Alert
Five Affordable Cyber Security Best Practices For Small Businesses
From extortion to robbery, small businesses have always been criminal targets. Today, their greatest threat may be cyber attacks. Fireeye reports that 77% of all cybercrimes are directed towards small business, yet only 42% of small business owners are concerned with cyber security.
One cannot stress the importance of cyber security on Main Street. According to the National Small Business Association, as many as 60% of small businesses that experienced a significant cyber breach will go out of business within six months. This is actually not surprising considering the fact that according to Visa the average breach costs $3.5 million.
Adding cyber security to your business does not require spending thousands of dollars or hiring your own IT person. The Federal Trade Commission recommends that small businesses follow these five affordable best practices to safeguard business and customer data.
1. Update your security software
Keep your software up to date, including making automatic security updates to operationalize your cyber security practices. You should also consider antivirus software providers such as MacAfee or Norton.
2. Protect your files
Back up important files offline, as well as in the cloud and external hard drives.
3. Create strong passwords and enable multi-factor authentication
Most devices, networks, and platforms require a password, and you should use strong passwords that include numbers, characters and different cases. Update your passwords every 2-3 months and create different passwords by device for optimal security. Enabling multi-factor authentication also offers an additional layer of protection, while allowing you to use a second device to access a temporary code to complete the login process if you forget your password.
4. Secure your router
Once your internet connection is established at your home or office, change the default network name and password shared with the internet provider support team. Update it with your own network name and password and turn off the remote management function.
5. Train your staff
Conduct quarterly or biannual training for your support staff on cyber security best practices and risk factors.
Today’s rapidly evolving age of technology has allowed small businesses to grow and enter the unchartered territories of the internet and data. Unfortunately, the geographical confines of crime have been completely redefined as well. Small businesses should take these simple and affordable steps to protect themselves.
Cybersecurity trends: Looking over the horizon
McKinsey examines three of the latest cybersecurity trends and their implications for organizations facing new and emerging cyberrisks and threats.
Cybersecurity has always been a never-ending race, but the rate of change is accelerating. Companies are continuing to invest in technology to run their businesses. Now, they are layering more systems into their IT networks to support remote work, enhance the customer experience, and generate value, all of which creates potential new vulnerabilities.
At the same time, adversaries—no longer limited to individual actors—include highly sophisticated organizations that leverage integrated tools and capabilities with artificial intelligence and machine learning. The scope of the threat is growing, and no organization is immune. Small and midsize enterprises, municipalities, and state and federal governments face such risks along with large companies. Even today’s most sophisticated cybercontrols, no matter how effective, will soon be obsolete.
In this environment, leadership must answer key questions: “Are we prepared for accelerated digitization in the next three to five years?” and, more specifically, “Are we looking far enough forward to understand how today’s technology investments will have cybersecurity implications in the future?” (Exhibit 1).
Exhibit 1
McKinsey’s work helping global organizations reinforce their cyberdefenses shows that many companies recognize the need to achieve a step change in their capabilities for cybersecurity and to ensure the resilience of their technology. The solution is to reinforce their defenses by looking forward—anticipating the emerging cyberthreats of the future and understanding the slew of new defensive capabilities that companies can use today and others they can plan to use tomorrow (see sidebar, “Maintaining vigilance over time”).
Three cybersecurity trends with large-scale implications
Companies can address and mitigate the disruptions of the future only by taking a more proactive, forward-looking stance—starting today. Over the next three to five years, we expect three major cybersecurity trends that cross-cut multiple technologies to have the biggest implications for organizations.
1. On-demand access to ubiquitous data and information platforms is growing
Mobile platforms, remote work, and other shifts increasingly hinge on high-speed access to ubiquitous and large data sets, exacerbating the likelihood of a breach. The marketplace for web-hosting services is expected to generate $183.18 billion by 2026.1 Organizations collect far more data about customers—everything from financial transactions to electricity consumption to social-media views—to understand and influence purchasing behavior and more effectively forecast demand. In 2020, on average, every person on Earth created 1.7 megabytes of data each second.2 With the greater importance of the cloud, enterprises are increasingly responsible for storing, managing, and protecting these data3 and for meeting the challenges of explosive data volumes. To execute such business models, companies need new technology platforms, including data lakes that can aggregate information, such as the channel assets of vendors and partners, across environments. Companies are not only gathering more data but also centralizing them, storing them on the cloud, and granting access to an array of people and organizations, including third parties such as suppliers.
Many recent high-profile attacks exploited this expanded data access. The Sunburst hack, in 2020, entailed malicious code spread to customers during regular software updates. Similarly, attackers in early 2020 used compromised employee credentials from a top hotel chain’s third-party application to access more than five million guest records.4
2. Hackers are using AI, machine learning, and other technologies to launch increasingly sophisticated attacks
The stereotypical hacker working alone is no longer the main threat. Today, cyberhacking is a multibillion-dollar enterprise,5 complete with institutional hierarchies and R&D budgets. Attackers use advanced tools, such as artificial intelligence, machine learning, and automation. Over the next several years, they will be able to expedite—from weeks to days or hours—the end-to-end attack life cycle, from reconnaissance through exploitation. For example, Emotet, an advanced form of malware targeting banks, can change the nature of its attacks. In 2020, leveraging advanced AI and machine-learning techniques to increase its effectiveness, it used an automated process to send out contextualized phishing emails that hijacked other email threats—some linked to COVID-19 communications.
Other technologies and capabilities are making already known forms of attacks, such as ransomware and phishing, more prevalent. Ransomware as a service and cryptocurrencies have substantially reduced the cost of launching ransomware attacks, whose number has doubled each year since 2019. Other types of disruptions often trigger a spike in these attacks. During the initial wave of COVID-19, from February 2020 to March 2020, the number of ransomware attacks in the world as a whole spiked by 148 percent, for example.6 Phishing attacks increased by 510 percent from January to February 2020.7
3. Ever-growing regulatory landscape and continued gaps in resources, knowledge, and talent will outpace cybersecurity
Many organizations lack sufficient cybersecurity talent, knowledge, and expertise—and the shortfall is growing. Broadly, cyberrisk management has not kept pace with the proliferation of digital and analytics transformations, and many companies are not sure how to identify and manage digital risks. Compounding the challenge, regulators are increasing their guidance of corporate cybersecurity capabilities—often with the same level of oversight and focus applied to credit and liquidity risks in financial services and to operational and physical-security risks in critical infrastructure.
