This is a reprint of The elusive “P” which appeared in the January 2016 issue of Indian Management.
There is no such thing as a free lunch, truly.
As we increasingly traverse the virtual realm, we are putting at stake a crucial aspect—our much-treasured privacy.
There is not a lot of privacy on the Internet today. Every place you go – websites, social networks, apps – all know your IP address and where you are located, which they can correlate with your demographics, age, gender, and the websites that you visit. Social networks can even tell advertisers what your political leanings are and which religion you practice, and the Internet knows which books you read, which cosmetics you use, and whether or not you are pregnant, getting married or divorced. At the end of the day, search engine companies and Internet Service Providers know everything about you. With the up-rise of the Internet of Things, Internet-connected devices can dig even deeper into our lives. Our cars remember when we drove where, how fast we went, and what music we were listening to, while our smart watch can tell us more about our health than our doctors can. Privacy is a thing of the past.
A trade-off between convenience and privacy
In our day-to-day usage of the Internet, each of us are either making a conscious or unconscious trade-off between convenience and privacy.
One example of this can be seen in Gmail, the hugely popular email service used by nearly one billion people around the world. Most people will, but others might not recognize that they receive advertisements which are somewhat related to the subject of their emails. This is due to the fact that the subjects of a user’s emails are sent to various advertising engines to come up with relevant content to serve back to the Gmail user. For someone who sent an email with ‘vacation’ in the subject line, this may result in the user receiving ads with flight offers during the following days.
“SMBs are not just targets of cybercrime, they are its principal target”
says a U.S. Security and Exchange Commission report from last fall. In fact, the majority of all targeted cyberattacks last year were directed at SMBs.
The New York Times, in its article No Business Too Small to Be Hacked, said that 60% of all online attacks in 2014 targeted small and mid-sized businesses. Of those attacked, more than half (60%) would go out of business within 6 months of a data breach. That’s a lot of broken dreams and heart ache because of a lack of security.
Small businesses lack IT expertise and budget
SMBs make attractive targets because they often neglect their security or rely on older consumer security software for protection. Money is always an issue, and sometimes the budget doesn’t allow for an expensive security package.
Just recently, our free, cloud-managed security solution, Avast for Business, passed a milestone – more than 1 million endpoints protected in less than a year. From our relationship with IT admins in sectors as diverse as Education, Non-profits, Retail, IT consulting firms, and SMBs, we have learned that many organizations lack in-house expertise or resources to install costly and complex security solutions.
Since the launch of Avast for Business, a free, cloud-managed security solution, in February 2015, organizations worldwide have deployed it to protect more than one million PCs, Macs, and servers from cyberattacks and data breaches.
Avast for Business is successful across diverse sectors
Avast for Business is extremely popular with Education, Non-profits, Retail, Healthcare, IT consulting firms, and small business because many organizations lack the IT resources to install costly and complex security solutions. Avast for Business is easily scalable and managed from anywhere. Additionally, Avast for Business starts at a price everyone can afford: Free, making it a natural fit for organizations worldwide.
Education IT admins value easy deployment, management, and the free cost
The sector that has embraced Avast for Business whole-heartedly is Education. IT administrators from universities, school districts, private and charter schools, libraries, and museums all tell us that ease of deployment and management is at the top of their security solution wish list. The fact that it’s also free makes it an easy decision.
After January 12th, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates.
People using Internet Explorer 8, 9, and 10 will no longer receive security or technical updates after Tuesday, January 12th. This means that the older versions of Internet Explorer can be exploited by hackers which puts your computer and your data at risk. One last patch will be released January 12th with a reminder to upgrade your browser. If you do not upgrade to Internet Explorer 11, you will begin to receive “End of Life” upgrade notifications urging you to make the switch to Internet Explorer 11. Windows 10 and Windows 8.1 users should upgrade to Internet Explorer 11. Windows 7 users with Internet Explorer 9 or 10 should upgrade to Internet Explorer 11.
Choose a different browser
If you want to stay with a Microsoft product, then you also have the option to switch to Microsoft Edge, their latest, most modern browser, but you must also be using Windows 10.
This is a good opportunity to try another browser like Google Chrome, Firefox, or Opera. We recommend Google Chrome as an alternative to Internet Explorer because of its security features and automatic updates.
There are plenty of alternative browsers to switch to as well; those that specialize in gaming, privacy, media consumption, and other things. Check out this listing of 10 obscure, highly specialized browsers from PCWorld.
Android Mediaserver vulnerability looks similar to the Stagefright bug.
Android owners may recall the Stagefright bug, the “worst ever Android vulnerability yet discovered”. That malware exposed a billion (that’s nearly every) Android device on the face of the earth to malware.
The latest critical bug has similarities to Stagefright, but exists in Android’s mediaserver. Google warns that an attacker could use the bug to remotely run malware hidden in video or audio.
In an announcement published in the Nexus Security Bulletin for January, Google said it has fixed 12 vulnerabilities affecting Android versions 4.4.4 to 6.0.1. Five are rated as critical security bugs. Partners were notified about and provided updates for the issues on December 7, 2015 or earlier, said the post.
