Cyber Crime 3.0: Risks Multiply With Mobile, Cloud Computing

Who is lurking...?
Who is lurking...?
Daniel Bastien

PARIS - The new tablets and smartphones have blurred the boundaries between businesses and their employees, partners and customers. The danger of computer piracy has never been so great.

The threat is invisible but incessant, as the recent large-scale attack on British bank HSBC shows. In information technology, we live in a time of fantastic new breakthroughs, but it is also a time of cold sweats for businesses. Their fears are well founded.

During a recent Paris workshop on "Security: Info Systems and the Challenge of Mobility," a young research engineer calmly took control over another person’s iPad from his own laptop via Wi-Fi. To make his demonstration more spectacular, he even made the microphone work remotely. To the mesmerized audience, it looked like a spy movie.

"Getting into an iPad is simple," he said, even though Apple's iPad has the reputation of being extremely safe from attack.

The next day, his deed was no longer possible: Apple had updated its operating system to version 6. "But for how long?" wondered one technician, maliciously. Audience members were imagining how many "experts" were already tracking down the flaws in the new system. "The pirates go faster than we do," admits Yves Le Floch, director of development at Sogeti Security Global Line.

This demonstration was part of a wider effort to educate computer users about risks, on the part of the French government data privacy authority, the Commission Nationale de l’Informatique et des Libertés (CNIL). The anecdote illustrates that many businesses are blundering in the dark when it comes to the unprecedented new challenges they face with mobile devices like smartphones and other tablets, the "BYOD" (Bring Your Own Device) trend, and cloud computing.

These sectors are considered major information technology markets, but they also create so many new problems that during the French Assises de la sécurité et des systèmes d'information, an annual meeting for Internet security specialists held at the beginning of October, there were many workshops on mobile device security. In 2013, security costs will represent 14 % of the cost of operating information technology. Worldwide, more than $60 billion are being spent on computer security, according to Symantec. The cost of cybercrime is $400 billion a year.

The combination of mobility, BYOD, and cloud computing is explosive. In the digital ecosystem, the boundaries between a company and its clients, partners, suppliers, and co-workers are becoming blurrier, explains French security association CLUSIF (Club de la sécurité de l'information français). At the same time, more and more information is being produced, and systems everywhere are becoming interconnected. According to CLUSIF, 81 % of French companies believe the consequences of their information systems going down, even for less than 24 hours, would be dire, and 71 % of small firms that have suffered a cyber-attack never recover from it.

A new environment

It's like a tsunami. Mobility is at the core of the issue regarding information distribution systems, experts note. The market for tablets and smartphones, which are used to access half of all pages seen on the Internet, has soared.

"It's impossible not to use them at work now," says an IT manager. BYOD is steamrolled by three powerful driving forces, which are sociological, economic, and technological, says Edouard Jeanson, technical manager at Sogeti.

The sociological aspect is that it has altered people's ways of working. In 2013, 37 % of small and medium-sized firms will employ people who work remotely either part-time or full-time, says Symantec. The economic aspect is that employees buy their own devices, which is good for businesses' bottom line and productivity. Half of all businesses in France now allow their employees to connect to their information system, according to CLUSIF. The technological aspect is that smartphones are limitless, with cloud computing and fast processing speeds.

Everyone uses cloud computing daily, often without realizing it, for email, online gaming, instant messaging, and social networking, but also for things like online tax forms, credit card payments, and photo-sharing websites. This has been a revolution, according to specialists. Today, ‘mobility’ is synonymous with ‘cloud.’ "The use of cloud applications by tablets is massive," says Hervé Doreau, security practice manager at Symantec.

The growth in cloud computing is estimated at 15 to 20 % a year, and total cloud business turnover in Europe was 6 to 7 billion euros this year. This is certainly just the beginning.

The risks

"Our job is to be paranoid," says a security manager. Infected emails and software, viral attacks, data theft, hijacking of payment systems, fraudulent identities, illegitimate certificates, remote takeovers of networks, access to industrial control systems, etc... The list of the types of attack on personal or professional information systems is long.

Attackers might be cybercriminals working for profit, activists fighting for their ideology, or hackers, whose motivation is often the sheer challenge of the hack. The targets have changed over time. Before, most attacks were on the infrastructure, which hackers infected with viruses or worms. Now, theft of information or of digital identities is more common, because the data itself has value.

Today the danger concerns mobile service users who download malicious apps. "Our biggest worry for the past two years is BYOD. The risk is information leaks, because professional and personal data are not usually segregated," says Leclerc. The cloud is not much better. "Where is my information?" the naive client asks. The question comes up repeatedly. There is a lack of control when you have given your data to a third party. Shared in the cloud, data can fall victim to leaks from or to other customers. The information can also be requisitioned by foreign authorities.

