By the end of last year complex spying malware arrived via an USB stick to the work computer of the unit head in the Department for European Policy, where virus-scanning software picked it up. How could this happen? After all, comprehensive security technology should have prevented such an event.
Later it turned out that a staff member who works in close contact with German Chancellor Angela Merkel used a private USB stick and a private computer to work on a speech, which made it easy for the malware to access the memory stick. When the employee plugged the USB device in at work the virus alert went off and it was detected that the USB stick was infected with the spying software Regin.
The German Chancellery was at the edge of getting hacked last year
Coincidence? Hard to say, but the Department for European Policy either got hacked on purpose or even worse just randomly. Despite of strong security precautions the unwariness of one person risked the hack of the whole department.
Why does security matter?
Internet of Things (IoT), Smart Home, Smart Grid, Social Media, Car-to-Car (C2C) Communication, Industry 4.0 – the connection of nearly all kinds of devices and aspects of our lives enables us to simplify and enhance how we live, work and communicate. At the same time every connection is a potential threat as it is a possible entrance point for hackers.
In cases like the hack of the Apple iCloud accounts of celebrities last year as well as the hack of Sony before releasing the controversial movie “The Interview” hackers caused real damage. There are tons of different kinds of cyber-criminals with basic skills hacking accounts using cameras e.g. in Internet cafés to the ones using sophisticated methods combining soft- and hardware manipulation to access systems and data centers. Additionally, there are thousands of hackers who are not criminal but do work for companies and governments. Looking back at the chaos caused by Edward Snowden’s leak of the NSA’s classified surveillance programs we can see why data protection is an important matter in the 21st century.
Security and protection are getting more and more important due to the increasing number of connected devices
You probably know all that. So here is a question: what are you doing about it in your private and/or professional live? Most of us will answer “…not much, but I never got hacked”.
The broad public tends to complain about the misuse of their private data for advertisement and product offerings. At the same time a lot of people do not actively secure their devices and accounts with strong passwords, nor do they update and check their security settings on a regular basis.
How can we secure devices and services?
There are two challenges we have to overcome in order to secure the IoT and cloud services. First security has to become “sexy”. Features like Bluetooth, WiFi, touchscreen, great camera, huge internal memory… all attractive things, helping to sell a device. Strong security features usually do not make the list. Therefore, in order to be able to sell devices and services with good protection and advanced precautions it is vitally important to create awareness for the need of security and to make people actually want these features – even at a higher retail price.
Security has to be more appealing to justify higher costs
In a second step the technical adjustments have to be implemented. We can categorise them into 3 levels: data encryption, authentication and data integrity.
Data encryption uses key algorithms to encrypt and decrypt electronic data.
Authentication describes the process of determining whether someone or something is in fact who or what it declared to be.
Data integrity refers to the validity of data, meaning that the data is correct or in other words that the data was not changed or accessed on its way from sender to receiver.
Data Encryption is the first step towards a secure application
There is “no-one-fits-all” solution
Security measures can be based on hard- or software or on a combination of both. There are a lot of different solutions and ways to secure a system. The precautions that are taken have to be balanced with the need for protection. Securing your personal phone is important but you would probably not pay more than 10% of the retail price for security, as your data might not be worth that much. This may be different if the smartphone is your business device. On the other hand you also want to think about of how much value your data would be in the hands of a third person. There is no need to apply expensive security technology to a device or service, which is worth nothing in the hands of others. The same applies the other way around – you should not fear expenses for data protection if your files are important and of high value.
State-of-the-Art security needs hardware and software protection
As we tend to use services and devices both for business and private applications it is important to create flexible and adaptable security solutions. It is always an advantage to provide identification and access methods which are easy to use and do not require more than a few seconds (like said before: most of us are a little lazy when it comes to security and passwords).
To stay up to date we created this “Security Blog” category, which we will fill with posts on how data encryption, authentication and data integrity can be ensured with modern technology and with happenings around the topic.
For more information you can also look at our EBV Identification Segment Microsite, which is packed with products, services and information on security technology and read our free magazine “The Quintessence of Cyber Security“.