Category Archives: AVG

AVG

AVG

‘Future Crimes’ – A New Book That Takes on the Future of Cybercrime

“If you control the code, you control the world. This is the future that awaits us.”
– Marc Goodman

As anyone who reads this space knows, I’m a big fan of the Internet of Things, and yet equally worried about security in this brave new world.

A new book “Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It” emphasises these points and makes some suggestions.

What struck me is that many of what crimes Goodman labels as “future crimes” are already happening all around us. From the recent ISIS hack of French TV station to the epic hacks of the past year on major brands from Sony to Target, Home Depot and Chase. We’re definitely already at the intersection of connected technology and cybercrime.

“We’ve gone ahead and wired this world but failed to secure it,” Goodman said in a tweet. “We can but it’s going to be hard.”

Goodman writes about identity theft, stolen data, smartphone hacks, and speculates worryingly about the future. He sees this getting worse, of course, with the advent of smart houses, smart cars, and an increasingly wired world.

The recent wave of cybercrimes illustrates his warnings, and is one of the reasons it’s become a hit. The book was rated as Amazon’s Best Book of the Month in March and is a bestseller on the New York Times “Crime and Punishment” list.

When he writes about the future of technology, from smart pacemakers to 3-D technology, and the shadowy figures out to exploit the weaknesses of these devices, it can read like science fiction. But, as we’re fully aware at AVG, a connected future is rapidly approaching and it’s reality, not fiction.

Goodman does offer some positives, which is what made the book interesting to me: Without action this would be a litany of gloom and doom. He suggests the sharing of information between public and private sectors, something President Obama has been strongly advocating. Goodman also envisions  a “Manhattan Project” type organization combining the best and brightest from the private and governmental sector.

Goodman also says it is crucial to increase the technical knowledge of ordinary people, who use technology on an everyday basis. I think this is a very good idea. From our Clinton Global Initiative Smart User Mission to our Magda and Mo ebook series for children, at AVG we view it as part of our mission to we teach internet safety to the new generation of users coming online.  As Goodman points out, being tech savvy is only going to increase in importance.

AVG

Wear Red for Pay Equity

Today, April 14, is National Equal Pay Day, which is designed to highlight the issue of gender/pay gap.

Why does National Equal Pay Day fall in the month of April? Because that’s how far into the year it is estimated that a woman must work to earn what a man earned in the previous year! Pay-equity.org is urging supporters to wear red today to symbolize how far behind women and minorities are in their pay.

We have a long way to go, inside and out of tech on this issue. As has been reported by the Government’s Department of Labor, overall women who work full-time still make 78 cents for every dollar a male counterpart makes. You can see details here. This despite the fact that the Equal Pay Act was enacted in 1963! (Ironically, at the height of the Mad Men era.)

AAUW (American Association of University Women), one of the champions in the fight to end wage discrimination, notes that for some inexplicable reason, there is a 7% difference in the earnings of males and females just one year after they graduate college. AAUW also reports that in 2013, the disparity is even greater for Hispanics, African Americans, American Indian and Native Hawaiian women.

Furthermore AAUW reports, “working mothers are often penalized for having children, while fatherhood generally tends to boost a man’s career.” In fact, the latter was the basis of my recent talk “Boardroom or Baby” at SXSW Interactive, which was designed to begin to tackle this issue.

The good (and sometimes painful) news is that pay rates and gender discrimination have been in the news a lot lately!

Earlier this year we applauded the Academy Award winning actress Patricia Arquette for her conscious-raising remarks at the Oscar bash. (See my earlier blog.)

And pay equity is a priority for the newly minted U.S. Presidential candidate Hillary Clinton – who weighed in on the topic at the Women in Tech Conference in Silicon Valley and said in her keynote, “She’s right — it is time to have wage equality once and for all.”

President Obama clearly supports fair pay. I’m just guessing, but I think as the smart son of a single working mother he saw first-hand how wage discrimination worked. In his tenure he has signed the Lilly Ledbetter Fair Pay Act and established the National Equal Pay Task Force. You can read more here about two new executive actions to help combat pay discrimination and strengthen enforcement of equal pay laws.

Then, there are the many recent lawsuits in the tech world that demonstrate how far we have to go in terms of pay and discrimination. (I won’t go into them here.)