Cyberrisk management has not kept pace with the proliferation of digital and analytics transformations, and many companies are not sure how to identify and manage digital risks.
At the same time, companies face stiffer compliance requirements—a result of growing privacy concerns and high-profile breaches. There are now approximately 100 cross-border data flow regulations. Cybersecurity teams are managing additional data and reporting requirements stemming from the White House Executive Order on Improving the Nation’s Cybersecurity and the advent of mobile-phone operating systems that ask users how they want data from each individual application to be used.
Building over-the-horizon defensive capabilities
For each of these shifts, we see defensive capabilities that organizations can develop to mitigate the risk and impact of future cyberthreats. To be clear, these capabilities are not perfectly mapped to individual shifts, and many apply to more than one. Management teams should consider all of these capabilities and focus on those most relevant to the unique situation and context of their companies (Exhibit 2).
Exhibit 2
Responses to trend one: Zero-trust capabilities and large data sets for security purposes
Mitigating the cybersecurity risks of on-demand access to ubiquitous data requires four cybersecurity capabilities: zero-trust capabilities, behavioral analytics, elastic log monitoring, and homomorphic encryption.
Zero-trust architecture (ZTA). Across industrial nations, approximately 25 percent of all workers now work remotely three to five days a week.8 Hybrid and remote work, increased cloud access, and Internet of Things (IoT) integration create potential vulnerabilities. A ZTA shifts the focus of cyberdefense away from the static perimeters around physical networks and toward users, assets, and resources, thus mitigating the risk from decentralized data. Access is more granularly enforced by policies: even if users have access to the data environment, they may not have access to sensitive data. Organizations should tailor the adoption of zero-trust capabilities to the threat and risk landscape they actually face and to their business objectives. They should also consider standing up red-team testing to validate the effectiveness and coverage of their zero-trust capabilities.
Behavioral analytics. Employees are a key vulnerability for organizations. Analytics solutions can monitor attributes such as access requests or the health of devices and establish a baseline to identify anomalous intentional or unintentional user behavior or device activity. These tools can not only enable risk-based authentication and authorization but also orchestrate preventive and incident response measures.
Elastic log monitoring for large data sets. Massive data sets and decentralized logs resulting from advances such as big data and IoT complicate the challenge of monitoring activity. Elastic log monitoring is a solution based on several open-source platforms that, when combined, allow companies to pull log data from anywhere in the organization into a single location and then to search, analyze, and visualize the data in real time. Native log-sampling features in core tools can ease an organization’s log management burden and clarify potential compromises.
Homomorphic encryption. This technology allows users to work with encrypted data without first decrypting and thus gives third parties and internal collaborators safer access to large data sets. It also helps companies meet more stringent data privacy requirements. Recent breakthroughs in computational capacity and performance now make homomorphic encryption practical for a wider range of applications.
Responses to trend two: Using automation to combat increasingly sophisticated cyberattacks
To counter more sophisticated attacks driven by AI and other advanced capabilities, organizations should take a risk-based approach to automation and automatic responses to attacks. Automation should focus on defensive capabilities like security operations center (SOC) countermeasures and labor-intensive activities, such as identity and access management (IAM) and reporting. AI and machine learning should be used to stay abreast of changing attack patterns. Finally, the development of both automated technical and automatic organizational responses to ransomware threats helps mitigate risk in the event of an attack.
Automation implemented through a risk-based approach. As the level of digitization accelerates, organizations can use automation to handle lower-risk and rote processes, freeing up resources for higher-value activities. Critically, automation decisions should be based on risk assessments and segmentation to ensure that additional vulnerabilities are not inadvertently created. For example, organizations can apply automated patching, configuration, and software upgrades to low-risk assets but use more direct oversight for higher-risk ones.
Use of defensive AI and machine learning for cybersecurity. Much as attackers adopt AI and machine-learning techniques, cybersecurity teams will need to evolve and scale up the same capabilities. Specifically, organizations can use these technologies and outlier patterns to detect and remediate noncompliant systems. Teams can also leverage machine learning to optimize workflows and technology stacks so that resources are used in the most effective way over time.
Technical and organizational responses to ransomware. As the sophistication, frequency, and range of ransomware attacks increase, organizations must respond with technical and operational changes. The technical changes include using resilient data repositories and infrastructure, automated responses to malicious encryption, and advanced multifactor authentication to limit the potential impact of an attack, as well as continually addressing cyber hygiene. The organizational changes include conducting tabletop exercises, developing detailed and multidimensional playbooks, and preparing for all options and contingencies—including executive response decisions—to make the business response automatic.
Responses to trend three: Embedding security in technology capabilities to address ever-growing regulatory scrutiny and resource gaps
Increased regulatory scrutiny and gaps in knowledge, talent, and expertise reinforce the need to build and embed security in technology capabilities as they are designed, built, and implemented. What’s more, capabilities such as security as code and a software bill of materials help organizations to deploy security capabilities and stay ahead of the inquiries of regulators.
Secure software development. Rather than treating cybersecurity as an afterthought, companies should embed it in the design of software from inception, including the use of a software bill of materials (described below). One important way to create a secure software development life cycle (SSDLC) is to have security and technology risk teams engage with developers throughout each stage of development. Another is to ensure that developers learn certain security capabilities best employed by development teams themselves (for instance, threat modeling, code and infrastructure scanning, and static and dynamic testing). Depending on the activity, some security teams can shift to agile product approaches, some can adopt a hybrid approach based on agile-kanban tickets, and some—especially highly specialized groups, such as penetration testers and security architects—can “flow to work” in alignment with agile sprints and ceremonies.
