This Internet Thing of Ours

This Internet Thing of Ours

Recently, Symantec Corporation, whom we all know as the folks who build counterattack and virus protection software, released a study regarding cyber-attacks, and in their report they state that “we have only seen the tip of the iceberg” according to Property Casualty 360.

The report discloses that Cyber Crime is growing rapidly, mostly because of the discovery by hackers of “The Internet of Things”, which is defined by Wikipedia as:

The Internet of Things (IoT) refers to uniquely identifiable objects and their virtual representations in an Internet-like structure. The term Internet of Things was proposed by Kevin Ashton in 1999 though the concept has been discussed since at least 1991. The concept of the Internet of Things first became popular through the Auto-ID Center at MIT and related market analysis publications. Radio-frequency identification (RFID) was seen as a prerequisite for the Internet of Things in the early days. If all objects and people in daily life were equipped with identifiers, they could be managed and inventoried by computers. Besides using RFID, the tagging of things may be achieved through such technologies as near field communication, barcodes, QR codes and digital watermarking.

Equipping all objects in the world with minuscule identifying devices or machine-readable identifiers could transform daily life. For instance, business may no longer run out of stock or generate waste products, as involved parties would know which products are required and consumed. A person’s ability to interact with objects could be altered remotely based on immediate or present needs, in accordance with existing end-user agreements. For example, such technology could enable much more powerful control of content creators and owners over their creations by better applying copyright restrictions and digital restrictions management, so a customer buying a Blu-ray disc containing a movie could choose to pay a high price and be able to watch the movie for a whole year, pay a moderate price and have the right to watch the movie for a week, or pay a low fee every time she or he watches the movie.

According to Gartner there will be nearly 26 billion devices on the Internet of Things by 2020. According to ABI Research more than 30 billion devices will be wirelessly connected to the Internet of Things (Internet of Everything) by 2020. Cisco created a dynamic “connections counter” to track the estimated number of connected things from July 2013 until July 2020 (methodology included). This concept, where devices connect to the internet/web via low-power radio, is the most active research area in IoT. The low power radios do not need to use Wi-Fi or Bluetooth. Lower power and lower cost alternatives are being explored under the category of Chirp Networks.

As a result, breaches have not only become more common and prevalent, but also much larger than some that we have seen beforehand or even spoke about in my previous column. With the growth of mobile technology usage, hackers have found ways to infiltrate the Internet of Things and not only captured personal information data, but also hold it hostage in what is known as “ransom ware”.

This annual report, known as the Internet Security Threat Report (ISTR), is compiled from over forty one million means of detecting hackers, and spans over 157 countries. Since Symantic began detecting viruses twenty years ago, they have identified over 60,000 weaknesses from 19,000 retailers.

These breaches in cybercrime are attributed to a number of reasons, including our own fault via social media carelessness, which is even more heightened by mobile devices and the “Internet of Things” that we may not even realize are transmitting data in cyberspace such as our cars, appliances, and even medical devices. This gives a whole new meaning to the phrase. “If that toaster could talk…!” and “I’ve fallen and I can’t get up….but you probably already know that!”

Once again, per Property Casualty 360, below are the top seven trends that Symantec has identified in its report:

1. 2013 was year of the mega breach. Total number of breaches was 62% greater than 2012, with 253 total breaches. Eight breaches each compromised more than 10 million identities. In comparison, in 2012, only one breach exposed more than 10 billion, and in 2011, only 5 were that size. More than 552 million identities were breached in 2013, putting credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, email addresses, logins, passwords and other personal information into the criminal underground.

Read related: Worldwide Cyber Breach Puts Information of Millions at Risk

2. Targeted attacks grow and evolve. Far from being dead, phishing is on the rise: the number of spear-phishing campaigns increased 91% in 2013, with campaigns running longer. Industries most at risk were mining, governments and manufacturing, with odds of being attack 1 in 2.7, 1 in 3.1 and 1 in 3.2, respectively.

3. Zero-day vulnerabilities and unpatched websites facilitated “watering-hole” attacks. Symantec uncovered 23 zero-day vulnerabilities (software holes unknown to the vendor) in 2013, a 61% increase over 2012. And even though the top five of these were patched on average within four days, Symantec detected more than 174,000 attacks within 30 days of the vulnerabilities being known. Legitimate websites with poor patch management practices are vulnerable to watering- hole attacks—so called because hackers target these websites to place malware and entrap victims. The Symantec report found that 77% of legitimate websites had exploitable vulnerabilities and 1 in 8 of all websites had a critical vulnerability.