Needless to say, it’s enough to make anyone see red. I think any fair-minded person, no matter what their gender or identity would agree.
So what can you do besides wear red today? You can get a free equal payday kit here with a lot of suggestions. And you can educate yourself. There’s an illuminating fact sheet supplied by AAUW.

Finally… as a woman, or a minority, or really as any employee, you should feel free to ask for a wage increase if you think you are due one! It’s amazing when you review the statistics of people who just don’t ask for a wage increase.

So, while I wouldn’t say National Equal Pay Day is really cause for celebration, we can use it to raise awareness. And you can wear red… I am.

AVG

Humans the weak link in alleged White House hack

Earlier this week, it emerged that Russian hackers have successfully managed to infiltrate the computer systems at the White House.

Given the highly sensitive nature of information held within any government’s systems, we have to assume that the breach is significant. Although full details of the breach have not yet been made public (and maybe never will) some news sources indicate that President Obama’s schedule was among the information accessed.

It’s hard to see America taking this intrusion lightly, given the history between the countries and I expect to see them double down on security in the coming weeks.

Some are asking questions of the US government’s security policies and rightly so. Although protecting such a vast network of computer systems is a very complex operation. I was not surprised to learn that the attackers gained access to the system via a form of “spear phishing” attack targeting the end user.

Governments, just like any organization, are only as secure as their weakest link. Sadly, when it comes to security the weakest link is always a human. We as people are susceptible to social engineering and as such can unknowingly undermine even the most sophisticated of security technologies.
All hackers need to know is who to target and how – and then they can start to build out a profile of their victim and work out how to target them. It can take a long time but it’s often worth the wait, especially in an attack like this.

It will be interesting to see how this plays out in the coming months.

AVG

Facebook introduce Scrapbook for baby photos

On March 31st, Facebook began rolling out its new “Scrapbook” feature which loving parents can fill with pictures of their children without fear of flooding their friends’ Facebook feed.

While this is great news for those of us who loathe oversharing, it also makes it easier for parents to manage their privacy. By placing all their images in a Scrapbook, parents can easily control who can and cannot view them.

Scrapbook

Scrapbook addresses the very clear demand for parents to document, store and share precious memories and highlights the trends that we highlighted in Digital Diaries research.

In fact, as many as 30% of parents have shared a pre-natal scan via social media, creating a Digital Footprint for their child long before they are even born.

And it doesn’t stop there; later stages of Digital Diaries highlight the sharenting phenomenon where parents don’t consider the long term consequences of sharing every detail of their child’s life.

Video

Do Parents Share Too Much?

 

Scrapbook may help parents keep a handle on the visibility of their baby photos but as such is exacerbating the sharenting issue.

Today’s children are growing up in digital world that doesn’t forget and a world where their every moment is being captured and stored on line. Before we share anything, it’s important to remember that.

AVG

Five things we can learn from Snapchat’s first transparency report

At the start of April, messaging service Snapchat revealed that they release a biannual transparency report.

Transparency reports detail the requests for user data that received from governments around the world and what (if any) action was taken.

Snapchat’s first report contains the first four months’ worth of data, as they didn’t want to delay its publication.

So what do the numbers mean?

 

Snapchat is a big deal

Snapchat’s decision to publish a transparency places them in such esteemed company as Google, Apple and Facebook when it comes to detailing collaboration with governments.

The messaging service has grown in maturity since its early days and rumors of adding a money sending service only go to show that it is intent on upping its game.

 

US are leading the way in requests

Of the 403 requests for information, 93% of those came from the United States government. While the US has a track record of leading the field in transparency reports, its remarkable how far ahead they are in Snapchat’s report.

It’s worth mentioning that Snapchat’s sample size is small and market penetration is much lower in markets outside the US.

The trend continues with 92% of requests in the US resulted in sharing data, the figure is only 23% for elsewhere. In France, not one of the nine requests ended up in the Snapchat handing over data.

US Data Requests

 

Governments CAN look at your snaps

Snapchat highlighted in a 2014 blog post, that your messages are stored and can be retrieved, so it should come as no surprise therefore that your Snapchat messages, along with your username, email address, and phone number are at the mercy of governments.

 

But they really don’t care 

Despite Snapchat’s reputation for being a good place to share explicit images of yourself, the new transparency report shows that Snapchat did not receive a single take down request for content that isn’t banned by Snapchat’s own Ts&Cs or for copyright infringement.

 

Snapchat is taking security seriously

After news broke last year that millions of private messages had been leaked via third party service Snapsaved.com, Snapchat has been on a mission to improve security for its users.

Alongside the transparency report, Snapchat revealed that they have now blocked all third party applications to avoid a repeat of what has been dubbed “The Snappening”.

 

For more information on staying safe while using services like Snapchat

Video

How Snapchat Works

AVG

Is our data ready for the wearable health revolution?

This week MEF issued a report on the use of wearable devices in the health sector, both relating to personal consumption and also when recommended or used by health professionals.

According to the report, “the global health and fitness app market is currently worth $4 billion, and is predicted to be worth $26 billion by 2017”. This means that we’re going to hear a lot more about health wearables in the future.

The biggest selling point for wearables is their convenience. They can passively track our activity, pulse and other vital data points that allow us to make health and lifestyle decisions.

Imagine a future where a patient that needs frequent monitoring for diagnosis can go about their daily routine while a wearable tracks and transmits their data back to the doctor for analysis.

This remote diagnosis is potentially an incredibly simple way to provide doctors with the information they need without waiting time, travel time and consultation time.

There have been some very interesting developments in this area over the past year as well, with Google researching contact lenses that measure blood sugar to the use of wearable camera technology used in surgery so a remote surgeon can assist.

MEF’s report also showed that the adoption of wearable technology in health is lower in Western countries and some of the lowest is seen in Germany and France.

I believe that patients in these countries are more aware of data security and privacy risks having seen many data breach stories in the news over the last few years.

Trust and data security are fundamental to the success of mHealth. Wearables are blurring the lines between recreational and medical data.

By law, medical data needs to be encrypted and authenticated (HIPPA in the USA for example) but recreational data as captured by most wearable devices does not.

Moreover, manufacturers of wearable fitness trackers and other activity monitors are not operating in a regulated market and companies could be using this data in ways that we neither agree with nor understand (even though it may be in their policy documents).

If commercial companies are to hold data that we really only expect medical companies to hold then maybe the regulations should apply to them as well.

While it may be boring, I would recommend reading the privacy policy and terms of use of anything collecting what is very personal and sensitive data and making a choice on whether you want to share this data.

AVG

AVG Named Top International Security Company to Watch

Research and market intelligence firm Cybersecurity Ventures recently released the results of the “CyberSecurity 500, Hot Cybersecurity Companies to Watch in 2015”.

The Cybersecurity 500 is an impartial list that ranks security company’s based on merit according to the selection criteria. 

Criteria include customer base, company growth, product reviews, media coverage and event attendance.

 

Top international company

With headquarters in Amsterdam, AVG  was the top ranked security company in a growing international field. With 22% of the Cybersecurity 500 listed companies based outside of the US the cybersecurity industry is continuing to show strong growth.

According to the latest Cybersecurity Market Report, The Cybersecurity industry is growing from $71 Billion in 2014 to $155+ Billion in 2019.

With 200 million active users and counting, it’s clear that AVG is in a very strong position to help secure devices, data and people across the globe.

Cyber Security 500

The importance of mobile

Founder and CEO of Cybersecurity Ventures Steve Morgan explained that  AVG’s mobile user base was a major factor in achieving such a high ranking.

“Half of AVG’s active customers are using their software on mobile devices. That’s 100 million mobile users, which makes AVG a top competitor in an exploding market for iOS and Android security.”

If you have an Android device, protect it with AVG for free now.

For more tips on keeping your Android device safe, check out our AVG Academy video:

 

Video

Securing Your Android Device

 

 

 

AVG

Why ransomware poses a risk to businesses

Last year’s attack on Sony is perhaps the most famous recent example of ransomware, but new increasingly sophisticated forms of the malware are on the rise.

To make matters worse, the scale of the problem is hard to know, because new research suggests many incidents are going unreported!

Ransomware is like digital kidnapping. An attacker encrypts the victim’s computer, or even individual files and charges a ransom for their safe return. If the ransom isn’t paid the files are destroyed and files seemingly lost forever.

Individuals, businesses, colleges and government agencies have all been among targets of ransomware. Any institution or individual that has critical files or systems are potential targets for ransomware attackers.

Even gamers were recently targeted, with the threat of losing their online creations providing the leverage.

Businesses in particular though can suffer at the hands of ransomware as shown in a recent attack targeting Danish chiropractors. The victims received an email from a potential new patient who conveniently provided past medical records via cloud storage service Dropbox. Once opened, the PacMan malware springs into action and encrypts essential business files containing valuable medical information.

Here in the United States, both the FBI and the White Collar Crime Center advise you to report ransomware threats or events to the agency at www.ic3.gov, and importantly, they advise against paying the ransom!

New research by ThreatTrack suggests that 30% of companies surveyed would negotiate and essentially “pay up” for the recovery of data. More notably, 55% of those that had previously been victims of ransomware said they would pay up again!

It also appears many incidents are likely going unreported, according to the ThreatTrack survey. Why? Likely because companies don’t want to suffer public scrutiny and humiliation or, perhaps, to encourage copycats.

 

What’s to be done?

The government and those of us in the security industry advise the first line of defense is preparedness.

Some basic tips include:

  • Educate yourself and employees about ransomware.
  • Regularly back up your data – and make sure a copy is stored offline.
  • Install and enable antivirus protection.
  • Make sure you keep all your systems and programs up to date.
  • Beware of links, and attachments. If in doubt, do not open it!

You can also stay abreast and get information on malware and other security threats here on the blog.

As with disease in the real world, prevention is sometimes the best cure in the digital world. It may seem like a bother, but having a preventative strategy could save you pain in the long run.

AVG

Is Hotel Wi-Fi Safe?

Recently, a new authentication vulnerability was identified in the firmware of routers that are used in hotels around the world.

This means that new files can be written to the routers and then potentially all connected machines (meaning hotel guests) could become infected.

Public Wi-Fi is not a new risk as these networks are unencrypted and send all your data in clear text, unless of course the web site you are visiting offers encryption.

Why does it matter that your data is unencrypted? Imagine all your regular post arriving at home written on postcards so that anyone in the delivery chain could read them. It would be a huge invasion of your privacy and unacceptable.

The risk of similar but you just can’t see that it was all sent for others to read, should they be so inclined.

Stay safe while using public Wi-Fi

  • When using public Wi-Fi in café’s, airports, hotels or even when visiting a place of work that has guest Wi-Fi you should always be cautious on which services you use while connected.
  • Where possible use a virtual private network (VPN). This will encrypt the data being send over the public Wi-Fi network that you are connected to, or put another way it will put your mail back in envelopes.
  • Many scammers set up fake Wi-Fi networks to conduct what is known as a man in the middle attack. If you are in a hotel or airport, make sure you are using the legitimate free Wi-Fi  service.

For more tips on keeping your data safe while using public Wi-Fi, check out the infographic below.

WiFi

AVG

Will humans soon be banned from driving?

A driverless car recently made the journey from the Golden Gate Bridge in California and drove cross-country to New York City. The voyage was the longest autonomous drive attempt in the U.S., and has put driverless vehicles in the news again.

The successful journey brought to mind a recent prediction from Elon Musk, the founder of electric car manufacturer Tesla:

“[Legislators] may outlaw driving cars because it’s too dangerous… You can’t have a person driving a two-ton death machine”.

While at first this might seem radical, I feel it’s a potentially realistic image of the future.

With Tesla, Google, Apple, and most major automakers working on self-driving cars, it’s a safe bet they will be commonplace in the next decade.

For his part, Musk drew a relationship with elevators: When elevators first came about, each had an elevator operator.  But as people became more used to the technology, and elevators became more safe and efficient, the operators went away.

Certainly, there is a lot to consider with the day of the self-driving cars coming. At the Nvidia conference, which debuted the firm’s computer platform for driverless cars, security issues with autonomous cars were also highlighted.

As Musk noted, there are some basic security concerns to deal with to make sure that people won’t be able to hack into vehicles.

“We’ve put a lot of effort into that, and we’ve had third parties try to hack it,” Musk said. He also said the threat of hackers taking over cars becomes more significant if the steering wheel and brake pedal disappear. Until then, he says drivers can override any potential problems.

As we’ve reported previously, car hacking is already happening today with automated, smart devices including car locks. Imagine when the entire car is vulnerable?

According to a recent congressional inquiry by Senator Ed Markey, there is a widespread absence of security and privacy protection being taken into consideration as automakers race to embrace the technology without considering the implications.

Clearly, the automotive and cybersecurity industries need to monitor autonomous technology very carefully, and adapt where needed.

Put simply, cars are another piece…a big piece… of the entire landscape of the Internet of Things, and if we are going to leave the driving to technology, we must make sure that it’s safe and secure.