Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Eddy Willems Interview: Smart Security and the “Internet of Trouble”

$
0
0

Forthis week’s guest article , Luis Corrons, director of PandaLabs, spoke with Eddy Willems, Security Evangelist at G Data Software AG, about security in the age of the Internet of Things.

Luis Corrons : Over the course of your more than two decades in the world of computer security, you’ve achieved such milestones as being the cofounder of EICAR, working with security forces and major security agencies, writing the entry on viruses in the encyclopedia Encarta, publishing a book, among other things. What dreams do you still have left to accomplish?

Eddy Willems: My main goal from the beginning has always been to help make the (digital) world a safer and better place. That job is not finished yet. To be able to reach a wide public, from beginners to more experienced internet users, I wrote my book ‘Cybergevaar’ (Dutch for Cyberdanger) originally in my native language. After that it has been translated into German. But for it to have a maximum effect, I really want it to be published in the most widely spoken languages in the world like English, Spanish or even Chinese. That really is a dream I still want to accomplish. It would be nice if we could make the world a little bit safer and at the same time make life a little bit harder for cyber criminals with the help of this book.

Another ambition that fits into my dream of making the world a safer place, is to get rid of bad tests and increase the quality of tests of security products. Correct tests are very important for the users but also for the vendors who create the products. Correct tests will finally lead to improved and better security products and by that finally to a safer world. That’s the reason why I am also involved in AMTSO (Anti Malware Testing Standards Organization) . There is still a lot to do in that area.

LC: Since the beginning of 2010 you’ve been working as a Security Evangelist for the security company G Data Software AG. How would you define your position and what are your responsibilities?

EW:In my position as Security Evangelist at G DATA, I’m forming the link between technical complexity and the average Joe. I am responsible for a clear communication to the security community, press, law enforcement, distributors, resellers and end users. This means, amongst other things that I am responsible for organizing trainings about malware and security, speaking at conferences and consulting associations and companies. Another huge chunk of my work is giving interviews to the press. The public I reach with my efforts is very diverse: it ranges from 12 year olds to 92 year olds, from first time computer users to IT security law makers.

LC: Data that’s been collected over the years leads us to conclude that 18% of companies have suffered malware infections from social networks . What measures can be taken to avoid this? Are social networks really one of the main entry points for malware in companies?


Eddy Willems Interview: Smart Security and the “Internet of Trouble”
Eddy Willems

EW:Social networks are only one vector of many infections mechanisms we see these days. Of course we can’t deny that social networks are still responsible for even some recent infections: end of November a Locky Ransomware variant was widely spread via Facebook Messenger. But still Facebook, Google, LinkedIn and others have some good protective measures in place to stop a lot of malware already. Surfing the web and spammed phishing or malware mails are still the main entry points for malware in companies. Delayed program and OS updating and patching and overly used administration rights on normal user computers inside companies are key to most security related problems.

LC: What do you believe to be the greatest security problem facing businesses on the Internet? Viruses, data theft, spam…?

The weak link is always an unaware or undertrained employee. The human factor, as I like to call it.

EW:The biggest security threat to businesses are targeted phishing mails to specific employees in the company. A professional, (in his native language) well-written created phishing mail in which the user is encouraged to open the mail and attachment or to click on a specific link, has been seen in a lot of big APT cases as the main entry point to the whole company. These days even a security expert can be tricked into opening such a mail.

Another great threat is data breaches. Most of those are unintentional mistakes made by employees. A lack of awareness and a lack of understanding of technologies and its inherent risks are at the base of this.

Both of these risks boil down to the same thing: the weak link is always an unaware or undertrained employee. The human factor, as I like to call it.

LC: Criminals are always looking to attack the greatest amount of victims possible, be it through the creation of new malware for Android terminals or through older versions that may be more exposed. Do cybercriminals see infecting old devices the same way as infecting new devices? Which is more lucrative?

EW:Android has become the number 2 OS platform for malware after MS windows. Our latest G DATA report saw an enormous increase in Android related malware in 2016. G DATA saw a new Android malware strain every 9 seconds. That says enough about the importance of the platform. Current analyses by G DATA experts show that drive-by infections are now being used by attackers to infect Android smartphones and tablets as well. Security holes in the Android operating system therefore pose an even more serious threat. The long periods until an update for Android reaches users‘ devices in particular can aggravate the problem further. One of the bigger issues is that lots of old Android devices will not receive any updates anymore, bringing the older devices down to the same level of (no) security as Windows XP machines. Cybercriminals will look to the old and new Android OS in the future. Malware for the old Android versions will be more for the masses, but malware for the new versions Android versions needs to be more cleverly created and are more lucrative if used for targeted attacks on business or governmental targets.

LC: In this age of technological revolution through which we are now living, new services are invented without giving a second thought to the possibility that it may be put to some ill-intentioned use, and are therefore left under-protected. Has the Internet of Things become the main challenge with regard to cybersecurity? Does the use of this technology conflict with user privacy?

EW:I wrote about the Internet of Things already a couple of years ago at the G DATA blog where I predicted that this platform would become one of the main challenges of cybersecurity. In my opinion IoT stands more or less for the Internet of Trouble. Security by design is dearly needed, but we’ve seen the opposite unfortunately in a lot of cases.

Besides Smart grids and Smart factories, Smart cities, Smart cars and Smart everything else, we will also need Smart security.

IoT is seriously affecting our privacy unfortunately. The amount of data IoT

Viewing all articles
Browse latest Browse all 12749

Trending Articles