“When you look at security, you have to look at people.” That is the message Robert Andrews, chief information security officer and cofounder of Mainstream Security
, delivered during his keynote address, “Security Trends—Looking to Future Threats,” on Aug. 5 at SHARE in Pittsburgh
. Andrews says end-user awareness training is important for protection.
Andrews is also the lead network intrusion and forensics course developer and instructor at the Network Computer Forensics Institute (NCFI) in Hoover, Alabama. At the NCFI, he trains law enforcement officials from all jurisdictions across the U.S. He has also provided this training to U.S. Secret Service agents and the Royal Military Police.
Knowing what companies and users can expect will help in prevention and to help avoid a security threat. And with content-rich websites and always-on devices, the chance for attacks or security lapses increases.
Botnet groups are fighting turf wars and creating copycat behavior as attacks are proven. Because of this, distributed denial-of-service attacks are on the rise. As Web-based attacks increase in sophistication and prevalence, we can expect a greater volume of:
- Spam and other email-based attacks
- Attacks on social networks via unsafe links, often using keywords and hashtags from trending and timely events
- Smartphone attacks, including the Windows phones and iPhones
- Attacks to new frontier devices, such as smart TVs, which are often connected online and potentially not updated often
- Malvertising, where groups or people spend money to corrupt a banner ad to get clicks or money
- Fake anti-virus that may have a legitimate-looking pop-up box that, when clicked, will install on the device
The key to protecting ourselves is end-user awareness, Andrews says.
“There are so many things we can find out about you on Facebook” and other places online, he says. This offers information on targeted attacks or possible passwords. The number one thing attackers want is your email information, username and password, Andrews warns.
To keep devices safe, Andrews suggests fixing the people and the technology.
His tips to fix people include:
- End-user awareness training
- Keeping devices updated
- Not jailbreaking or rooting a phone, which makes it less secure and more susceptible to attacks
- Not loading unnecessary programs or applications or anything from an unknown source
His tips to fix the technology include:
- Running security and antivirus software
- Control what applications and features are being used
- Installing enterprise-level software for policy control
- Scanning attachments
- Using strong passwords
And Andrews says antivirus software is important “to keep after the simple, low-hanging fruit” to focus on keeping the larger problems away.
Valerie Dennis is site editor of Destinationz.org.