When the world gets closer.

We help you see farther.

Sign up to our expressly international daily newsletter.

Already a subscriber? Log in .

You've reached your limit of one free article.

Get unlimited access to Worldcrunch

You can cancel anytime .

SUBSCRIBERS BENEFITS

Exclusive International news coverage

Ad-free experience NEW

Weekly digital Magazine NEW

9 daily & weekly Newsletters

Access to Worldcrunch archives

Free trial

30-days free access, then $2.90
per month.

Annual Access BEST VALUE

$19.90 per year, save $14.90 compared to monthly billing.save $14.90.

Subscribe to Worldcrunch
Future

Cyber Crime 3.0: Risks Multiply With Mobile, Cloud Computing

Who is lurking...?
Who is lurking...?
Daniel Bastien

PARIS - The new tablets and smartphones have blurred the boundaries between businesses and their employees, partners and customers. The danger of computer piracy has never been so great.

The threat is invisible but incessant, as the recent large-scale attack on British bank HSBC shows. In information technology, we live in a time of fantastic new breakthroughs, but it is also a time of cold sweats for businesses. Their fears are well founded.

During a recent Paris workshop on "Security: Info Systems and the Challenge of Mobility," a young research engineer calmly took control over another person’s iPad from his own laptop via Wi-Fi. To make his demonstration more spectacular, he even made the microphone work remotely. To the mesmerized audience, it looked like a spy movie.

"Getting into an iPad is simple," he said, even though Apple's iPad has the reputation of being extremely safe from attack.

The next day, his deed was no longer possible: Apple had updated its operating system to version 6. "But for how long?" wondered one technician, maliciously. Audience members were imagining how many "experts" were already tracking down the flaws in the new system. "The pirates go faster than we do," admits Yves Le Floch, director of development at Sogeti Security Global Line.

This demonstration was part of a wider effort to educate computer users about risks, on the part of the French government data privacy authority, the Commission Nationale de l’Informatique et des Libertés (CNIL). The anecdote illustrates that many businesses are blundering in the dark when it comes to the unprecedented new challenges they face with mobile devices like smartphones and other tablets, the "BYOD" (Bring Your Own Device) trend, and cloud computing.

These sectors are considered major information technology markets, but they also create so many new problems that during the French Assises de la sécurité et des systèmes d'information, an annual meeting for Internet security specialists held at the beginning of October, there were many workshops on mobile device security. In 2013, security costs will represent 14 % of the cost of operating information technology. Worldwide, more than $60 billion are being spent on computer security, according to Symantec. The cost of cybercrime is $400 billion a year.

The combination of mobility, BYOD, and cloud computing is explosive. In the digital ecosystem, the boundaries between a company and its clients, partners, suppliers, and co-workers are becoming blurrier, explains French security association CLUSIF (Club de la sécurité de l'information français). At the same time, more and more information is being produced, and systems everywhere are becoming interconnected. According to CLUSIF, 81 % of French companies believe the consequences of their information systems going down, even for less than 24 hours, would be dire, and 71 % of small firms that have suffered a cyber-attack never recover from it.

A new environment

It's like a tsunami. Mobility is at the core of the issue regarding information distribution systems, experts note. The market for tablets and smartphones, which are used to access half of all pages seen on the Internet, has soared.

"It's impossible not to use them at work now," says an IT manager. BYOD is steamrolled by three powerful driving forces, which are sociological, economic, and technological, says Edouard Jeanson, technical manager at Sogeti.

The sociological aspect is that it has altered people's ways of working. In 2013, 37 % of small and medium-sized firms will employ people who work remotely either part-time or full-time, says Symantec. The economic aspect is that employees buy their own devices, which is good for businesses' bottom line and productivity. Half of all businesses in France now allow their employees to connect to their information system, according to CLUSIF. The technological aspect is that smartphones are limitless, with cloud computing and fast processing speeds.

Everyone uses cloud computing daily, often without realizing it, for email, online gaming, instant messaging, and social networking, but also for things like online tax forms, credit card payments, and photo-sharing websites. This has been a revolution, according to specialists. Today, ‘mobility’ is synonymous with ‘cloud.’ "The use of cloud applications by tablets is massive," says Hervé Doreau, security practice manager at Symantec.

The growth in cloud computing is estimated at 15 to 20 % a year, and total cloud business turnover in Europe was 6 to 7 billion euros this year. This is certainly just the beginning.

