You have written that there is no effective law enforcement to counter or punish cybersecurity attackers and hackers. How do you envision this changing in your lifetime? How can law enforcement and governments protect their citizens?
There are many reasons that cybercrime often goes unpunished today, and entire books could be written to answer how government and law enforcement can better protect citizens. There are many areas in which improvement is needed: Laws need to change, enforcement agencies need more flexibility to hire experts, international cooperation needs to be obtained (diplomatically, if possible), lawmakers need to invest time to stay current with technology knowledge rather than spend their time raising campaign funds, various sections of government need to listen not only to representatives of large corporations, but also to experts who often are independent or work for small firms, enforcement of laws needs to be uniform without regard for alleged perpetrators’ political connections or the political ambitions of prosecutors, stolen data needs to be treated as stolen property, etc.
If you have nothing to hide, what is there to worry about with regards to surveillance?
The argument that anyone who “has nothing to hide” doesn’t need to worry about surveillance is simply wrong, as surveillance undermines privacy, not just “hidden things.” How many people who consistently post about their successes on Facebook don’t mention when they fail at something important or when they are caught doing something that they should not have done? How many people who Tweet regularly tell the world about highly personal issues such as medical problems, marital fights, or embarrassing scenarios? How many people who share selfies also post photos of themselves taking their medicine for a chronic condition, crying over emotional pain, using the bathroom, or engaging in sexual activities? We all have private moments and negative experiences that we do not announce to the world or wish to have others watch. When people think about how much they wish to keep private, they start to grasp how dangerous surveillance can be. Not only may those performing the surveillance obtain our private information, but, if they don’t adequately protect it, the whole world may see it.
What do you believe are the biggest security risks to social media? What should users do to protect themselves against these risks?
While there are multiple issues related to social media security, the biggest risk is people making posts without understanding the consequences of those posts. Besides harming one’s personal relationships, professional career, or reputation, a problematic post can harm one’s employer’s brand image, leak its confidential information, lead to it being sued, or violate regulations. Oversharing information can even help criminals to craft highly-effective spear phishing emails, thereby undermining organizational information security and leading to major data breaches. While people should think about what they post, relying on people to “always do the right thing” is a recipe for disaster (think what would happen if we relied on people to practice good cybersecurity hygiene and did not issue them anti-virus software), which is why technology is needed to warn people in real time when they are making problematic posts, from whatever locations, devices, and accounts they make them.
What pieces of everyday technology are people using without realizing the cybersecurity threats behind them? What kind of data is being shared through things like wearables, smart phones, smart watches, etc?
The less something looks like a classic computer, the less people seem to think about cybersecurity when using it. Even though, in some ways, smartphones and tablets pose greater risks to information security than do laptop computers, for example; people often take fewer precautions with these devices than with their laptops. And, when it comes to wearables, or other connected devices, people almost never consider what security risks are created by utilizing the machines. How many people who have purchased connected televisions, thermostats, or refrigerators have truly thought about segregating those devices on separate networks, of monitoring those devices’ activity for anomalies, etc.? Probably only a small percentage. And smart-device manufacturers often don’t adequately address security either – since purchasers aren’t willing to pay more for it. And, that’s one of the reasons that denial-of-service and other forms of attacks are likely to leverage these devices going forward.
Smart devices don’t create risks only to the data that they house and process; the devices can become launching grounds for attacks against other devices, can be used to monitor network traffic from computers, can be used as zombies as part of distributed denial of service attacks, etc.
Joseph Steinberg is a respected cybersecurity expert, who is the founder and CEO of SecureMySocial, which recently brought to market the world’s first system to warn people in real time if they are making inappropriate social-media posts. Earlier, he served for a decade as CEO of cybersecurity firm, Green Armor Solutions, and for five years in several senior capacities at Whale Communications which was acquired by Microsoft. Joseph has been calculated to be one of the top 3 cybersecurity online-influencers worldwide and is a frequent media commentator on cyber-related matters. He is the inventor of several cybersecurity technologies widely-used today; his work is cited in well-over 100 published US patents. He is a regular columnist covering cybersecurity for Inc. magazine (and earlier for Forbes), and has written several books on the field as well. Joseph also serves as an expert witness and consultant on issues related to information security, and is a member of the advisory board of multiple technology companies.
Twitter: @JosephSteinberg
