We are at war... cyber war!
Technology experts stress need for Internet security at BlackBerry conference
THE dangers posed to Internet security have been described as cyber war by some of the world's leading technology experts.
Bruce Schneier, an internationally renowned security technologist, said there has been a "cyber 9/11" going on for the last 10 years as even children have been known to carry out cyber attacks.
"We are increasingly seeing war-like conflicts with the use of technology," Schneier said in an address to the recent Be Mobile Conference, hosted by Canadian smartphone company, BlackBerry, in Miami Beach, Florida.
Schneier listed a number of costly attacks carried out by "cyber extortionists", including blackouts in Brazil and the recent security breach at the American store chain, Target, as he outlined the need for increased Internet security.
The conference, which was attended by more than 30 journalists from Latin America, with the Jamaica Observer as the sole participant from the Caribbean, took an in-depth look at mobile security trends, which BlackBerry said its large base of enterprise customers, including governments, across Latin America and the Caribbean need to understand.
BlackBerry, which has 90 per cent of the world's Fortune 500 companies across the globe using its secured enterprise servers, said it moves 35 petabytes of secured data through its infrastructure per month, which, it said, is more than any other vendor providing Internet security.
The company said, too, that there were already 33,000 companies testing or using its more secure BlackBerry 10 enterprise servers, even as it plans to roll out its BES12 server -- a new enterprise mobility solution that is application-enabled and unifies BES10 and BES5 to one platform.
According to Schneier, while in real wars enemies are known to use the same type of weaponry and tactics, in cyberspace sometimes the victims know neither the identity nor the location of their attackers, making it even more urgent for governments, companies and individuals to implement safeguards to protect themselves.
Asked if there was a need for more governments to sign extradition treaties to have cyber criminals face the courts in countries whose systems they attack, Schneier pointed out that while that could be a solution, more attacks were taking place in African, Asian, Eastern European and Middle East countries where there were no extradition treaties in place.
He cited Russia and China as countries from where some of the bigger cyber extortionists operate.
He said that while it was difficult to find attackers, laws in several countries made it tough for companies like BlackBerry -- which offers the best Internet security through its enterprise servers -- to operate, because of legislation which requires them to comply with court and gag orders.
The "bad laws" in some countries, he said, have given the right for governments to spy on citizens. "...It is like between a rock and a hard place," he said.
Schneier's concerns were shared by John Sileo, CEO of Sileo Group, a privacy and security firm that has the Pentagon, US Department of Homeland Security, and USA Today, among several other organisations as clients; Andrew Lippman, one of the founders of MIT Media Lab in the United States; Jay Gumbiner of IDC Latin America, a research organisation that manages diverse teams of hardware, software and service analysts spread throughout the region; and Alex Manea, manager of security services at BlackBerry.
Marco Lux, CEO of Curesec GmbH, an independent consultant for corporations, government events and NGOs; Juan Pablo Castro, director of De Innovacacion Technologica in Mexico; and Pablo Kulevicius, representative for BlackBerry Security Group in Latin America, also warned about the dangers associated with communication on the Internet and the need to have adequate security to protect data.
Sileo was emotional as he stressed the need for strong Internet security, having had his identity stolen twice before he became involved in technology security consultancy.
In one of the incidents his bank account was emptied by a fraudster who used his money to, among other things, buy a second home, defaulted on the loan after which he was called in by the bank. It was later discovered that the thief was his business partner.
In the other, Sileo's credit card information was stolen and sold on the Internet after he threw his statement in the garbage. It turned out that the woman who stole the information used the card to rack up huge bills, then declared bankruptcy.
These two incidents not only led to the collapse of his family business but to his arrest and a near two-year criminal trial to clear his name, costing him thousands of dollars in legal fees.
"If you don't look after your identity, someone else will. You are being watched, and the single reason is money. Data is as good as cash," he said, as he urged people to keep their mobile phones safe and have them protected by passwords. He warned, however, that people should use strong passwords, noting that 65 per cent of passwords in the United States are weak as persons use their birth dates or those of family members as well as addresses and names.
Sileo also urged mobile phone users to set up a remote tracking device which would allow them to wipe the device if it is lost or stolen. In addition, he said mobile phone users should be wary of the use of open Wi-Fi, as hackers at times set up these free hot spots to steal data from persons who log on. He also warned against the sharing of too much personal data on social media.
Castro, who noted that there were more smartphones than toothbrushes in the world, said technology has created a whole new world and so there was need for employees, like corporations, to share the responsibility for network security.
He said, too, that opportunities for cyber threats and data loss have increased, with more corporations now allowing their workers to take their own mobile devices to work and use on the companies' network. The downloading of apps, he said, can cause malware, and so companies have to ensure there is adequate security in place in order that workers who "bring their own devices" do not end up "bringing their own disasters".
Last Wednesday's announcement by eBay that hackers stole its database can strengthen the need for strong security by both corporations and individuals. The online auction site advised its customers to reset their passwords after hackers stole the names of customers, account passwords, e-mail addresses, physical addresses, phone numbers and birth dates.
Jeff Holleran, BlackBerry's senior director of enterprise product strategy, told the conference that the company was returning to its roots and has re-established its leadership in end-to-end enterprise mobility.
"Our foundation was built on security, enterprise mobility management [which] enable the workforce to securely communicate and interact with their devices and machines," said Holleran.
"Work data must be protected, and BlackBerry is the closest to offering a product that supports COPE (corporate owned personal enabled) devices," Holleran said, adding that companies need to ensure that servers are securely protected in order to prevent 'angry bird' from becoming 'snoopy bird'.
"Security is the foundation of what we do [and] no one in the market can match our security at each and every layer: secure hardware; secure OS (operating system); secure workspace/BES (BlackBerry Enterprise Server); secure infrastructure; secure messaging (eBBM); and secure microkernel (QNX)," said Holleran.
In stressing the need for companies to ensure the protection of data, he pointed out that in 2012 the average cost per data breach for a United States firm was US$5.4 million or US$194 per record, which, he warned, could jump with the rapid use of smartphones expected in the next few years.
When asked by the Observer if the US chain, Target, had sought to contract the services of BlackBerry after the company's multi-million dollar data was breached, Holleran declined to comment, offering only: "We don't discuss our customers."
In the meantime, he cited a 2013 survey showing that by 2016 there will be 752 million businesses using smartphones worldwide, with 273 million expected to be under mobile device management.
Another survey showed that in 2017 the worldwide market for mobile enterprise development platform software would be approximately US$4.8 billion, moving from US$938.6 million in 2012. Yet, another survey said the biggest perceived threats to mobile initiatives will be budgetary limitations (57 per cent) and failure to integrate with legacy systems (43 per cent).