The risks

"Our job is to be paranoid," says a security manager. Infected emails and software, viral attacks, data theft, hijacking of payment systems, fraudulent identities, illegitimate certificates, remote takeovers of networks, access to industrial control systems, etc... The list of the types of attack on personal or professional information systems is long.

Attackers might be cybercriminals working for profit, activists fighting for their ideology, or hackers, whose motivation is often the sheer challenge of the hack. The targets have changed over time. Before, most attacks were on the infrastructure, which hackers infected with viruses or worms. Now, theft of information or of digital identities is more common, because the data itself has value.

Today the danger concerns mobile service users who download malicious apps. "Our biggest worry for the past two years is BYOD. The risk is information leaks, because professional and personal data are not usually segregated," says Leclerc. The cloud is not much better. "Where is my information?" the naive client asks. The question comes up repeatedly. There is a lack of control when you have given your data to a third party. Shared in the cloud, data can fall victim to leaks from or to other customers. The information can also be requisitioned by foreign authorities.

Also, even if the data is encoded to start with, the provider or its sub-contractor may treat it as plain text in the cloud. The data may not be available 24/7 if there is a technical problem.

How secure is the cloud hosting service? Has it invested as much in security as clients wish? (On this point, total honesty is rarely the rule.) How do you get your data back if you want to change providers?

Pirates, meanwhile, no longer need to break into a business's network. Now all they need is to find an account ID online. For instance, if they manage to make their way into the management system of a cloud, they have direct access to huge numbers of passwords and credit card numbers. Last year, Sony learned this the hard way when 24 million customer accounts were compromised.

Caution is required, but businesses are not all equal in dealing with security problems. The biggest firms can negotiate each aspect of their contract with the hosting service, but small businesses have to deal with standard contracts whose details they can’t change, says the CNIL. Does that mean that they should leave the cloud? That would mean leaving the Internet.

Solutions

Companies have evolved in order to deal with these risks. People speak now of "digital hygiene," and according to surveys, 100 % of businesses now have a full-time security team; only 43 % had one in 2010. "More and more company heads are going to have to take responsibility for this issue," Sogeti notes. Much remains to be done. "We’ve reached the hard part now. We have to re-examine security in a systematic way," says Le Floch. Although security policy is making progress, it is too often implemented haphazardly, after an incident or a new regulation.

More surprisingly, the purely technical aspects of security are no longer the most important factor. "Too many businesses thought they were protected just because they installed technical devices, which ended up being bypassed all together," explains Sogeti. The key to security is elsewhere. "25 % of security is technical, 50 % is internal organization, and 25 % is regulatory and legal," says Jeanson. "It's like a three-legged stool, you need all three."

Businesses, then, need to make their employees aware of computer security and train them on the subject; employees are ‘vulnerable points.’ Firms need to set clearly defined IT security rules. Security managers need to be in close contact with general management. A company must also remember to keep its existing security procedures up to date.

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

Economy

Forced Labor, Forced Exile: The Cuban Professionals Sent Abroad To Work, Never To Return

Noel, a Cuban engineer who had to emigrate to the faraway island of Saint Lucia, tells about the Cuban government's systematic intimidation techniques and coercion of its professionals abroad. He now knows he can never go back to his native island — lest he should never be allowed to leave Cuba again.

Forced Labor, Forced Exile: The Cuban Professionals Sent Abroad To Work, Never To Return

Next stop, Saint Lucia

Laura Rique Valero

Daniela* was just one year old when she last played with her father. In a video her mother recorded, the two can be seen lying on the floor, making each other laugh.

Three years have passed since then. Daniela's sister, Dunia*, was born — but she has never met her father in person, only connecting through video calls. Indeed, between 2019 and 2023, the family changed more than the two little girls could understand.

"Dad, are you here yet? I'm crazy excited to talk to you."

"Dad, I want you to call today and I'm going to send you a kiss."

"Dad, I want you to come for a long time. I want you to call me; call me, dad."

Three voice messages which Daniela has left her father, one after the other, on WhatsApp this Saturday. His image appears on the phone screen, and the two both light up.

The girls can’t explain what their father looks like in real life: how tall or short or thin he is, how he smells or how his voice sounds — the real one, not what comes out of the speaker. Their version of their dad is limited to a rectangular, digital image. There is nothing else, only distance, and problems that their mother may never share with them.

In 2020, Noel*, the girls' father, was offered a two-to-three-year employment contract on a volcanic island in the Caribbean, some 2,000 kilometers from Cuba. The family needed the money. What came next was never in the plans.

Keep reading...Show less

The latest