Summer security concerns: 4 warm-weather worries

It's summertime, but the living may not be easy if your job is in security. Here are four trends security will be tracking this season

Think summer means emptier offices and less to worry about in the security department? Not anymore.

According to the security experts we spoke with, more mobile devices, and folks using their own smartphones to access corporate networks, means summer vacations pose a new kind of risk these days. And while the financially-motivated criminals may be on vacation, the politically-motivated "hacktivists" actually view summer as a prime time to strike.

Read on for the four security threats you should be on guard for during these warm months.

The Olympics

"Whatever scam the scammers run, they will adapt it to the popularity of the Olympics," said Chester Wisniewski, Senior Security Advisor with security firm Sophos. "We're already seeing a lot of phishing by email tied to the Olympics. You've won the Olympic lottery of 50,000 pounds. You've won an all-expense paid trip to see the Olympics, that sort of thing."

As the games, which are slated to begin on July 27th, draw closer, Wisniewski said he also expects more sites that are expecting increased traffic because of the Olympics, such as broadcasting websites, to be targeted. And that means users logging on to these sites from work devices risk compromising their computer, or even their corporate network.

"You can imagine how many people are going to find out how many medals their country won each day, so they are a very high profile target."

[5 Facebook, Twitter scams to avoid]

Summer vacations

"The highest-mobility times are also the highest-target times for thieves looking to steal smartphones and laptops," according to Ward Clapham, a 30-year of police veteran who is now vice president of investigations and recovery for Absolute Software, a lost-device-tracking company. "During the June, July and August travel time, expect to see these devices go missing. And, ultimately, when these things go missing, so does the intelligence."

Clapham believes part of necessary policy in today's mobile, and increasingly BYOD, work environment is educating users on risky behaviors both before travel and during the trip.

"The risky behavior can begin right from the ways and means you and your family identify you are leaving your family or business -- savvy criminals will be looking for those signals. Like if your kid posts on Facebook or Twitter that you're going on vacation."

Clapham said Absolute Software's most recent theft report reveals 5 percent of smartphones will be lost or stolen in the US next year, and that one-in-10 laptops are stolen during a lifecycle.

"That means security should plan on losing at least 5 percent of mobile assets, especially in a BYOD environment, and they need to have a plan in place for that. The CSO needs to recognize this is GOING to happen and have procedures and policies in place for before, during and after. This is an irreversible mega trend."

Politically-motivated attacks

"Summer was once a typically quiet time because criminals were on vacation, too," said Wisniewski. "But that's changed in last few years because of Anonymous and Lulzsec and the kinds of politically-motivated attacks they are usually behind."

Wisniewski notes the so-called "hacktivists" have been known to favor long weekends, holiday breaks and quiet summer days because they know there are fewer people keeping guard.

"HB Gary got hacked over Christmas, Sony got hacked over Easter," he said "When you know the IT staff is home with family enjoying a cocktail or a family dinner, it's a great time to attack."

Hacker conferences

Summer means its security conference season, including hacker conferences such as DefCon and Black Hat, both taking place in July.

"There are usually disclosures there around new vulnerabilities and that creates opportunities for people to try and exploit those vulnerabilities before companies can address them."

Wisniewski referenced a Black Hat event three years ago when security researcher Moxie Marlinspike showed a way of intercepting SSL traffic using what he called a null-termination certificate.

[Rogues gallery: Ten infamous hacks and hackers]

"Because of the press and the bit of showmanship around these conferences, there is usually a wave of people experimenting with the issues that are disclosed at these events."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place