Last week, while everyone else was on the edge of their seat waiting to see what new handsets BlackBerry would unveil along with the new and eagerly awaited BlackBerry 10 operating system, I was sitting in a New York City conference center, attending the 2013 Kaspersky Cyber-Security Summit.
(For the scoop on BlackBerry, check out Jon Rettinger’s initial report on the new handsets.)
With presentations and roundtable discussions featuring people like Howard Schmidt (former cyber-security coordinator for President Obama), Lawrence Orans (Research Director at Gartner), and security executives from PayPal, BlackBerry, and RSA, there was a lot of expertise in the room.
And they painted a sobering picture of the threat that surrounds us every day thanks to the modern Internet. If you follow me on Twitter, you might have seen some of the stats I broadcasted throughout the day. Did you, for example, that about 200,000 new malware samples appear online every day? That’s not a typo – that adds up to more than a million new malware samples every week. Last year, 91% of businesses experienced at least one IT “security event.” When asked which industries or businesses are the most vulnerable to hackers, Kaspersky CEO Eugene Kaspersky said, “all of them.”
And there’s a new threat rising: cyber-weapons. The first known state-engineered cyber-weapon – Stuxnet – was discovered in 2010, and since then a virtual gang of similar weapons have materialized with names like Flame, Gauss, and Duqu. Some of these, like 2012’s MiniFlame, are thought to have been operating under the radar for years. And these weapons, summit leaders say, are being modified and exploited by cybercriminals as well.
Worried yet? Try this on for size: Gartner’s Orans says that about 5% of corporate managed PCs and as many as 30% of consumer home PCs are already infected with botnets. And you don’t even have to look that far to be concerned. Many PCs are attacked through computers that simply aren’t patched with the latest software updates, exposing them to insecurities. The biggest risk factors are Java, Microsoft Office, Adobe Reader, and Internet Explorer.
So how can you protect yourself in this dangerous modern world? It doesn’t necessarily require a lot of sophisticated tools or an elaborate security protocol. In fact, you can mitigate a vast amount of risk just by following these five guidelines:
Upgrade to a 64-bit version of Windows – either Windows 7 or Windows 8. You can insulate yourself from the majority of malware with this single change, because (at least for now) most malicious software only works on 32-bit versions of Windows.
Change to a modern browser. A lot of malware attacks come in via your browser. Many experts recommend switching to Chrome, but even recent versions of Internet Explorer (versions 9 and 10) offer dramatically more protection than old browsers.
Enforce a strong password policy. Your passwords must be good; there’s no room for compromise here. Certainly, a strong password alone can’t thwart all cyber-attacks, but good password management can prevent a lot of damage.
Update and patch your software. Many attacks take advantage of old software. Keep Windows, Microsoft Office, Adobe Reader, and other common software up to date. In 2010, for example, the Aurora Botnet attacked a slew of companies, including Google, Adobe, Juniper, and Yahoo. Microsoft was unscathed, mainly (according to Kaspersky) because the company takes the elementary precaution of keeping all of its corporate-managed PCs fully patched.
Keep everyone educated. Whether you run a small business or just try to keep your home network safe, it’s important that everyone on the network is educated about smart security practices, such as being able to detect phishing email, avoiding unsafe websites, and not using duplicate passwords on more than one website.