Support 100 years of independent journalism.

  1. Science & Tech
28 January 2016updated 01 Aug 2021 11:10am

The six things cybersecurity experts are worrying about

Ransomware, the war on the password and why you are your phone’s worst enemy.

By Barbara Speed

Depending on how you look at it, this is either a terrible time or a great time to work in cybersecurity. There could be up to 50 billion connected objects worldwide by 2020, a tenfold increase on the number we have today. And wherever there’s an internet connection, there’s a chance it could be hacked. 

The International Forum on Cybersecurity took place in Lille earlier this week, attended by politicians, academics and representatives of private companies. All were there to figure out how to avoid the pitfalls of this explosion of connections, and to chat about the worries which keep them up at night. Here’s what they said.  

1. Hackers love the “internet of things”

Kettles, fridges and bins connected to the internet (collectively known as the “internet of things”) are likely to be even less secure than smartphones and computers. This is for a whole panoply of different reasons. 

First, products on the market so far have come with passwords set by the manufacturer which users are unlikely to change, and are therefore easy for hackers to guess. “ABCD”, “1234” and “0000” are all a good place to start. 

In the future, more and more of these devices will be produced cheaply and sold over the internet with no instruction manuals or seller input, exacerbating the problem. Fabrice Clerc of 6Cure, a cybersecurity company, said connected objects are “very appealing for the hackers”, especially when they’re built with “low cost components”. 

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. A weekly newsletter helping you fit together the pieces of the global economic slowdown. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.

Does it matter? It does when these breaches could lead to hackers corrupting or stealing your data, hacking into your WiFi connection, or controlling your home. A connected life could easily become a hacked life. 

2. The weakest component of any connected object is the human using it

Humans are a security nightmare. They open spam emails, visit sites filled with viruses, leave their devices lying around and forget to update their software regularly. 

Content from our partners
Transport is the core of levelling up
The forgotten crisis: How businesses can boost biodiversity
Small businesses can be the backbone of our national recovery

Maryline Boizard, a law lecturer at the University of Rennes, explained that the human using a device can undermine pretty much all of its security features. “You can have a really secured object, but it all depends on the user,” she said. “If your password is ‘admin’, that object is dead.” This is partly because… 

3. Passwords are terrible

As should be becoming clear by now, anything with a password is instantly more vulnerable to hacking. Nicole Jones of Google told the conference that the company doesn’t really believe in them anymore – that it has joined the “war on the password” which is gaining momentum throughout the sector.

That’ll be why it keeps making you sign up for two-step verification using your mobile number, then. It’s also why banks make you generate a passcode on a little bit of plastic before it’ll let you into your account. A simple string of letters and numbers isn’t enough to be sure the right person is logging into an account. 

4. We still need to worry about viruses 

This might seem a little 2002, but viruses are a bigger problem than ever. Huawei, the telecoms and ICT company, reckons that around 20 million new malwares are invented every day. Nicole Jones of Google says that most viruses are contracted via normal sites which have been attacked, rather than sites dedicated to taking your computer down, so they’re even harder to avoid. 

5. Apps are really insecure 

Users also seem spectacularly unconcerned about the security of the apps they download. A rep from Pradeo, a mobile security firm, told me that 100 per cent of the paid apps on Android and 56 per cent of those on the Apple store were cracked in 2013. Financial institutions’ apps are particularly vulnerable: around half have been hacked on Android and a quarter on Apple. 

6. Cybercrime has become a profession 

Hacking has gone from being the province of a small and curious minority to forming its own black market, thanks both to the people willing to pay for information (however it’s obtained) and the fact that firms will pay small ransoms so hackers leave them alone.

A representative from Europol said that “we’re now seeing a lot more extortion as part of the business model”, leading to the rise of the term “ransomware” to describe small-scale, ransom-focused hacks. Christophe Jolly of Cisco France confirmed that we’ve seen an “industrialisation of hacking” in the past decade or so. 

7. Security can’t keep up with technology 

Overall, we need to accept that our devices aren’t really secure – they never have been, and probably never will be. John Suffolk of Huawei said he often asks rooms full of cybersecurity professionals how to keep a device truly secure, and the answer is always the same: “Don’t turn it on.”

If you’ll insist on actually using your devices, keep the software updated, read the manual, educate yourself on scams and malware, and for god’s sake, choose a good password. 

Topics in this article: