With the surge in connected objects comes a growing need for cyber-security. Blaise Mao and his assistant Thomas Saintourens carried out a survey, whose results are published in a book entitled ‘Cyber Fragiles’ (The Cyber-Fragile).
In 2015, the number of cyberattacks worldwide increased by 38%. This rising trend is set to continue with the increase in the number of connected objects and devices in circulation, starting with our personal phones, and in future our cities. And the more connected we are, the more vulnerable we are. Blaise Mao, Editor-in-Chief of the French narrative journalism magazine Usbek & Rica, together with Thomas Saintourens, carried out a survey whose results have been published by Tallandier in ‘Cyber Fragiles – Enquête sur les dangers de nos vies connectées’ (The Cyber-Fragile – an enquiry into the dangers of our connected lives).
Interview first broadcast in French on L'Atelier numérique (L’Atelier Digital) on the BFM Business channel.
Companies, homes and perhaps entire cities could become targets for cyber-attacks. And you explain in your book that the first entry point will be our mobile phones…
Blaise Mao: The mobile phone is today the prime connected object. We don’t really think of the smartphone as a connected object, but it certainly is. And nowadays it’s one of the main targets for cyber-attacks. This threat is growing exponentially. For the purposes of the book we set out to find out who the hackers are, where the attacks come from and what form they take.
Making money is clearly the prime motive, for example by selling people’s personal data, but damaging a person’s e-reputation is also sometimes a reason. We also wanted to explain how we as citizens can move into the new digital era. The 2007-2015 period can be thought of as the first Digital Age, where we felt relatively comfortable. We were all fascinated by all these devices and the potential they offered. We have an almost magical relationship with technology. But we’re now trying to encourage people to take back control over their digital lives, to re-appropriate the technology.
You write that Henri de Castries, the soon-to-retire Chairman and CEO of AXA, said that cyber-risks were the only types of risk that keep people awake at night. Are today’s companies properly prepared for this?
Well, they’re prepared to some extent. But the digital revolution is happening so fast and the range of potential attacks is so huge that it’s very difficult to be ready to respond appropriately to the threat.
For example, 20 years ago a small or medium-sized company used to have ten to twenty workstations. It was quite easy to set the parameters for a small company’s computer system. We knew how to make it secure. The fact is however that nowadays we all work at night in bed, we work on our personal mobile phones. We also have work phones. We transfer personal data like that.
So in fact there are many more entry points now…
There are indeed many entry points, which makes a company’s confidential data much more vulnerable. The main trend in 2015 was what we call ransomware, i.e. software designed to extort a ransom from a victim. Groups of hackers target a firm with sensitive data and contrive to enter its system, often by sending an email with a link to malware. This way the hackers gain access to the data. They encrypt the data, encode it, and then restrict access to the infected computer system in some way, demanding that the firm pay a ransom to the malware operators to get the restriction removed, most often in bitcoin, so as not to leave any trace. They then send a USB stick so that the firm can decode its data. This is a genuine business model based on fraud. And what is striking is that they still ‘play by the rules’ even when defrauding companies!
As you said, we’re increasingly using our own devices. We take them to work and then use them at home. The line between home and work is becoming blurred. So could our connected objects end up spying on us in our own homes?
Well, this is really no fantasy. We’ve called our chapter on connected objects ‘Snitches in the Home’. People are now starting to use lots of little machines that are supposed to provide highly convenient services but which are in fact potentially computers. A ‘smart’ thermostat is a computer. The same goes for the Linky connected electricity meter we have in France. In the United States, there was the case of a baby phone that was hacked and the camera began to hurl insults at the baby. And there are other pretty scary stories. In fact there are specialised search engines which show all connected objects whose flows can be freely accessed. HP says that seven out of ten of the most widely sold connected objects have weaknesses.
So we’re calling on people to be a bit more suspicious. We might envisage a time in, say, five to ten years when insurance companies refuse to pay out if people use a password such as 123456 or don’t take the basic precautions necessary to protect themselves properly.
We’re going back to the same question, but shouldn’t our smartphones be the first devices that we protect against this sort of attack?
Yes, of course. The number of attacks on smartphones worldwide is rising at a bit more than 400% every quarter. This gives you some idea of the scale of the problem. Now that everyone has a smartphone, it has become the focus for attacks. Less than 50% of all device owners use a PIN to secure access to their phones. This is the first door that you can shut very easily. Add to that the fact that hackers are able, for instance, to switch on a microphone without this activation being displayed on the device screen. So typically, you’ll be in the middle of a meeting, negotiating a company takeover, and suddenly someone is able to record what’s being said and can potentially sell that data on the Internet! This has already happened.