Also, even if the data is encoded to start with, the provider or its sub-contractor may treat it as plain text in the cloud. The data may not be available 24/7 if there is a technical problem.

How secure is the cloud hosting service? Has it invested as much in security as clients wish? (On this point, total honesty is rarely the rule.) How do you get your data back if you want to change providers?

Pirates, meanwhile, no longer need to break into a business's network. Now all they need is to find an account ID online. For instance, if they manage to make their way into the management system of a cloud, they have direct access to huge numbers of passwords and credit card numbers. Last year, Sony learned this the hard way when 24 million customer accounts were compromised.

Caution is required, but businesses are not all equal in dealing with security problems. The biggest firms can negotiate each aspect of their contract with the hosting service, but small businesses have to deal with standard contracts whose details they can’t change, says the CNIL. Does that mean that they should leave the cloud? That would mean leaving the Internet.


Companies have evolved in order to deal with these risks. People speak now of "digital hygiene," and according to surveys, 100 % of businesses now have a full-time security team; only 43 % had one in 2010. "More and more company heads are going to have to take responsibility for this issue," Sogeti notes. Much remains to be done. "We’ve reached the hard part now. We have to re-examine security in a systematic way," says Le Floch. Although security policy is making progress, it is too often implemented haphazardly, after an incident or a new regulation.

More surprisingly, the purely technical aspects of security are no longer the most important factor. "Too many businesses thought they were protected just because they installed technical devices, which ended up being bypassed all together," explains Sogeti. The key to security is elsewhere. "25 % of security is technical, 50 % is internal organization, and 25 % is regulatory and legal," says Jeanson. "It's like a three-legged stool, you need all three."

Businesses, then, need to make their employees aware of computer security and train them on the subject; employees are ‘vulnerable points.’ Firms need to set clearly defined IT security rules. Security managers need to be in close contact with general management. A company must also remember to keep its existing security procedures up to date.

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!

7 Ways The Pandemic May Change The Airline Industry For Good

Will flying be greener? More comfortable? Less frequent? As the world eyes a post-COVID reality, we look at ways the airline industry has been changing through a pandemic that has devastated air travel.

Ready for (a different kind of) takeoff?

Carl-Johan Karlsson

It's hard to overstate the damage the pandemic has had on the airline industry, with global revenues dropping by 40% in 2020 and dozens of airlines around the world filing for bankruptcy. One moment last year when the gravity became particularly apparent was when Asian carriers (in countries with low COVID-19 rates) began offering "flights to nowhere" — starting and ending at the same airport as a way to earn some cash from would-be travelers who missed the in-flight experience.

More than a year later today, experts believe that air traffic won't return to normal levels until 2024.

But beyond the financial woes, the unprecedented slowdown in air travel may bring some silver linings as key aspects of the industry are bound to change once back in full spin, with some longer-term effects on aviation already emerging. Here are some major transformations to expect in the coming years:

Cleaner aviation fuel

The U.S. administration of President Joe Biden and the airline industry recently agreed to the ambitious goal of replacing all jet fuel with sustainable alternatives by 2050. Already in a decade, the U.S. aims to produce three billion gallons of sustainable fuel — about one-tenth of current total use — from waste, plants and other organic matter.

While greening the world's road transport has long been at the top of the climate agenda, aviation is not even included under the Paris Agreement. But with air travel responsible for roughly 12% of all CO2 emissions from transport, and stricter international regulation on the horizon, the industry is increasingly seeking sustainable alternatives to petroleum-based fuel.

Fees imposed on the airline industry should be funneled into a climate fund.

In Germany, state broadcaster Deutsche Welle reports that the world's first factory producing CO2-neutral kerosene recently started operations in the town of Wertle, in Lower Saxony. The plant, for which Lufthansa is set to become the pilot customer, will produce CO2-neutral kerosene through a circular production cycle incorporating sustainable and green energy sources and raw materials. Energy is supplied through wind turbines from the surrounding area, while the fuel's main ingredients are water and waste-generated CO2 coming from a nearby biogas plant.

Farther north, Norwegian Air Shuttle has recently submitted a recommendation to the government that fees imposed on the airline industry should be funneled into a climate fund aimed at developing cleaner aviation fuel, according to Norwegian news site E24. The airline also suggested that the government significantly reduce the tax burden on the industry over a longer period to allow airlines to recover from the pandemic.

Black-and-white photo of an ariplane shot from below flying across the sky and leaving condensation trails

High-flying ambitions for the sector

Joel & Jasmin Førestbird

Hydrogen and electrification

Some airline manufacturers are betting on hydrogen, with research suggesting that the abundant resource has the potential to match the flight distances and payload of a current fossil-fuel aircraft. If derived from renewable resources like sun and wind power, hydrogen — with an energy-density almost three times that of gasoline or diesel — could work as a fully sustainable aviation fuel that emits only water.

