Summer security concerns: 4 warm-weather worries

It's summertime, but the living may not be easy if your job is in security. Here are four trends security will be tracking this season

Think summer means emptier offices and less to worry about in the security department? Not anymore.

According to the security experts we spoke with, more mobile devices, and folks using their own smartphones to access corporate networks, means summer vacations pose a new kind of risk these days. And while the financially-motivated criminals may be on vacation, the politically-motivated "hacktivists" actually view summer as a prime time to strike.

Read on for the four security threats you should be on guard for during these warm months.

The Olympics

"Whatever scam the scammers run, they will adapt it to the popularity of the Olympics," said Chester Wisniewski, Senior Security Advisor with security firm Sophos. "We're already seeing a lot of phishing by email tied to the Olympics. You've won the Olympic lottery of 50,000 pounds. You've won an all-expense paid trip to see the Olympics, that sort of thing."

As the games, which are slated to begin on July 27th, draw closer, Wisniewski said he also expects more sites that are expecting increased traffic because of the Olympics, such as broadcasting websites, to be targeted. And that means users logging on to these sites from work devices risk compromising their computer, or even their corporate network.

"You can imagine how many people are going to find out how many medals their country won each day, so they are a very high profile target."

[5 Facebook, Twitter scams to avoid]

Summer vacations

"The highest-mobility times are also the highest-target times for thieves looking to steal smartphones and laptops," according to Ward Clapham, a 30-year of police veteran who is now vice president of investigations and recovery for Absolute Software, a lost-device-tracking company. "During the June, July and August travel time, expect to see these devices go missing. And, ultimately, when these things go missing, so does the intelligence."

Clapham believes part of necessary policy in today's mobile, and increasingly BYOD, work environment is educating users on risky behaviors both before travel and during the trip.

"The risky behavior can begin right from the ways and means you and your family identify you are leaving your family or business -- savvy criminals will be looking for those signals. Like if your kid posts on Facebook or Twitter that you're going on vacation."

Clapham said Absolute Software's most recent theft report reveals 5% of smartphones will be lost or stolen in the US next year, and that one-in-10 laptops are stolen during a lifecycle.

"That means security should plan on losing at least 5% of mobile assets, especially in a BYOD environment, and they need to have a plan in place for that. The CSO needs to recognize this is GOING to happen and have procedures and policies in place for before, during and after. This is an irreversible mega trend."

Politically-motivated attacks

"Summer was once a typically quiet time because criminals were on vacation, too," said Wisniewski. "But that's changed in last few years because of Anonymous and Lulzsec and the kinds of politically-motivated attacks they are usually behind."

Wisniewski notes the so-called "hacktivists" have been known to favor long weekends, holiday breaks and quiet summer days because they know there are fewer people keeping guard.

"HB Gary got hacked over Christmas, Sony got hacked over Easter," he said "When you know the IT staff is home with family enjoying a cocktail or a family dinner, it's a great time to attack."

Hacker conferences

Summer means its security conference season, including hacker conferences such as DefCon and Black Hat, both taking place in July.

"There are usually disclosures there around new vulnerabilities and that creates opportunities for people to try and exploit those vulnerabilities before companies can address them."

Wisniewski referenced a Black Hat event three years ago when security researcher Moxie Marlinspike showed a way of intercepting SSL traffic using what he called a null-termination certificate.

[Rogues gallery: Ten infamous hacks and hackers]

"Because of the press and the bit of showmanship around these conferences, there is usually a wave of people experimenting with the issues that are disclosed at these events."

This story, "Summer security concerns: 4 warm-weather worries" was originally published by CSO.


Copyright © 2012 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon