At last count there were 117 separate apps on my iPhone. I’m actually a little surprised by this, only because if you asked me to name them I think I’d struggle to get to more than 25. Apps, as we know, are a big business, both for Apple and Google. Millions of us now carry around literally hundreds of apps with us everywhere we go. No wonder then that they are target for cyber crime.
Apple, rightly or wrongly, has quite a closed eco-system when it comes to checking the validity of the apps that appear on it’s App Store. Although not 100% it has provided a relatively secure and virus free mechanism to get software onto an iOS device. Sadly, the same cannot be said for those uiltising Android and the services of Google. A report from cyber security firm Proofpoint was circulating on many IT news sites this week revealing that Android users willingly downloaded over two billion malicious mobile applications last year. The ‘Human Factor Report’ that is published annually by Proofpoint looks at the latest cyber security trends cyber across email, social media and mobile apps.
The findings and comments are extensive, but a couple of key points grabbed my attention. Firstly, it stated “dangerous mobile apps from rogue marketplaces affect two out of five enterprises” that statement in itself should have IT managers deeply troubled. We all know that one app, on one phone, is all that is needed to start a chain of events that can cause a cyber breach. The second point that caught my attention was that “2015 was the year machine exploits were overtaken by human exploitation”. It seems that the old methods of tricking individuals with malicious attachments is more effective then trying to trick machines. Humans are still the weakest link.
With my list of 117 apps, I do wonder how I came to ‘need’ them all. They were all downloaded in good faith and for some beneficial reason, of which I can’t recall. They are hogging storage space and are not all being used. Software has a tendency to start building up, be it apps, or even cyber security software. At some point you may need to rationalise what tools you have purchased – but how? NetworkWorld attempted to answer this question with a solid raft of suggestions on their website this week.
“Define Your Goal And Work Backwards” was their first recommendation, urging users to identify the desired end-state of their overall cyber security. Complementing that was “Admit Your Shortcomings”, have organisations over-invested or under-invested? Do they know the extent of their security capabilities? And are they faced with new regulations that require them to demonstrate competency? Just these first two suggestions are hugely beneficial and can bolster some serious in depth discussions on future cyber security strategies
There is no doubt about it, hackers are an adaptable breed. Constantly changing their approach in order to obtain greater benefit. I’m sure that greater minds than mine are studying with great interest their feedback loops and how they gain such healthy returns from their endeavors. More and more hackers are using social conditioning techniques that would put the most ardent therapist to shame as they extract more and more personal information out of their targets. Forbes discussed this in an excellent article on their website titled “Beware Of Social Media And Cybersecurity” where they explained how hackers can ‘recruit’ employees by learning enough about them from posts and tweets to craft authentic looking phishing emails to gain access to personal accounts or to enterprise passwords.
This modern taking on observing human behavior is fascinating, if you can for a second dispel their criminal motives, through carefully watching what people share, comment on, purchase, read, even in some cases places that they visit, they can craft a profile that enables them to exploit their victims. Isn’t this how advertising works? and we all ‘fall’ for that, even if we tell ourselves that it has no effect on is.
Maybe now is the time to rationalise all those apps, get rid of the ones that we don’t need, just focus on our ‘goals’ and work backwards. That does assume of course that the app in question is not malicious.
For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.