One example comes out of California, where fuel-cell specialist HyPoint has entered a partnership with Pennsylvania-based Piasecki Aircraft Corporation to manufacture 650-kilowatt hydrogen fuel cell systems for aircrafts. According to HyPoint, the system — scheduled for commercial availability product by 2025 — will have four times the energy density of existing lithium-ion batteries and double the specific power of existing hydrogen fuel-cell systems.

Meanwhile, Rolls-Royce is looking to smash the speed record of electrical flights with a newly designed 23-foot-long model. Christened the Spirit of Innovation, the small plane took off for the first time earlier this month and successfully managed a 15-minute long test flight. However, the company has announced plans to fly the machine faster than 300 mph (480 km/h) before the year is out, and also to sell similar propulsion systems to companies developing electrical air taxis or small commuter planes.

New aircraft designs

Airlines are also upgrading aircraft design to become more eco-friendly. Air France just received its first upgrade of a single-aisle, medium-haul aircraft in 33 years. Fleet director Nicolas Bertrand told French daily Les Echos that the new A220 — that will replace the old A320 model — will reduce operating costs by 10%, fuel consumption and CO2 emissions by 20% and noise footprint by 34%.

International first class will be very nearly a thing of the past.

The pandemic has also ushered in a new era of consumer demand where privacy and personal space is put above luxury. The retirement of older aircraft caused by COVID-19 means that international first class — already in steady decline over the last decades — will be very nearly a thing of the past. Instead, airplane manufacturers around the world (including Delta, China Eastern, JetBlue, British Airways and Shanghai Airlines) are betting on a new generation of super-business minisuites where passengers have a privacy door. The idea, which was introduced by Qatar Airways in 2017, is to offer more personal space than in regular business class but without the lavishness of first class.

Aerial view of Rome's Fiumicino airport

Aerial view of Rome's Fiumicino airport


Hygiene rankings  

Rome's Fiumicino Airport has become the first in the world to earn "the COVID-19 5-Star Airport Rating" from Skytrax, an international airline and airport review and ranking site, Italian daily La Repubblica reports. Skytrax, which publishes a yearly annual ranking of the world's best airports and issues the World Airport Awards, this year created a second list to specifically call out airports with the best health and hygiene standards.

Smoother check-in

​The pandemic has also accelerated the shift towards contactless traveling, with more airports harnessing the power of biometrics — such as facial recognition or fever screening — to reduce touchpoints and human contact. Similar technology can also be used to more efficiently scan physical objects, such as explosive detection. Ultimately, passengers will be able to "check-in" and go through a security screening anywhere at the airports, removing queues and bottlenecks.

Data privacy issues

​However, as pointed out in Canadian publication The Lawyer's Daily, increased use of AI and biometrics also means increased privacy concerns. For example, health and hygiene measures like digital vaccine passports also mean that airports can collect data on who has been vaccinated and the type of vaccine used.

Photo of planes at Auckland airport, New Zealand

Auckland Airport, New Zealand

Douglas Bagg

The billion-dollar question: Will we fly less?

At the end of the day, even with all these (mostly positive) changes that we've seen take shape over the past 18 months, the industry faces major uncertainty about whether air travel will ever return to the pre-COVID levels. Not only are people wary about being in crowded and closed airplanes, but the worth of long-distance business travel in particular is being questioned as many have seen that meetings can function remotely, via Zoom and other online apps.

Trying to forecast the future, experts point to the years following the 9/11 terrorist attacks as at least a partial blueprint for what a recovery might look like in the years ahead. Twenty years ago, as passenger enthusiasm for flying waned amid security fears following the attacks, airlines were forced to cancel flights and put planes into storage.

40% of Swedes intend to travel less

According to McKinsey, leisure trips and visits to family and friends rebounded faster than business flights, which took four years to return to pre-crisis levels in the UK. This time too, business travel is expected to lag, with the consulting firm estimating only 80% recovery of pre-pandemic levels by 2024.

But the COVID-19 crisis also came at a time when passengers were already rethinking their travel habits due to climate concerns, while worldwide lockdowns have ushered in a new era of remote working. In Sweden, a survey by the country's largest research company shows that 40% of the population intend to travel less even after the pandemic ends. Similarly in the UK, nearly 60% of adults said during the spring they intended to fly less after being vaccinated against COVID-19 — with climate change cited as a top reason for people wanting to reduce their number of flights, according to research by the University of Bristol.

At the same time, major companies are increasingly forced to face the music of the environmental movement, with several corporations rolling out climate targets over the last few years. Today, five of the 10 biggest buyers of corporate air travel in the US are technology companies: Amazon, IBM, Google, Apple and Microsoft, according to Taipei Times, all of which have set individual targets for environmental stewardship. As such, the era of flying across the Atlantic for a two-hour executive meeting is likely in its dying days.

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!