“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.”
How to protect yourself from the Android bug
For nearly 10 years, AT&T has been bringing an annual developer conference to their partners and collaborators. This year, they creatively chose to combine their conference with a hackathon in order to encourage the participation of budding developers and to support young talent in achieving career-related goals.
This year’s conference and hackathon, which took place on January 2-5 in Las Vegas, Nevada, was packed with an array of topics split into six main sessions: devices and wearables, IoT, real-time communications, video, network advances and the connected home.
I’ve put together several of the sessions that stood out to me as especially relevant to the evolution of today’s technology.
The Internet of Things (IoT) join together physical devices that we use every day with information technology.
Using internet-connected devices expands our ability to control and monitor in the real world. The IoT is literally changing our lives.
The Internet of Things has the potential to fundamentally shift the way we interact with our surroundings. The ability to monitor and manage objects in the physical world electronically makes it possible to bring data-driven decision making to new realms of human activity – to optimize the performance of systems and processes, save time for people and businesses, and improve quality of life.” ~ McKinsey Global Institute study
The potential economic impact of the IoT is astounding – as much as $11.1 trillion per year by 2025 for IoT applications, projected by the same study.
But is there a downside?
Yesterday, we walked you through a set of our 2016 predictions in regards to home router security, wearables and the Internet of Things. In addition to these important topics, mobile threats are not something that should be ignored as we move into 2016.
“Most people don’t realize that mobile platforms are not really all that safer or immune from attack then desktop platforms,” said Ondřej Vlček, COO of Avast. “Most people use mobile devices in a more naive way then they use a PC because they just don’t understand that this is a full blown computer that requires caution.”
Hackers have done their homework to prepare for the new year
Over the course of this year, we’ve seen a list of notable mobile threats that jeopardized the privacy and security of individuals. Our own mobile malware analyst, Nikolaos Chrysaidos, has a few ideas about several issues that could crop up in the new year:
Your home and the devices in it will be a viable target for cybercrooks in 2016.
Back in the good ol’ days of the early 2000s until just a few years ago, all we had to be concerned about was security on our desktop computers and laptop. In the intervening years, mobile devices have become so ubiquitous that hackers have turned their sights on them, especially Android devices.
But starting in 2015, everyone began to realize just how close to home cybersecurity really is. Home networks are the new gateway, and 2016 will be the year that vulnerabilities in the Internet of Things (IoT) and wearable devices combined with weak home router security will lead to personal attacks.
The weak link is your home router
“The security situation with home routers is actually pretty bad,” Ondrej Vlcek, COO of Avast told Fast Company. “Most of the companies do a relatively good job of . . . patching the vulnerabilities, but the problem is that no one updates the firmware in the routers. The user doesn’t at all, and usually the ISP doesn’t either.” He added that we saw the most attacks on routers by far in 2015.
“Right now, attackers are targeting routers en masse,” said Pavel Sramek, an Avast Virus Lab research analyst. “It’s highly probable that they’ll expand their target list to network-attached storage and “smart” TVs as well, since the security aspect of these devices has been almost completely neglected by their manufacturers so far.”
“Many of the companies and engineers don’t really think about security,” says Vlcek. Data, for example, is often transmitted without any encryption, making it easy to steal or fiddle with.
Since this is the time of year to look forward, I asked several of our Avast Virus Lab research analysts about what to expect in 2016 for home networks, wearable devices, and all the gadgets that make up the Internet of Things.
Back in May, I pulled my new copy of Entertainment Weekly out of the mailbox and flipped through it quickly, as I usually do before sitting down to read the whole thing. An article about an unusual premier of a new TV show called Mr. Robot caught my eye. The cyberthriller’s pilot episode was set to make its debut online and through alternative viewing services like Xfinity On Demand, iTunes, Amazon Instant Video, XBOX, and Google Play almost a month earlier than its USA Network television debut on June 24.
The next Monday morning, I shared the news about the show with my colleagues, and we all vowed to watch the new drama about a cybersecurity expert who joins an underground hacker group, as soon as we could. We hoped it would be a more realistic version of the security issues we face today than CSI: Cyber or any number of Hollywood movies. We even contemplated having a weekly viewing party with Avast Virus Lab researchers and getting their comments live, a la Mystery Science Theater 3000, if the show was good.
A twist in the plot
The very next day after the initial discussion, one of my colleagues, and regular blog writer, Stefanie Smith, received an email from a Mr. Robot production staff member asking if we would be interested in having an Avast antivirus product make an appearance on one of the upcoming episodes. At the time, a few weeks before the pilot episode even aired, this was a difficult call – but our decision to be a part of the show, even for a brief moment, proved to be the right one.
Mr. Robot has consistently been named one of 2015’s best TV shows, and it received Golden Globe nominations for Best Series, Best Actor for Rami Malek, and Best Supporting Actor for Christian Slater.
We didn’t watch it together with the Virus Lab guys, but every week after the show, we got their expert opinions about the hacks depicted on Mr. Robot. Here’s some of our favorite moments from season one: