BANGALORE: Smart phones and tablets are slowly replacing laptops and desktops, but they seem to be more vulnerable to cyber attacks, Richard H L Marshall, former director of Global Cyber Security Management, Department of Homeland Security, USA, said.
With mobile transactions set to touch $1.3 trillion worldwide by 2015, banks and patent services are scrambling to plug security gaps, he told Express.
“Mobile devices are much more vulnerable to cyber attacks because they are owned and operated by individual users for the most part who are not aware of the risk, and mobile devices afford an easily exploitable pathway for an attacker to get inside a business, banking, or government system, especially through phishing attacks,” he said.
Richard is currently working as CEO, Secure Exchange LLC, USA. He was in Bangalore to attend a conference on ‘data privacy’ organised by the Karnataka Chapter of ISACA, a global organization for information governance, control, security and audit professionals.
According to him, in the last 15 years cyber crime has witnessed a transition: mischief makers and pranksters have given way to brigands with destructive intent and hackers working in concert for profit. “They include organized cyber crime entities and state-sponsored campaigns referred to as Advanced Persistent Threat (APT) attacks. These attackers are highly motivated, well organised and unpredictable.”
Last year alone, over $400 billion was lost to cyber crime but government organisations and corporates are reluctant to disclose data breaches. Sharing information on data breaches helps to improve overall security, he noted.
On threat levels, Richard says: “For businesses, on a scale of one to 10, I would say between 8.5 and 9. Cyber criminals have two objectives, find targets that will yield high payoff for their efforts and attack those high payoff targets that offer the least resistance. Their business model is simple: least effort for the greatest financial gain. A company’s business methods, customer list, and other forms of digital data are valuable to them as they can sell that data to competitors both at home and abroad.”
The biggest challenge in dealing with cyber crimes, according to him, is that “senior officials do not understand the seriousness of the threat or accept the reality of the threat actors.”
‘Police not Adequately Equipped, Trained’
“No police force is adequately equipped and trained to deal with or investigate cyber crimes. However, some are better than others. Interpol, the US Federal Bureau of Investigation and the US Secret Service are three excellent models,” he said.
“There is a need to implement threat awareness programmes for everyone using computers, keep systems updated through enforced patch management programs and install and use the newest versions of malware detection programmes,” he added.