New Year’s Eve has come and gone, and thusly, the annual prediction blog cycle draws to a close. Permit me to sneak one in just before the doors are locked, if you would. I've put together a list of three consumer security bogeymen (more hype than substance) and three consumer security issues that everyone needs to actually worry about. There is a very obvious theme here in terms of the division — see if you can spot it!
- Mobile security. Obviously IT security professionals need to worry about securing mobile devices, but consumers with private devices? Unless you’re downloading untrustworthy apps, chances are you’ll be OK. A lot of people had 2015 pegged to be the "Year of Mobile Malware", and it didn’t happen. This particular analyst predicts that 2016 will bring more of the same, where the hype outstrips the reality.
- Wearable security. Wearables remain largely niche, but they do present a unique problem: they have access to a lot of secure stuff, but tend not to be very secure natively. Ultimately, however, this issue is miniscule and will remain so for 2016. There is no way to attack wearables at scale, making it hard to squeeze money from that angle if you're a cybercriminal. So unless you’re an extremely high-value target (like…the president of a nation), this isn’t something to worry about just yet. However, wearables present an interesting preview to the IoT problem that will plague us in the future. Speaking of which…
- Cars/IoT. I don’t think 2016 is the year to worry about your car getting hacked. I may be in the minority, but as a consumer, I am actually much more concerned about cars and home devices (especially medical) being compromised than I am about my phone or my smartwatch. And for a nation on the cusp of popularizing self-driving cars, we seem awfully relaxed about this issue. I assume that there will be federal regulations in place for automobile security when the time comes, but it sure would be nice to see a pioneer state like California put a framework together for this.
- Credit Card Fraud. The United States finally caught up to the rest of the world and is phasing out magnetic strips. But does that mean the end of credit fraud as we know it? Of course not! It simply means that the USA will see the same trend that Europe saw a decade ago- a sharp rise in CNP fraud (card-not-present). Bad guys who used to spoof strips now have to steal your data remotely. What does this mean? Consumers have to be even MORE careful online.
For anyone who reads this and asks, “okay, but what should I be doing?”. I have only one thing to say: there are plenty of great security programs out there, and you should use them, but password management is the most critical thing inside of your control. Is it a hassle to have different passwords, especially randomly generated ones? Yes. But separating and fortifying your passwords can be the difference between losing one account and losing your entire life/identity. It is worth investing some time and thought into.
- Crypto Attacks. These are real and they happen every day. You download something you shouldn’t have, someone gets in your system, locks it, and says “send us $300 in Bitcoins or kiss your computer goodbye.” It’s super easy for the bad guys to execute these attacks, and it’s usually easier to just pay up than it is to go replace everything. Be careful about what you download! And back up your system regularly just in case.
- Phishing. Hard to believe this is in a 2016 prediction blog, isn’t it? Seems like we all should know better by now. But with time comes expertise, and the bad guys have gotten very, very, very good at phishing. Depending on what study you read, even security professionals can have a hard time separating phishing emails from legitimate ones when tested. How to avoid these? Vigilance. Bank or Amerlca isn’t spelled with a lowercase “L”, no matter how legit the rest of the email may look. Trust nothing and no one. Hey, the internet can be a harsh place.
Spot the theme? The traditional problems remain the most critical problems. The new concerns — IoT, wearables, mobile security — I think are in for another year of making comparatively little noise. Attacks on new devices require a lot of effort on the part of criminals, and they don’t scale up. Bad guys follow the money, and outside of app spoofing, there doesn’t seem to be much money in new-age attacks just yet.
The older problems? It is a good bet that they will be even worse this year for consumers. The change in credit card systems will drive more fraud online. Bad guys are scary good with phishing and only getting better. Crypto attacks can be carried about by any script kiddie with a few bucks in his pocket.
I hope I’m wrong. If 2016 is remembered as the Year of Smartwatch Hacks, then we’ll have had a pretty darn good year.