2018 was a big year for consumer privacy as the Cambridge Analytica and Facebook data privacy hearings helped shed further light on the issue. Added to this was the fact that app location tracking and privacy bugs were found in widely-used apps such as Apple's FaceTime.
Smartphones could arguably be the greatest spying device ever created with a camera, microphone and a location tracker all in one place and carried everywhere a user goes. While nation-states have targeted smartphones for traditional spying, it has also become a lucrative way to collect consumer's personal information.
TechRadar Pro spoke with Symantec's Director of Product Management for Security Response, Kevin Haley to learn more about the firm's latest report and how businesses and consumers can better protect their privacy online.
- Smart homes at greater security risk than ever
- Six ways to stay safe when buying smart tech
- Smart home security: 10 hacks to protect your home from hackers
Symantec recently released its latest Internet Security Threat Report (ISTR). Can you give us a little background on the annual report and share some of this year’s findings?
Sure this is a report we've been doing for 20 years. It's our look back at the year and what happened in the threat landscape and it gives us an opportunity to understand what happened and get insight as to what's going to happen next.
What are some of the newest targets revealed in the report?
Well we're seeing a huge focus by attackers on IoT devices. We're seeing a lot of routers and internet connected cameras being attacked. They're responsible for about 90 percent of all attacks that we're seeing. But things that may not register as a huge number are things like industrial control systems, satellite systems and telecoms. Nation state attackers are going after parts of the infrastructure which include things like that and of course that's a big concern as well.
How has the growth of smart home technology left consumers more open to hackers?
Consumers have a lot more devices connected to the Internet in their homes. Those are more opportunities for somebody to get into their home. And this has been a real issue with IoT devices because these devices generally don't have very good security on them and often consumers put them on and don't change the default password. Cyber criminals know what the default passwords are. If it's connected to the Internet it makes it trivial for them to get onto one of these devices.
What advice would you give to someone looking to add smart home technology to their home in the most secure way possible?
Well you definitely need to make sure you change the default password put a good password on that device. You need to keep it updated. If you have the ability to update the firmware or the software that's on that device that capability comes with it. You need to make sure you keep it up to date. You need to put it on your router make sure it's behind your router and not connected directly to the Internet. That will give you a level of protection. And any accounts associated with that device you need to make sure those are password protected and secured as well.
Do you think consumers value their digital privacy and if not why so?
I think it's a difficult thing for many consumers to understand how that what information is being collected and really the consequences of it. And I don't think they understand how extensively that data is being sold and used by many different organizations and people. So I think that transparency or there is a need for transparency to be brought into this. So consumers really understand the risk and the invasion of their privacy involved. Once they get that they will and do really care about privacy online.
How can businesses better protect themselves from cyberattacks?
Well businesses are full of end users and they need to make sure that those people are protected. They need to have good security software on the desktops on the phones and on their mail gateways. They need to enforce best practices. They need to make sure that their users use strong passwords. They use two factor authentication and they need to really make sure that any IO T devices that the business is adding on to the network that they're protecting those devices as well. They seem to slip into businesses and people don't even know when they're connected to the Internet or that they've been and yet there are very big vulnerability for those organizations attackers will use them to get into a business.
Would these same tactics be applicable to consumers looking to improve their own security?
Absolutely. Consumers of course need to follow best practices need to use good strong passwords. They need to start looking at the permissions they're enabling in those smartphone apps when they download them.
And if something doesn't seem to have a clear benefit it doesn't make sense that the app and what the app does could would need that sort of permission. They need to say no. They need just not to allow it. And they need to be highly suspicious of any email they get with an attachment. Cybercriminals are using it's the most popular way to infect both people at business and at home.
What do you think the future holds for cybersecurity?
Well there's always as new devices and as new dependencies on the Internet come along. Bad guy cyber criminals look to take advantage of those. So as we move into these new areas there's going to be a tremendous amount of benefit for us. But we also need to evaluate and be very thoughtful about the risks and take sensible steps to protect ourselves. But I'm very I'm very optimistic about the future and really look forward to all the great technology coming down the road. You know there's a lot of information available for consumers and businesses up at our Web site. You can even see a copy of the report at Symantec's website (opens in new tab).
- We've also highlighted the best antivirus to protect your systems from the latest cyber threats