Taking advantage of X as a service. Migrating workloads and infrastructure to third-party cloud environments (such as platform as a service, infrastructure as a service, and hyperscale providers) can better secure organizational resources and simplify management for cyberteams. Cloud providers not only handle many routine security, patching, and maintenance activities but also offer automation capabilities and scalable services. Some organizations seek to consolidate vendors for the sake of simplicity, but it can also be important to diversify partners strategically to limit exposure to performance or availability issues.
Infrastructure and security as code. Standardizing and codifying infrastructure and control-engineering processes can simplify the management of hybrid and multicloud environments and increase the system’s resilience. This approach enables processes such as orchestrated patching, as well as rapid provisioning and deprovisioning.
Software bill of materials. As compliance requirements grow, organizations can mitigate the administrative burden by formally detailing all components and supply chain relationships used in software. Like a detailed bill of materials, this documentation would list open-source and third-party components in a codebase through new software development processes, code-scanning tools, industry standards, and supply chain requirements. In addition to mitigating supply chain risks, detailed software documentation helps ensure that security teams are prepared for regulatory inquiries.
Digital disruption is inevitable and will lead to rapid technology-driven change. As organizations make large-scale investments in technology—whether in the spirit of innovation or from necessity—they must be aware of the associated cyberrisks. Attackers are exploiting the vulnerabilities that new technologies introduce, and even the best cybercontrols rapidly become obsolete in this accelerating digital world. Organizations that seek to position themselves most effectively for the next five years will need to take a relentless and proactive approach to building over-the-horizon defensive capabilities.
AUSTRALIA TO SPEND $18.7 BILLION ON PUBLIC CLOUD SERVICES IN 2022
Spending on public cloud services in Australia is expected to be $18.7 billion in 2022, according to Gartner’s latest forecast representing a 31.8% growth compared to 2021’s $14.2 billion
Software as a Service (SaaS) accounts for almost half of the entire cloud market in Australia, but the fastest growing segments are Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
In January 2022, research firm GlobalData predicted that cloud computing spending would only exceed $20 billion by 2025; this includes public cloud services which represent 50% of the cloud computing market according to the GlobalData methodology. Despite their differences in spending pace, the two companies agree that PaaS will be the fastest growing public cloud service.
Sydney-based Gartner research vice president Michael Warrilow said the acceleration in cloud spending seen during the pandemic is expected to continue as organisations respond to a new business dynamic.
Hyperscale service providers increased their presence in the region last year, such as Amazon Web Services (AWS) with new on-premises zones in Perth, Brisbane and Auckland, and the Microsoft Azure data center in New Zealand, adding to the three previously currently operating in Australia.
Globally, end-user spending on public cloud services is forecast to grow 20.4 per cent in 2022 to total US$494.7 billion, up from US$410.9 billion in 2021.
In 2023, Gartner anticipates end-user spending is expected to reach nearly US$600 billion while end-user demand for cloud capabilities is expected to account for the increase in PaaS spending to $109.6 billion.
Globally, infrastructure-as-a-service (IaaS) is forecast to experience the highest end user spending growth in 2022 at 30.6 per cent, followed by desktop-as-a-service (DaaS) at 26.6 per cent and platform-as-a-service (PaaS) at 26.1 per cent.
“Cloud native capabilities such as containerisation, database platform-as-a-service (dbPaaS) and artificial intelligence/machine learning contain richer features than commoditised compute such as IaaS or network-as-a-service,” Gartner research vice president Sid Nag said.
“As a result, they are generally more expensive which is fuelling spending growth.”
In New Zealand, total spending on public cloud services is expected to reach NZ$2.58 billion in 2022, up 26.3% year-on-year. The fastest growing segments of the cloud market in 2022 are expected to be PaaS, followed by IaaS.
According to the Gartner 2022 CIO survey, 44% of CIOs in Australia and New Zealand had reserved cloud platforms for new or additional funding this year, ranking fourth behind cybersecurity, data and analytics, and integration technologies such as APIs
The new reality of hybrid work is pushing organisations to move away from feeding their workforce with traditional client computing solutions, such as desktops, to DaaS, which is driving spending to reach $ 2.6 billion in 2022.
Wall Street eyes cybersecurity, with Goldman Sachs announcing $125 million investment
Cyberattacks against the government and companies have increased, experts say.
Growing concerns over cybersecurity vulnerabilities in the United States are prompting record investments from firms to protect critical industries.
FBI Director Christopher Wray said last month that intelligence officials were “concerned” about the possibility of Russian cyberattacks against critical U.S. infrastructure in the wake of Russia’s war with Ukraine.
“The reason we’re concerned about it is not just based on our longstanding understanding of how the Russians operate, but it’s actually the product of specific investigative work and surveillance work that we’ve been doing all together,” Wray told an audience at the Detroit Economic Club in March.
Wray’s comments came a few weeks before Tuesday’s announcement that Goldman Sachs planned to expand its reach in supply chain cybersecurity, investing $125 million in a strategic partnership with a company that serves energy, government and aerospace and defense accounts.
Nikhil Gupta, a professor with New York University’s Tandon School of Engineering, who is affiliated with the NYU Center for Cyber Security, told ABC News the investment was part of a growing trend.
Over the past year, several private investment firms have invested hundreds of millions of dollars in cybersecurity. Former U.S. Treasury Secretary Steve Mnuchin’s Liberty Strategic Capital spent $525 million to acquire mobile security vendor Zimperium last month; Turn/River Capital acquired security policy management firm Tufin for $570 million earlier this month; and software security giant McAfee sold its Enterprise business to Symphony Technology Group for $4 billion dollars in March 2021.
Gupta noted that “more than 70% of manufacturing is conducted by actually small and medium-sized companies, and these companies don’t have resources to invest in upgrading their computers or, or implementing cybersecurity solutions.”
He added, “A lot of times they are manufacturing companies and they just don’t have expertise to even understand the value of electronic files which are transmitted to them.”
Goldman Sachs billed its $125 million investment as part of a new strategic venture with Fortress Information Security, a company responsible for securing 40% of the U.S. power grid, as well as assets in critical manufacturing and the nation’s defense industries.
Fortress is seen by industry insiders as one of the nation’s leading cybersecurity providers for critical infrastructure organizations with digitized assets. The company says its platform is focused on allowing customers to manage their outside vendors, assets and software as a part of their supply chains. The firm also maintains a central repository of security information shared by utility companies across the country.
“The depth and breadth of the Fortress platform are unmatched and we believe there is a meaningful opportunity to accelerate,” Will Chen, a managing director for asset management at Goldman Sachs, said in a statement about the new venture.
Chen noted Goldman Sachs’ investment will allow Fortress to expand its platform into “product adjacencies, including software and hardware bill of materials, workflow orchestration, and additional analytics and reporting capabilities.”
Gupta, the NYU professor, said the hefty investment was a start and “this investment should not be just one time.”
“No amount of investment is enough, and you can look at the attacks that’s happening and the targets that you have to save like nuclear power plants, and the supply chain for other kinds of manufacturing goods, which goes into billions of dollars,” he said.
Fortress Chief Operating Officer Betsy Soehren Jones told ABC News that the company’s “biggest risk right now is with small and midsize companies in the United States because they don’t think about cyber the same way that they think about a CPA or hiring a law firm or HR or anything else.”
“This can’t not be part of what they spend money on, but they don’t and so they become the biggest targets because of the information that they have,” she added.
Retired Navy Rear Admiral Mark Montgomery, a senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, told ABC News “the big issue is that we are vulnerable.”
“We know we’re going to be compromised. The question is, can we mitigate the impact of it and recover from it rapidly? That’s where investments are needed. That’s why investments like this one contribute to improve cybersecurity,” Montgomery said.
In recent years, the number of cyberattacks — specifically ransomware attacks — against the government and private companies have increased, Homeland Security Secretary Alejandro Mayorkas said last year at a U.S. Chamber of Commerce event.
One of the biggest vulnerabilities is linked to a commonly used piece of software called Log4j, a utility that runs in the background of many commonly used software applications, according to Homeland Security’s Cybersecurity and Infrastructure Security Agency. Log4j is widely used across the internet — from cell phones to e-commerce to internet-connected devices in homes and offices.MORE: DOJ official warns companies ‘foolish’ not to shore up cybersecurity amid Russia tensions
“This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use,” CISA Director Jen Easterly said in a statement in December.
Soehren Jones says the Goldman Sachs investment will allow them to address these types of vulnerabilities faster.
“The speed at which you answer these things is so critical. That’s what this is going to do…it’s going to be able to put us on warp speed when it comes to a response,” Soehren Jones said.
With the investment, Fortress said it plans to double in size in a year, growing to 400 employees.
Small business tax breaks for cloud, cyber security grow
Budget 2022: One-year boost to accelerate digital adoption.
Small businesses will be able to deduct a further 20 percent from the cost of cloud services and cyber security systems, as the federal government tries to accelerate digital adoption.
The government revealed the “technology investment boost” in its 2022-23 budget, with the measure to apply immediately and run until the end of June 2023.
“From tonight, every hundred dollars these small businesses spend on digital technologies… will see them get a $120 tax deduction,” treasurer Josh Frydenberg said during his budget speech.
Businesses with an aggregate annual turnover of less than $50 million will be able to claim the discount on “expenditure up to $100,000”, according to budget documents.
Cloud-based services, cyber security systems and portable payment devices are called out as acceptable “business expenses and depreciating assets that support… digital adoption”.
The measure is expected to reduce tax receipts by $1 billion over the next four years, though this will not be felt by the Australian Taxation Office until 2023-24.
Payments will also increase by $7.2 million over the forward estimates.
“The boost for eligible expenditure incurred by 30 June 2022 will be claimed in tax returns for the following income year,” budget documents state.
“The boost for eligible expenditure incurred between 1 July 2022 and 30 June 2023 will be included in the income year in which the expenditure is incurred.”
SOURCE: https://www.itnews.com.au/news/small-business-tax-breaks-for-cloud-cyber-security-grow-578038
Tech InDepth: Understanding Web 3.0
Here’s a basic understanding of Web 3.0 including what it means, why its meaning is subjective and some popular Web 3.0 trends.
Web 3.0 is probably a term you’ve been reading about more and more in recent months, especially if you’ve been keeping tabs on topics like cryptocurrency, blockchain and the future of the internet. But what exactly is Web 3.0? Is there a Web 2.0 and Web 1.0 as well? What’s expected to change with Web 3.0?
These are some of the questions we’ll be looking at in today’s edition of Tech InDepth.
What are these Web numbers?
Imagine the internet and the important milestones of how people interact with it since the beginning of the World Wide Web. This long journey is unofficially divided into three phases or generations. These are termed Web 1.0, Web 2.0 and Web 3.0.
There are no concrete lines that define the beginning or end of each phase, and there isn’t a governing body that decides this either, so when each phase ends, what it represents, or when it ends is all subjective.
Unlike cellular connections, where 2G, 3G, 4G and now 5G all have distinct boundaries in terms of data speeds, the technology involved, and the features it enables. But Web 1.0, Web 2.0 and Web 3.0 are concepts.
What is Web 3.0?
Web 3.0 is considered the next phase, successor to Web 2.0, which is considered the current phase. Before we get into further details let’s understand the journey so far.
Web 1.0 is considered the first phase, where most of the web accessible to people was Read-only, allowing users to simply read content and not really interact with it. This included content like news sites, portals and search engines. The entire web around this time was essentially like one large website with multiple pages all hyperlinked into one another.Also Read |Tech InDepth: A closer look at deep web and dark web
With Web 2.0, the major new aspect that came into play is interaction. Concepts like ‘liking’ something you read on social media, ‘commenting’ on videos and sharing interesting content became prevalent trends.
Content also started becoming more user-driven, where websites would feed off on user-data to analyse patterns and feed the users content they are more likely to enjoy, in turn spending more time on the sites. This also became a phase where ads started popping on pages, again based on these data bits, and monetisation of content started growing.
As we move towards Web 3.0, one major trend is expected to be decentralisation. This is basically a concept that takes power and/or control away from a single person or body, and gives it to the masses.
Decentralisation, blockchain and other Web 3.0 trends
A good example of this is cryptocurrency, which is essentially decentralised currency that is not governed or monitored by a single government, but rather operated and managed by the very people minting and using it in a simultaneous process. Check out the article below for more information on this.
With Web 2.0, the major new aspect that came into play is interaction. Concepts like ‘liking’ something you read on social media, ‘commenting’ on videos and sharing interesting content became prevalent trends.
Content also started becoming more user-driven, where websites would feed off on user-data to analyse patterns and feed the users content they are more likely to enjoy, in turn spending more time on the sites. This also became a phase where ads started popping on pages, again based on these data bits, and monetisation of content started growing.
As we move towards Web 3.0, one major trend is expected to be decentralisation. This is basically a concept that takes power and/or control away from a single person or body, and gives it to the masses.
Decentralisation, blockchain and other Web 3.0 trends
A good example of this is cryptocurrency, which is essentially decentralised currency that is not governed or monitored by a single government, but rather operated and managed by the very people minting and using it in a simultaneous process. Check out the article below for more information on this.
The whole point of the decentralisation element in Web 3.0 is considered by many to be bringing control back to users, instead of the creators. Web 2.0 services, for instance, may crash when the servers of a particular platform go offline at the headquarters. This, however, wouldn’t be possible with a Web 3.0 platform that essentially is run by everyone using it, in multiple, simultaneously updated copies via a P2P (peer-to-peer) network, like torrents.
Considered the next big element of Web 3.0 is blockchain. Blockchain, the backbone of cryptocurrency, is also key to how ownerships of digital assets will be verified and validated in the years to come. Just like NFTs (non-fungible tokens) other blockchain-based tech is expected to come up, where only verified content owners will gain monetary benefits of assets, and not middlemen.
Web 3.0 is also expected to change how monetisation and marketing will work on the larger scale, with Artificial Intelligence (AI) powering tech like Natural Language Processing (NLP) which is set to make interacting with computers more like interacting with fellow humans, rather than with a machine.
This will be further powered by the growth of 3D tech, AR/VR hardware and new user interface designs. The Metaverse, another concept that defines a digital universe in existence parallel to our own, entirely powered by new-age technology, is also set to play a big-role in the transition to Web 3.0.
Of course, there’s no telling when the transition to Web 3.0 will be observed, it could be quick, or a gradual one that perhaps we’re already experiencing right now. Either way, Web 3.0 is expected to change how the web works, how we interact with it, and what we use it for in the near future.
https://www.itnews.com.au/news/single-account-led-to-microsofts-lapsus-code-leak-577795
‘Single account’ compromise led to Microsoft’s Lapsus$ code leak
Attackers were interrupted mid-operation.
Microsoft has gone public over how the hackers that work under the Lapsus$ moniker got access to its systems.
Over the weekend, the hackers posted and deleted screenshots on Telegram that suggested they’d accessed code for Cortana and Bing.
In a blog post outlining Microsoft’s analysis of Lapsus$’ techniques, Microsoft said it managed to interrupt the attackers.
“Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion,” the post states.
“This public disclosure escalated our action, allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.”ADVERTISING
The attack did not result in any widespread compromise, Microsoft said.
“Our investigation has found a single account had been compromised, granting limited access.
“Our cyber security response teams quickly engaged to remediate the compromised account and prevent further activity.”
Similar to its response to previous code leaks, Microsoft added that having code viewed by outsiders is no longer the catastrophe it might once have been.
“Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk”, the post continued.
Dispelling The Biggest Myths In Cybersecurity
Dr. Oren Eytan is the CEO of Israeli startup odix and previously led the IDF cyber defense unit.
Consensus in cybersecurity is hard to come by. From CISOs with the resources and motivation to think big to nontechnical executives chasing the risk-reward train and putting an IT title on things to justify their confusion, nothing is as it seems. The forces of risk and technology are constantly shifting as tech leaders collectively attempt to create a baseline understanding of what’s at stake and what is feasible.
Experience has proven that cyber preparedness is only effective when the approaches don’t focus too heavily on the fear factor but rather shift toward attainable goals and practical skills to empower employees and digital citizens to protect themselves and their organizations.
In an attempt to push the conversation toward practical skills, I want to dispel some of the biggest myths in cyber protection and speak about how overreliance on these ideas has prevented many from tackling some of the biggest issues in cyber protection.
Myth: Cybersecurity is complicated.
Everyone has heard the talk around the water cooler: “It would be great to improve our cybersecurity policies, but it’s just too complicated.” This is often followed by the adage: “I don’t even know where to start, so what’s the use?”
Getting over the all-encompassing idea that cybersecurity is one massive problem, the conversation must be transformed into bite-sized and easy-to-apply steps. By demystifying the risks and providing clear context, cybersecurity becomes manageable for even the least technically savvy person on your staff.
Stat: 56% of Americans don’t know what steps to take in the event of a data breach.
Reality: Easy wins are achievable.
While it’s true cybersecurity can be complicated, it doesn’t have to be. From straightforward and nontechnical conversations about how to avoid common cyber risks to IT teams applying updates, patches and optimizing type filters to prioritize assets and determine the strength of cybersecurity, protection can be achieved.
For CISOs and HR, if they invest the time and resources to speak directly to everyday threats and common situations that impact employees across departments, low-hanging fruit can be found and some semblance of cybersecurity can be simply implemented. The context will always be king in making (typically boring) cyber threats into situations prioritized by your team. By removing unneeded technical jargon and focusing on easy wins, cybersecurity becomes more tangible to your team without drowning them in the process.
Myth: Cybersecurity is expensive.
There’s no such thing as a free lunch. Well, in cyber defense, this might not actually be the case.
Cybersecurity deployment comes in all shapes and sizes. From low-cost email filters and off-the-shelf antivirus software to high-end, fully bespoke cyber management policies with dozens of integrated solutions and costly advanced technologies in place to (attempt to) corner every threat, cyber solutions are as varied as their end users. As a result, businesses must realize that cybersecurity is more like playing a game of Tetris than playing the lottery. With the right combination of legacy solutions, innovative low-cost technologies and a proactive IT team, many of the most common cyber threats can be mitigated at minimal cost to the organization or managed service providers.
Stat: The average cost of antivirus protection is between $3 to $5 per user, per month, on their workstations, and $5 to $8 per server, per month.
Reality: Cyber education pays major dividends, with fewer upfront costs.
While it may be clear that every business must invest in technical solutions to keep its data secure, the investment in cyber education programs and improving HR’s holistic approach to instilling cyber skills across every (even nontechnical) department don’t always keep pace. And for the cost, this is probably the most significant issue in cybersecurity today.
Cyber education and awareness programs cost a fraction of what it takes to implement a significant technical cyber solution and provide massive dividends in long-term security, not just for your organization but also for the newly empowered cyber ambassadors you have formed.
To change the thinking that cybersecurity is expensive, ROI of cyber awareness initiatives needs to be better connected to long-term cybersecurity goals. While it’s seemingly simple to drop in a technical solution that touts a high level of system protection, it’s a completely different story when you understand that the human element drives the equation more than the toolbox they use.
Myth: Cloud vendors will keep you safe.
After going beyond the perceived structural limitations, from cost to complexity, the other end of the extreme must be addressed: a false sense of security due to the efforts of IT. Just as problematic as assuming cybersecurity is financially unattainable or beyond the technical capabilities of your team, the overreliance on IT security messages can also set your team up for almost certain failure.
Stat: Organizations often struggled to implement proper cloud security, resulting in more than 33 billion records (registration required) being exposed in 2018 and 2019 alone.
Reality: IT is pushed to its max.
The key to resolving this misjudgment in practical defense is by breaking down the barriers of communication and creating employee-focused cyber awareness programming. By providing an avenue that can both teach employees basic cyber skills as well as inform them about what actions their organization is already taking to enhance cybersecurity, everyone becomes better prepared to face cyber risk.
How To Shift Thinking
Changing the perceptions and understanding of risk in cybersecurity is an uphill battle — often achieved with little fanfare or personal appreciation. In practice, the only way to bring greater clarity in cybersecurity is for all players to commit to the cause, look past the perceived burden of investment in time or resources and engage internal IT leaders to chart a course toward enhanced cyber awareness.
Nothing changes overnight, and this is even more so in managing cyber risk. Only through the concerted effort to break down misconceptions and provide tactical solutions can enterprises effectively take on cybersecurity.
State of the Australian tech ecosystem
Australia’s tech ecosystem is booming and is undergoing an exciting period of expansion and innovation.
There are many factors that drive innovation in Australia, including the state’s focus on renewable energy, its high education and research facilities, and its booming start-up sector.
While the Australian tech ecosystem has been the home of large international success stories, the local start-ups ecosystem is also an important driver of innovation. This growth is due to the fact that a large number of start-ups operate in Australia. But in contrast to the US, Australia’s tech scene has a more limited size, and it is difficult to find international start-ups.
The country is known for its high-tech talent. The Australian tech ecosystem is an excellent place to start a business in the world, and its local companies are often the ones who make it happen.
2021 has been a record-breaking year for Australian technology businesses. Nearly US$5bn has already been invested into Australian and Kiwi startups, including massive growth rounds in the likes of Canva, Airwallex, and ROKT, which are now valued at US$40bn, US$5.5bn, and US$1.9bn, respectively.
Australian tech businesses have become attractive acquisitions for established overseas players, with A Cloud Guru’s US$2bn sale to Pluralsight preceding Square’s massive acquisition of Afterpay for US$29bn.
These events are amazing for our ecosystem. After many years of slowly building and turning the steering wheel, it is starting to turn at an ever-increasing pace.
DIGITAL INNOVATION ON THE RISE IN AUSTRALIA
The digital technology sector contributes about AU $122 billion (6.6 percent of GDP) to the Australian economy every year. This figure growth of 40 percent is expected between 2018 and 2023
Increasingly, both Australian and international entrepreneurs take advantage of stability Australian market as advanced technology test bench and market launch before they take new ideas or products all over the world.
The expansion of the technology sector is supported by growing venture capital (VC) and private equity (PE) ecosystem, showcasing a lot opportunities for international start-ups and VC companies
Australian innovators and entrepreneurs attract the world attention, especially in sectors where strong synergies exist
with traditional Australian industries.
These include :
- Agtech
- Medtech
- Fintech
- Cybersecurity
- Emergency services
- Transport
- Mining and resource technologies
- Digital technologies
The opportunities of digital technologies are not limited to technology-based companies and start-ups – they can create added value in all areas of the economy.
For businesses, these technologies have the potential to create new products, enter new markets, work more efficiently and improve bottom line results, better address consumer preferences through the use of data, and create safer work environments.
Australia has a thriving innovation ecosystem that welcomes international investors, partners and collaborators
Several of the world’s leading technologies companies have operations in Australia, designed for the country’s resilient economy, highly educated and digitally literate workforce, and proximity to emerging markets across Asia.
The Australian government also played key role in the development of technology industry. The industry development centres they build the ability and networking they have have been established in strategic priority areas from Australian government funds.
Emerging technologies
A range of emerging technologies are expected to change and improve many key tasks and interactions in the coming years, including how we work, travel and communicate with each other. Technologies such as artificial intelligence, blockchain and quantum computing present significant opportunities for people, businesses and the economy at large.
Artificial Intelligence
Artificial intelligence (AI) is a broad term used to describe a collection of technologies that can solve problems and perform tasks to achieve defined objectives without explicit human guidance.
Central to AI are automation and machine learning that underpin applications such as natural language processing (Apple Siri or Amazon Alexa), computer vision (Tesla Autopilot), and optimisation and decision support (Google Maps).
AI has the potential to automate repetitive or dangerous tasks, increase productivity and allow the development of innovative consumer products. It is forecast to add trillions of dollars to the global economy in the coming decades.
The Government is using artificial intelligence to increase administrative efficiency, improve policy development, deliver new and improved services, and analyse complex datasets.
Internet of Things (IoT)
The Internet of Things (IoT) refers to the growing use of sensors that record things like sound, touch, movement, temperature, and even chemical composition that are used to automatically collect data about people, the environment and objects and transmit this information over the Internet. .
