iOS is not as safe either. We say that Apple’s lower volume – around 12% worldwide versus Android at 88% makes Android the sensible target – we call it the ‘Perils of popularity’. Read our take on this, Taking a bite from Apple’s iOS myth and note that using an iPhone without protection is madness.
GG: What phone do you use?
I am a security evangelist, and I use Android Oreo. Android Pie is even better, and Google is doing an excellent job in securing the operating system.
But remember that the always-connected word means that cybercriminals view all mobile devices as a) a gold mine for what is on them and b) a way into the corporate or home network.
Mobile security is now in its fifth-generation, and Check Point has a slightly different slant on that. We call it SandBlast 3.0 – a cloud-based solution that works on Android and iPhone devices and protects from malware, man-in-the-middle attacks over cellular, and Wi-Fi networks, OS exploits, and phishing attacks. It has the highest threat catch rate on the market.
It is for enterprise use at present but will migrate to consumer use soon.
GG: IoT threats are always popular
Let’s get back to basics. The Internet is a wide area network (WAN), and the home or business network is a local area network (LAN). Both work together via IP (Internet protocol).
When you’re on the internet, which everybody is, everybody is fair game, so we have to be aware of that.
Australians have a reputation for being early adopters and heavy consumers of technology. There are estimates of 20.4 billion Internet of Things (IoT) devices by 2020. Securing these devices must be a priority, given that IoT presents a future that is very difficult to secure.
He said it’s important for everyone involved, including designers, manufacturers, retailers, and consumers, to be aware of the security risks.
A cybercriminal has malware that roams the WAN that wants to get into the LAN. Automated botnets attack routers, IoT, security cameras, anything with a known vulnerability. IoT, especially older IoT does not have security in mind – many still use default passwords like Admin/Admin. Most do not have security patches.
Or you have remote access enabled to get into local storage, security camera or alarm system.
Once in they can roam the LAN looking for gold in the data, send junk email, be part of botnets DDOS attacks and more.
GG: What about the emerging cybercriminal industry in Asia and elsewhere.
Wherever labour is cheap, you will see an emerging cybercriminal industry that uses tools from the Dark Web and to go after the low hanging fruit. Things like working on Collection #1-5 data breaches, attacking old unpatched vulnerabilities, spear phishing and ransomware. The thing is that it does not take too many successes to fund their expansion and some of the tools are now homegrown.
There is a huge industry now in targeting high net worth individuals. There are attack farms in places like South East Asia and Africa that specialise in this. They use machine learning and AI to deliver highly targeted spear phishing. It may purport to come from the local gym, post office, supermarket or newsagent. They may employ dumpster divers to go after gold in your bin, steal from your mailbox or follow your movements around the suburb. Yes, its beginning to happen in Australia.
GG: So, how paranoid do you need to be to survive?
The average person still has not connected the dots. For them, it is still convenience over security.