We've been writing a lot about security threats against cloud services and mobile devices of late, not because the threats are new, but because a lot of apathy abounds.
The latest headline comes by way of Dhillon Andrew Kannabhiran, host and organizer of the Hack In The Box (HITB) security conference in Kuala Lumpur, Malaysia. In an interview with Dan Nystedt of the IDG News Service, he warned that a new era of computing is at hand and that botnet herders and malware writers of the world are ready to pounce. [See: Hackers Plan to Clobber the Cloud, Spy on BlackBerries.]
"The focus [of security] is definitely moving towards 'the cloud' and to the security of embedded devices (Android, iPhone) to more advanced client-side attacks which leverage on Web 2.0 technologies, such as attacks on Facebook, Twitter and other popular sites," he said.
He's right, and too few users are taking notice.
Security warnings surrounding wireless and mobile technology and cloud services have been repeated frequently in the last couple years. But up until recently, the types of attacks experts described have been theoretical. One of the more popular debates surrounding what could be centered around whether President Obama should be forced to relinquish his BlackBerry in the name of national security.
FOR A LOOK BACK AT THE OBAMA/BLACKBERRY DEBATE, SEE:
- Opinion: Obama's BlackBerry No Security Threat
- West Wing BlackBerry Security: Possible or Pipe Dream?
- Obama's BlackBerry Prompts Interest in Mobile Voice Encryption
- Podcast: Former Bush Deputy Chief of Staff Joe Hagin on Why Mobile Tech is GOOD for West Wing Security
There have only been sporadic reports of attacks against BlackBerry or iPhone devices. As for the cloud, many of those who use cloud services still have little understanding of what they're dealing with.
FOR MORE ON CLOUD SECURITY, SEE OUR ONGOING SERIES:
- 5 Mistakes a Security Vendor Made in the Cloud
- Defining Cloud Security: Six Perspectives
- Cloud Security: Danger (and Opportunity) Ahead
- Cloud Security: Time to Smoke Another One?
- Podcast: Why IT Security Pros Have Their Heads in the Clouds
- Forrester: A Close Look At Cloud Computing Security Issues
- Winkler: The Real Problems With Cloud Computing
But the fact of the matter is that most of us now have a BlackBerry or iPhone, and we're not afraid to use them. We're also increasingly dependent on cloud-based services. I admit I can't live without my BlackBerry nearby, and I rely on quite a few Google apps. Neither was the case for me just a couple years ago. My 8-year-old son recently asked, in all seriousness, if I check my Blackberry during a shower.
This being the case, attacks will hit home in the near future. In a year, perhaps, we'll be reading about BlackBerry flaws and attack code the same way we see the constant headlines today about the latest flaw in Internet Explorer, Firefox or some other Windows program. People who use the cloud, mobile devices or both to do their banking will suffer at the hands of a hacker eventually.
That doesn't mean we stop using the technology. Heck, it would be silly to even suggest we could turn back if we wanted to (which we don't). As addictive as these things can be (Crackberries, anyone?) they allow us to be more productive while even lowering the stress level for some of us. Having access to e-mail on the go means I no longer have to worry about digging out from a mountain of e-mails that used to accumulate when I was on business travel.
But it is time we grew wiser to the security aspect. To that end, the advice of industry experts is the same as it ever was: Avoid websites that are unfamiliar and pitch questionable content such as pornography and stock market schemes. If a link arrives by way of your Facebook and Twitter Blackberry apps, don't click on them without making sure it's from a trusted source. The same with old-fashioned e-mail.
Companies don't have to break the bank to protect users from this dangerous new world. Simple awareness training can go a long way.
Bill Brenner is Senior Editor of CSOonline and CSO magazine. He can be reached at firstname.lastname@example.org and is also on Twitter at BillBrenner70.