The growing application of this technology has been made possible by the availability of better and cheaper sensors, the wide availability of Internet connectivity and the increase in computing power.
Blockchain
Blockchain is a digital platform that records, verifies and stores transactions made available on a network of computers according to a set set of rules. This eliminates the need for verification by a central body such as a bank.
Cryptography is used to secure transactions and costs are shared among network participants. The fact that the transaction history is visible and verifiable by all network participants allows for a much higher level of transparency and control than is otherwise possible.
While blockchain is still an evolving technology, it can be used in many industries and in almost any transaction that involves value.
Quantum computing
Quantum computing is an emerging technology that is said to exponentially increase the computing power available to help us solve problems that we cannot solve with existing computers. Quantum computers will be able to easily crack codes, and they have the potential to disrupt existing security methods that use encrypted data, such as in banking and other industries.
Prime Minister Scott Morrison said that Australia will spend $111 million on quantum technology development as Canberra identifies nine areas of technology it considers important to national interests.
Australia is recognised as a world leader in silicon-based quantum computing research, which is one of the most promising avenues for developing a commercially viable quantum computer.
As part of the National Innovation and Science Agenda, the Government invested $25 million in the Silicon Quantum Computing Pty Ltd venture, in partnership with leading academic institutions and businesses
Fintech investments in Australia.
In the second quarter of 2021, Australia’s fintech investment totalled approximately $563 million. Investments in Australian fintech fell significantly in 2020, but saw significant growth in the last quarter.
Dan Teper, Head of Fintech, KPMG Australia said, Australia is starting to reap the benefits of early investment in establishing a fintech ecosystem. Interest in banking-as-a-service solutions continued to grow, with the first half of the 2021 seeing Westpac moving forward with its development of a BaaS model
Other major banks have also focused on investing in ecosystems and vertical players in order to simplify and improve the experience for consumers, SMEs and merchants. For example, Commonwealth Bank invested $20 million in Amber Energy as part of a partnership to provide access to the wholesale energy process for its customers.
Digital Government
Australians can access Government services that are simple, clear and fast.
Outcomes:
- It is easy and safe to interact with Government online
- Government’s ICT infrastructure promotes the transformation and delivery of modern, future-proof digital services.
Technology allows government to get involved more easily with the community through various digital channels.
This guarantees the opinion of the people who use the government. services can be more effectively understood and
addressed in the development of new policies.
Australia does well on the world stage – for example, the latest development of United Nations e-government
Index ranks Australia second in the world, by third time running. Millions of Australians are already safe access a variety of government services online everyday through platforms like myGov. Those services include myTax (ATO), Medicare discounts, and a number of Centrelink claims and benefits
Digital Transformation
The government’s digital transformation strategy complements Australia’s technological future. It identifies what government needs to offer to be the world’s leading digital government. It shows how we will offer better services with greater flexibility, more agile policy, less bureaucracy, all enhanced by digital technology.
The Australian tech ecosystem has been boosted by several large success stories.
While the Australian tech ecosystem has long been underdeveloped and lacked a vibrant start-up ecosystem, the country’s recent boom has been marked by the emergence of a few large companies. But the success of these companies has not been a surprise.
The Australian tech ecosystem has grown quickly in the last few years, with many major global companies setting up shop. Despite this, there is still a lot of room for growth.
AirTags Are Linked to Stalking, and Apple Can’t Solve This Problem Alone
Apple needs to work with Google, Samsung, Tile and other rivals to find a fix, privacy experts say.
Apple’s AirTags are meant to be a high-tech solution to an age-old problem: finding misplaced keys, wallets and other personal items. But since Apple launched the diminutive Bluetooth trackers last April, they’ve also been used for nefarious acts – particularly stalking.
“It was the scariest, scariest moment ever, and I just want everyone to be aware that this exists,” Sports Illustrated model Brooks Nader said in a January Instagram post. She was describing an iPhone alert she received one night while walking home from a bar saying that a device had been tracking her location. Nader’s husband discovered an AirTag hidden in her coat pocket after she arrived home, she said in an interview on the Tamron Hall Show.
Experts I spoke with say it’s incumbent on tech companies to come together and find better ways to prevent Bluetooth trackers from compromising personal privacy. That includes not just Apple, but also Samsung, Tile and other companies making similar products with fewer safeguards. They could start by providing information to each other and to the public about how Bluetooth trackers are being exploited. Sharing findings on how their respective products are being used maliciously is critical for creating privacy protections that work equally well across all smartphones. It would ensure that all companies are operating on the same data when developing tools for preventing or mitigating abuse.
“I think that there are going to be limitations as long as the solutions remain with individual companies,” said Erica Olsen, director for the National Network to End Domestic Violence’s Safety Net Project.
Apple has made efforts to prevent misuse by encrypting the communication between AirTags and its Find My network. The company announced on Feb. 10 that it’s adding new privacy warnings to AirTags during the setup process. It’s also further reducing the amount of time it takes to notify an iPhone owner that an unknown AirTag may be traveling with them.
The company said in a press release that it’s “committed to listening to feedback and innovating to make improvements that continue to guard against unwanted tracking.” But when approached by CNET, Apple declined to say whether it would collaborate with other tech companies on a fix.
Whatever the answers, a solution is overdue. The companies may not be encouraging abusers to exploit their technology, but what they have done is made if far cheaper and more convenient to do so. Now it’s up to them to make it more difficult – or ideally impossible – to misuse their technologies.
In the meantime, though, there are ways you can protect yourself.
How AirTags work, and why they’re being linked to stalking
Sarah Tew/CNET
AirTags are button-sized, Bluetooth-enabled trackers designed to help iPhone owners keep track of personal items. Place one in anything from a wallet to a bicycle, and its location appears on a map within Apple’s Find My app for iPhones, iPads and Mac computers – a useful feature if an item goes missing. When an AirTag is out of the owner’s Bluetooth range, other Apple devices in the Find My network can detect it via Bluetooth and relay its location to the cloud.
