New and innovative solutions are needed to thwart the increased threats to computer security amid the explosive growth of mobile devices, according to a panel of cyber security and IT experts.
They spoke at a New Jersey Technology Council event called “What’s Next in Mobile Security/Personal Identification,” on April 14 at Juniper Networks, in Bridgewater.
The panelists discussed the impact of more businesses and consumers using smartphones, tablets and other mobile devices for transactions and other activities, as well as the various methods to protect against attacks on computer systems, which have risen due to the proliferation of these devices.
While going mobile is the reality of today and the wave of the future, it is very difficult to give people everything they seek in mobile devices without sacrificing security, the panel noted.
“The biggest challenge is to provide functionality, mobility, performance, access and security without making it impossible to use,” said Michael Abboud, CEO of TetherView, in Oceanport.
BYOD Still a Problem
Demand for improved security technology for mobile devices is expected to grow in lockstep with the rising trend of businesses allowing employees to use their own devices, a practice commonly known as BYOD, or “bring your own device.” According to a report from International Data Corporation (IDC), worldwide shipments of smartphones will reach 480 million this year, with 65 percent being used in BYOD environments.
BYOD can also create potential security threats for a company’s networks. According to a SANS Institute Research survey, more than 50 percent of organizations rely on their employees to protect their personal mobile devices.
Businesses Subject to Fines if They Lose Personal Identification Info
During the discussion, Abboud noted that businesses are especially vulnerable to potential security threats to their computer systems, and that the repercussions can be severe. He cited an example of the SEC slapping a $75,000 fine on a St. Louis-based investment advisory firm for an external attack on its computer network. The attack, which was eventually traced to China, had compromised the personal information of 100,000 people, including thousands of the firm’s clients.
Abboud said that the investment firm’s hacking troubles should serve as a wake-up call for other businesses that haven’t taken the appropriate steps to implement cyber security measures. “Almost every business faces monetary penalties if a [security] breach is not handled properly.”
An Increase in Phishing
Along with the exponential growth in mobile device use, it’s also getting easier to go online and steal someone’s personal information and other sensitive data.
Another panel member, Scott Schober, a wireless security expert and CEO of Berkeley Varitronics Systems (Metuchen), said that phishing — a method of online identity theft — is becoming more prevalent because the software used to infect computers is easily accessible on the Internet, especially at darknet websites, a collection of underground websites that allow people to engage in illegal activities.
These sites, often referred to collectively as the “Dark Web,” enable criminals to buy low-cost tool kits to create sophisticated phishing scams. “The cost of entry for this criminal activity is low,” he said.
According to Schober, there are 156 million phishing emails sent daily worldwide, with an estimated 80,000 people clicking on these emails.
Don’t Pay to be Released from Ransomware
Among the cyber security threats that have warranted a lot of attention are the malicious ransomware viruses, which restrict access to computer systems and demand that users pay the hackers high fees to remove the restriction. Schober warned that users should avoid paying ransomware demands, or they will continue to be victims of this scam.
“Once you pay the ransom, your name goes down in the Dark Web, where you are labeled a ‘sucker,’” he said.
Passwords are the Weakest Link
Many of the experts on the panel agreed that improvements need to be made in online identity authentication methods, in order to help minimize cyber security attacks.
They said that passwords can no longer serve as the only deterrent against security breaches because they are very susceptible to hacking. “Passwords are the weakest link in the chain,” said Adnan Qadeer, CEO and cofounder of Allweb Technologies, in Bridgewater.
Qadeer said that new identity authentication tools are needed to prevent online criminal activity. For example, fingerprint sensors are being used by banks in Brazil and in some Asian countries to replace debit cards at ATM machines, and the healthcare sector is using other methods to improve the privacy and security of medical records and drug prescriptions.
Free-form Multi-touch Gesture Technology
Free-form multi-touch gesture technology is another identity authentication tool that is gaining recognition as a way to improve security for mobile devices. This method allows people to use a finger or fingers to draw shapes or letters on touch screens to unlock their mobile devices. Proponents of this technology claim that it’s faster and easier to use than typing in a password.
“Drawing is more natural and intuitive on the touch screen than typing,” said Yulong Yang, a computer science Ph.D. candidate at Rutgers University.