The 2012/12/19 at 08:29
87 % of businesses are not adequately armed in the face of cyber-threats. This is one of the conclusions of a barometer whose findings were released on 6 December, at the annual symposium of the CDSE (Club des Directeurs de Sécurité des Entreprises or Club of Business Security Managers). 84 % of companies taking part in the survey declare that they have been victims of information theft. Even if it is not sensitive strategic data that is systematically at stake, these dangers seem to be on the rise, namely with the more frequent use of mobile devices lacking protection in the professional sphere. “The iOS or Android systems present on smartphones are comparable to fortified castles with cardboard drawbridges,” confides an expert from the DCRI (Direction Centrale du Renseignement Intérieur or French Central Directorate of Interior Intelligence). “The only difficulty – which is not really a difficulty – is in obtaining the password. Once this step has been cleared, all data is fully accessible.”
Source: France 24
Surcharged SMS messages are the most frequent malevolent acts. These involve voluntary or involuntary downloading by the user that can generate costs from 500 euros to several thousands of euros. A lack in precaution taken when accessing Wifi enhances the degree of risk. Smartphones often connect to non-secure terminals, constituting a real open door for authors of malevolent acts. The climate of risk threatening companies is reinforced by the take-off of BYOD (Bring Your Own Device) practices, which consist in importing one’s own mobile devices to the professional sphere, sometimes at the request of managers, and exporting data relating to the company to the outside world. In 2011, for the first time, tactile tablets sold in higher numbers than computers. This evolution speeds up a need to adopt the right reflexes concerning the circulation of professional data, especially sensitive data. In certain transatlantic companies, the office computer is in the process of being completely replaced by personal equipment.
Amongst the personal data kept on Internet, financial information is a focus of fear. A Harris Interactive survey carried out in winter 2012 on online trends and risks reveals that 60 % of users declare that their greatest fears are centred on the use of their financial data. There are also concerns about passwords giving access to online services. 58 % of the persons surveyed fear a leak or theft of such data by cybercriminals. In third place, fears concern emails and other personal documents, address books and various types of multimedia files. Cybernauts prove to still be reticent about online payments from smartphones or tablets. Only 3 % of them seem willing to pay this way without any particular misgivings.
Despite these fears, non-protected usage of Internet is massive. In spite of preoccupations regarding data security, a considerable number of users store information on mobile terminals. According to the Harris Interactive survey, 15 % of cybernauts use their tablets to make credit card purchases on Internet, transactions with electronic payment systems, or other financial operations. 12 % carry out the same activities on their mobile phones. Almost one-third of users entrust their personal information to their home computers or portable computers. The conclusions of the survey indicate that under one half of them (46 %) protect all of their equipment. Only 30 % take recourse to encrypting valuable information, while 32 % protect their documents with passwords. The CLUSIF (Club de la Sécurité de l’Information Français or French Information Security Club) points out that 50 % of cybernauts use no method to protect their smartphones.
“But be careful of contenting yourself with the market’s best-known forms of protection. Cyber-attackers are familiar with these and of course have learned to get around them,” warns Nicolas Ruff, Security Researcher at the EADS group. “Beyond the acquisition of security software, it is interesting to focus on good practices to adopt internally to diminish exposure to risks,” he suggests. “In the space of 3 to 10 minutes, a four-figure password can be detected with the help of a specific software that can be downloaded for several hundred euros. However, when the password is made up of 8 figures, an average of 165 days is required for such software to detect it. The consequences on data theft are of course radically different in the two cases,” explains the DCRI expert. Privileging certified security offers may be interesting, but here again, there are no absolute guarantees. “One should be wary about certification, for it may be old and no longer have value. In this domain, certification dating 2 years can already be entirely obsolete,” indicates Nicolas Ruff.