It is not looking good for good old fashioned human beings out in the wide world of security, if the Internet Security Threat Report from Symantec, covering the last year in cybersecurity, is to be believed.
In 2014, retailers like Target and Home Depot, insurance companies like Anthem, and plenty more places besides were the victim of massive data breaches that saw credit card numbers and personal records stolen and sold on the web’s black markets.
The report indicates things aren’t going to get better. In 2014, it took hackers only four hours to go from finding out about the Heartbleed vulnerability to exploiting it for data theft at websites all over the web.
A million new pieces of malware — harmful software like viruses, password loggers, and other stuff you don’t want — are released into the wild every day. Plus, hackers have gotten sophisticated at pretending to be, say, a local police station or a coworker in order to get a password or network access out of a mark.
Meanwhile, the companies that have to defend themselves from ever-more-resourceful hackers take hours, days, and weeks to patch up the holes in their systems. That’s not changing.
“Clearly, we’re not taking care of business,” says Symantec Security Response Director Kevin Haley on the technology industry’s continual failure to protect against breaches.
It’s looking bad. Real bad.
Symantec convened a panel of cybersecurity experts to discuss the report’s findings. In no particular order, here are the reasons I am terrified, thanks to Symantec:
- Your personal data can get hacked as part of a massive effort — data thieves don’t have to be aiming for you; you just have to be in the system. “They’re not hacking you, they’re hacking everybody,” says author and ex-cop Marc Goodman.
- It’s not that hard for would-be hackers to get started. There are online hangouts for interested people to learn how to break into computer networks, and the risks of getting caught are basically nil. “It’s a confidence game, and confidence is high,” says RAND Corporation researcher Lillian Ablon.
- Often, it’s not even people who are conducting the actual attack. Automated systems can scan scores of networks and break in if they detect a weakness, funelling the spoils to the person who started the bot. “Human beings are increasingly being taken out of the loop,” says Goodman.
- The Internet of Things, the inelegant name for smart devices like light bulbs, thermostats, appliances, and whatever else, is super insecure. The panel swapped horror stories on how government agency networks have been brought to their knees by an unsecured networked thermostat, although when we pressed for details we were told they couldn’t share them because of an ongoing investigation. “It’s all hackable,” says Goodman.
- Credit card numbers aren’t the worst thing a hacker can steal. After all, you can cancel a credit card, but if a hacker gets your health records, they can file claims against your health insurance company to the tune of tens of thousands of dollars. “It’s people who are suffering and paying out of pocket to get that cleared up,” says Goodman.
- Ransom is the surest way for hackers to make money. Right now, if they get onto a corporate network, they often encrypt every file the victim has, only giving access back if they pay up. Thanks to the coming Internet of Things, they could hold everything from connected cars to home appliances to fridges hostage.
- That also means that hackers have the potential to do things like threaten to turn off pacemakers or alter your medical records so, for example, the surgeon cuts into the wrong leg. “There’s this other huge risk which is the integrity of our data, the manipulation of this data,” says Symantec’s Robert J. Shaker II, Sr.
All of this adds up to a long list of reasons why I think we’d be better off living in a cabin in the woods and keeping all of our money in our mattresses.
Alternatively, you might remember that Symantec is in the business of selling solutions to these many problems.
So take a deep breath, remember to follow some best practices like changing your passwords periodically, don’t open attachments from strangers or download software from sketchy places, and keep your fingers crossed that the many companies storing your personal data on their servers are staying a step ahead of the hackers.