Vulnerable urban futurism technologies are not only fair game for mischievous hackers but also crime groups and hostile nation states, warns Steve Hicks, Head of Global Sales, BullGuard in a discussion with VAR.
Q1. Smart homes are central to Internet of Things (IoT) which makes them susceptible to cyber-attacks. How can smart homes also be made safe homes?
A1. It’s difficult to protect each individual device. This places too much onus on the owner if they, for instance, have six or seven smart devices in the home. Even well-known brand devices have proved to be vulnerable to hacks while many mass-produced devices have really poor protection such as default passwords and admin details.
Protecting all devices in a home requires time and technical insights that most people don’t have. These include looking for firmware updates and keeping an eye on network traffic to see if something is leaving or entering the network that shouldn’t. What is required is an overarching protection that starts at the network router, monitors all devices on a network simultaneously and also monitors network traffic. Fused with artificial intelligence, machine learning and cloud-based security, this level of protection acts like a security blanket thrown over the home. It can identify and stop attacks in real time and assess the security status of new devices when they are attached to the smart home network.
Q2. Malware is one of the most common methods of stealing personally identifiable customer information. What can be done to protect unsuspecting customers from falling victim to such attacks?
A2. It’s a fundamental step but people need to use good antivirus software that uses both signature and behaviour-based detection. Signature-based detection takes care of the millions of known malware variants while behaviour-based detection identifies zero-day malware and stops it in its tracks as it tries to penetrate computers. Another important point is the need for awareness about email-based phishing attacks. This is a popular route for hackers and people need to be aware that emails requesting sensitive personal information such as payment card numbers, or providing links to web pages that also request personal information are scams designed to extract important financial information.
Q3. Data breaches are at an all-time high. What must businesses do to ensure protection of sensitive customer data?
A3. In addition to having fundamental security technologies in place businesses must adopt a zero-trust model across the entire enterprise, which in turn informs how they protect sensitive customer data. This is a ‘never trust, always verify’ approach. This then protects against a wide range of existing and evolving threats. For instance, under this model those responsible ask questions such as ‘is this third-party script on our website secure or can it be exploited by hackers?’ This detailed questioning approach requires investment but it makes all the difference as to whether sensitive data is stolen or kept safe.
Q4. With internet becoming ubiquitous, more and more kids are getting online. What precautions can parents take to ensure their kids’ safety online?
A4. Education and parental tools enable discreet monitoring of what children are doing online. Children receive cyber security training on stranger danger at school and it does no harm to reinforce this at home. One of the more disturbing perils is if children stumble across inappropriate content which can have an adverse impact on developing minds. Unhealthy peer pressure, social media bullying and posting risqué images are also important things to look out for. This is where parental controls are very helpful.
Q5. In the wake of urban futurism, what is the basic security hygiene that businesses and customers alike must maintain?
A5. Urban futurism is a short phrase for such big topic covering everything from
renewable energies, all kinds of web technology, blockchain, tactical urbanism, decentralised networks, autonomous cars and a lot more. People are getting excited at the potential of new technologies whether its town planners, civic designers, power companies and so on. However, to ensure basic security hygiene after asking the question ‘what can this technology do?’ a follow up question is required: ‘is it secure or is it vulnerable to hacking? And if so, how?’ This is less a requirement and more of an attitude. Without this questioning stance we are going to see an awful lot of new tech implementations that are ripe for hacking. And it’s not just singular devices we are talking about, it’s also about the networks they sit on and how these networks can be exploited.