4. The rise of ransomware. Ransomware scams—where the attacker pretends to be law enforcement and demands a fake fine of between $100 and $500—first appeared in 2012 and rapidly escalated, growing by 500% over 2013. Criminals have now dispensed with the law-enforcement pretense and simply demand money. The most prominent of these scams is Cryptolocker, which encrypts user files and demands a ransom for unencryption. With the ubiquity of online payment methods, this method of extortion is expected to grow in 2014 and small businesses and consumers are at highest risk.

5. Mobile is the new market for social media scams and malware. The ongoing increase of mobile devices is opening up a new frontier for fraud. Symantec’s Norton Report indicates that 38% of mobile users had experienced mobile cybercrime. And although lost or stolen devices are still the biggest risk, increased use of sensitive data on mobile devices is upping the ante: 52% of mobile users store sensitive files online, with 24% storing work and personal information in the same online storage accounts, and 21% share logins and passwords with families, putting both their personal data and their employers’ data at risk. And only 50% of these users take even basic security precautions.

Read related: Top 10 “Shadow IT” Apps Downloaded by Employees—and the Risks Involved

6. Social media behavior: dumb and dumber. Social media sites are awash with risk. Fake offers such as free cell phone minutes accounted for the largest number attacks on Facebook users in 2013: 81% in 2013 compared to 56% in 2012. And although 12% of social media users say someone has hacked into their social network account, a quarter of them still share passwords with others and connect with people they don’t know.

7. Attackers are turning to the Internet of Things (IoT). With the Internet seeping into everyday devices, more opportunities are opening up for scammers. Baby monitors, security cameras and routers, smart televisions, cars and medical equipment were hacked in 2013. A bigger concern is attacks against consumer routers by computer worms like Linux.Darlloz. Controlling these devices can push victims to fake websites, usually to steal financial information.

The report also indicated some recommendations for best practices for business, such as:

• Emphasize multiple, overlapping, and mutually supportive defensive systems, including regularly updated firewalls and gateway antivirus, intrusion detection or protective systems.

• Regularly monitor for network incursion attempts, vulnerabilities and brand abuse.

• Install the latest versions of endpoint antivirus software.

• Be aggressive in updating and patching.

• Ensure regular backups are available.

• Ensure you have infection and incident response procedures in place.

• Educate users on basic security protocols.

Spring Fling is not only for college kids, but also for us regulars on the insurance convention world tours…with this month’s bus stop being Buffalo I Day…commonly referred to as the “largest one day insurance conference in the world”!

The Insurance Club of Buffalo hosted its 61st annual Buffalo I Day on Thursday April 3rd, boasting 123 Exhibitors and close to 1,400 attendees once again making the event another huge success! As always, we were not disappointed by this year’s keynote speaker, who was introduced by Stuart Green, president of the Insurance Club, who appeared on stage wearing competition speed skates— apropos for the speaker who was none other than Olympic Champion Apolo Ohno!

In a most inspiring speech, Apolo spoke of the determination and dedication that it takes to become an Olympic gold medal winner.

The program’s afternoon session, titled “Fun & Feud”, included a presentation, and a sampling, of products from John Russo, owner of “Craft Brewery”, Hamburg Brewing Co. There was also a Family Feud style game which included willing insurance colleagues, as they tried to match wits. Followed by a reception and cocktail party, everyone who participated certainly enjoyed a terrific day of networking! Congratulations to the entire Buffalo I Day committee, including my friend Tony Kubera, for another very successful event! If you have never attended this show, make plans for next year’s!

Speaking of champions, I have the pleasure of chairing the committee responsible for the Professional Insurance Agents of New York’s Long Island conference, and it will truly be my honor to introduce hockey great Bobby Nystrom as our keynote speaker on Thursday, May 1st at Crest Hollow Country Club in beautiful downtown Woodbury, NY.

Although I spent many a “misspent youth’s” night sitting in the blue seats at Madison Square Garden, yelling at Nystrom (along with 17,000 of my closest blue-shirt fans) for all of the goals that he scored against my NY Rangers, Bob will surely be an exciting speaker (and he’s a great guy, too!) as he talks about what it takes to be a champion in anything that you do in life.

Well, until we chat again in two weeks, Ciao for now!