[ad_1]
We still treat our data with negligence, complains the Confederate expert of Internet security, Pascal Lamia, and demands: "We must all rethink." He says that little time and money can be achieved.
"Cyberattacks are still in the waves," says Pascal Lamia, head of Melani, the reporting bureau, and the news agency. analysis for the security of information at the federal level. (Photo: Pius Amrein (Bern, June 27, 2018))
What do you recommend to those who travel to the summer holidays?
You need to backup your mobile data and PC and make sure that they are not confidential Have a smartphone. In case of theft, they will lose only the device, not the content. If important data is stolen, they may be subject to blackmail. If you take your company's phone with you on vacation to the United States, remember that the customs office could read the business emails.
Access it?
The United States Customs Service may require you to unlock your smartphone and then look at the mail and everything else.
Melani protects infrastructure
Pascal Lamia, 50, is a federal computer security officer since 2000. In 2008, Freiburg took over the management of the Center for Reporting and Analysis for Insurance of Information (Melani). On behalf of the federal government, this protects critical infrastructure such as energy companies, the financial sector and the federal government. Once or twice a week, the computer scientist gives lectures to sensitize the economy and the population to the dangers of cyberspace. Note Tips for individuals and businesses on www.melani.admin.ch (eno)
Since the computer virus WannaCry a year ago, peace and quiet reign. Is the problem solved?
The next attack will come for sure. Cyber attacks always occur in waves. This can be seen in phishing emails that try to mislead people on behalf of well known companies. We have this background noise right now, but not a big one, like the espionage attack on the Ruag two years ago.
You call that noise?
Phishing mails are commonplace today, as are trap thieves. You know it and have to deal with it.
"If you take your mobile phone to the United States on vacation
remember that
the customs office could read the business emails."
Why do not many people still do it?
Because emails are often very well done. If you send hundreds of thousands of emails under the name of known and reputable companies, such as Swisscom or tax administration, you can assume that two-thirds of the recipients are actually their customers . If the official logo is used and written correctly, you forgot to pay the bill, many people fall for it. You open an attachment or click on a link and a Trojan is installed in the background. Once e-banking is used, the hacker can transfer money from the account in question
How many times such attacks occur?
We currently know 3100 infected systems, with a total of 150 000 inadequately protected systems in Switzerland. But we do not see everything from a distance.
How can I protect myself?
As an individual, it is extremely important to always update your operating system, activate the firewall and update your anti-virus software. Free virus protection is better than any, but the one you have to pay is much better. About one to three percent of people do not have any anti-virus software.
Where do you find the biggest problem?
Swiss SMEs are worth attacking because our economy is doing well. You can use simple attack methods – an encryption trojan – to encrypt data from an SME and then blackmail it. If the SME does not have backup, it will be forced to pay a ransom to regain access to the data. This can cost up to several million francs. That's why we try to educate SMEs.
What do you advise them?
Every company must ask itself what data it can not do without. For example, a carpenter needs to know which client has placed which order. A business with an online store sits on its homepage to work. Every business needs to think twice: How can I make sure my business process works well in an attack?
It takes time and money.
You must also ask the opposite question: how much does it cost if a company no longer has the important data at its disposal or if the online store stops working? Can she even allow that? A company that does not have antivirus software and that does not back up its data daily does not do its homework – that it's a carpentry or a bakery.
How much time and money does it take?
In a five – way operation, you must first install the antivirus software and later renew the subscription periodically. It may be five minutes a year. If you have the data on a server, it takes half an hour to secure it accordingly. If the process is partially automated, ten minutes is enough. This is not expensive.
Is the Internet of Things dangerous?
This is the big challenge of the future. This is shown, for example, by the attack of a heart-lung machine attached to an infected network called botnet. The attacker only wanted as much computing power as possible. He could have manipulated or sabotaged the machine. Any device hooked on the Internet can be abused – no matter it's a fridge, a coffee maker or whatever. You must be aware of this. It is huge amounts. By 2020, it is estimated that about 20 billion devices will be connected to the network.
"It's like anti-AIDS campaigns: we have to inform and give advice."
How to make it safer?
Manufacturers are in demand. As a consumer, I have to think about how I behave when I buy a device. For example, a security camera that is attached to the WLAN and warns me on the phone when an unauthorized person enters my house.
Where is the problem?
First of all, you should know that all the data that the camera takes is sent to the default manufacturer. If the device is not password protected, an attacker can access the WLAN. From this, for example, a burglar sees when we are at home and when not. Or the offender takes with the surveillance camera on the way someone a naked court at home, and can blackmail him with it.
What can you do about it?
Change the settings so that the camera does not turn on until you really need it. This also applies to new TVs equipped with a camera, which is always enabled by default according to the manufacturer. All of us, society as a whole, must rethink in general and leave open only the most essential functions of the equipment, and close everything else.
They often give lectures to raise awareness. Is it sufficient?
You should raise awareness more and more targeted. Best of all, the federal government with the private sector. It's our turn There are discussions with industry associations. We have concrete ideas, but they are not likely to fly this year.
What do you want to do?
For example, create a common home page that quickly provides information, advice and resources to the public and SMEs. Today, we also have leaflets with Melani. But if the criminals are new, it may take days to update the information in all languages. It's too long.
Will there be more resources in the future?
I suppose that. We must see where the state has an interest in protecting the economy and raising awareness. It's like the campaigns against AIDS: we need to inform and give advice. And then, it's the individual responsibility of every individual to protect themselves.
Source link
