create cyber security protocols and policies
– Train staff members to be cyber-alert
– Maintain vigilance in all aspects of cyber risk, particularly in the IT department
By observing these guidelines, transportation companies can become equipped to manage the dangers of the cyber world as effectively as possible.
Shimon Sheves truly embodies the adage, “Think Global, Act Local”. He is deeply passionate about his homeland of Israel and works tirelessly to support his community. Sheves is also the founder and chairman of HolistiCyber company that provides nation-state level cyber protection.