But that amount of precision carries some risks. A wave of reports have shown AirTags being used for stalking and theft attempts, prompting the New York and Pennsylvania attorneys general to issue public safety alerts on Feb. 16. A Connecticut man was arrested for allegedly using an AirTag to stalk his ex-girlfriend by hiding an AirTag in her car, according to a Feb. 2 report from Fox 61. CBS News spoke last month with two Atlanta women who discovered they were being tracked by AirTags hidden in their cars. One of the women said she found an AirTag in her vehicle’s gas tank. And then in December, The New York Times spoke with seven women who believe they were being stalked via AirTags after receiving alerts on their iPhones. Two never managed to find the AirTag that may have caused the alert.
AirTags are getting so much attention in part because Apple’s network is so widespread. The company said in an April press release that its Find My Network is approaching 1 billion Apple devices. There are more than 1.8 billion active Apple gadgets in use around the world, Apple said in its January quarterly earnings call, so there’s plenty of room for the network to grow. (Participation in Apple’s Find My network is optional and can be disabled, so not every active product is in the network).
Other Bluetooth trackers have far less reach. Tile, for example, has sold more than 40 million devices worldwide to date. Tile’s network is slightly larger than that since it also encompasses compatible products from other companies, like Amazon’s sidewalk-enabled Echo devices. But it’s still no Apple. “You might go all day without coming within Bluetooth distance of a person who has the Tile app installed on their phone,” said Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation. “But good luck going all day without getting within Bluetooth distance of another iPhone.”
What Apple is doing to prevent unwanted tracking
Patrick Holland/CNET
Apple has put safeguards in place to prevent unwanted tracking, and it says it’s working with law enforcement on AirTags-related requests.
One of its most crucial protections is a notification that alerts iPhone owners when an unknown AirTag has been moving with them over a period of time. Nader, the model, said the only “silver lining” of her situation was that her iPhone was able to notify her that she may have been tracked. She contacted the police, who couldn’t do much since she didn’t have any information about who planted the device, Nader also said on the Tamron Hall Show.
Apple sends the unknown AirTag notification only when the recipient arrives home or at a significant location, like the gym or other frequently visited destinations, or by the end of the day. But it’s making an update later this year that will send that alert even sooner, although Apple didn’t share further specifics on timing.
The company has also announced a slew of other changes meant to thwart unwanted tracking. Later this year, those with compatible iPhone models (iPhone 11 and later) will be able to use Apple’s Precision Finding feature to see the distance and direction to an unknown AirTag that’s within Bluetooth range of an iPhone (about 33 feet). The company is adjusting the sound that plays when someone is looking for an unknown AirTag to use “more of the loudest tones” so that it’s easier to find. And AirTag buyers will now see a privacy warning when setting up their device reiterating that tracking people without consent is a crime in many regions.
That’s not all. When an AirTag is separated from its owner for a period of time, it will play a sound when it’s moved to make it easier to find. Apple decreased the amount of time it takes to play this sound from three days to a randomized time window of between eight and 24 hours. The company also launched a free Tracker Detect app for Android phones in December that can scan for any nearby AirTags that have been separated from their owner.
In a statement to CNET, Apple said it takes customer safety seriously. “AirTag is designed with a set of proactive features to discourage unwanted tracking – a first in the industry – that both inform users if an unknown AirTag might be with them, and deter bad actors from using an AirTag for nefarious purposes. If users ever feel their safety is at risk, they are encouraged to contact local law enforcement who can work with Apple to provide any available information about the unknown AirTag.”
Other trackers don’t have as many privacy protections
Apple’s privacy protocols exceed those of its competitors. Samsung’s SmartThings Find app allows users to scan for nearby unknown Galaxy SmartTags, but it doesn’t alert them proactively. Samsung declined to discuss whether it would add this functionality in the future. The company also said it’s “committed to providing secure mobile experiences to users.”
That said, Samsung has some privacy protections in place. Similar to Apple, its tags routinely change their device IDs to prevent the Bluetooth signal from being tracked over longer periods of time. And all user data is encrypted.
Tile’s products don’t allow people to scan for nearby tags that don’t belong to them, but that’s changing soon. The company is launching a feature in early 2022 called Scan and Secure, which makes it possible to search for nearby Tile tags from the Tile app, even if the person doesn’t have an account. Tile said it worked with advocacy organizations to develop the feature.
But like Samsung, Tile requires a button to be pushed in the app to find nearby tags – it doesn’t scan for them unprompted. Tile also said it will continue to consult with experts and build on this feature.
What it might take to prevent Bluetooth trackers from being misused
Nelson Aguilar/CNET
Although Apple and Tile are making progress, privacy experts believe much more needs to happen. The first order of business should be working with Google to make sure Android owners have the same protections as iPhone users, says Galperin.
Apple’s Tracker Detect has the same shortcoming as Samsung’s and Tile’s systems: It doesn’t proactively warn people if an AirTag is found nearby (a feature iPhones owners enjoy). The company declined to comment on whether it intends to add this feature to the app in the future.
Alexander Heinrich, a researcher and Ph.D. student at Germany’s Technical University of Darmstadt’s Secure Mobile Networking Lab, is one of the creators behind another app for detecting AirTags, called AirGuard. The free Android app launched in September, long before Apple launched its Tracker Detect.
AirGuard offers a few features Apple doesn’t, including the ability to scan for AirTags in the background without needing to press a specific button within the app. (Before that, though, you must give the app the necessary permissions to do so.) The app has more than 100,000 installs so far, according to its Google Play Store listing, but user reviews about the its accuracy have been mixed.
“On day one, I felt like OK, I have to do something for Android because also people were calling that out immediately,” said Heinrich. “Because they saw, OK, on iOS they have integrated it, but there’s nothing for Android.”
Developing more comprehensive protections for Android users is a good start. But to reach a real answer, Olsen says companies need to cooperate by sharing information about how their products are being misused. She points to the Coalition Against Stalkerware, an organization formed in 2019 to provide education and resources for combatting stalkerware. It counts the cybersecurity firms Malwarebytes, Kaspersky and Avast as partners – an example of how competing companies can work together to overcome privacy issues.
“People are unfortunately very clever with misusing products, and they’ll continue to find ways,” said Olsen. “So I think it’s going to be a constant kind of battle to continually evolve the product.”
Tile says it’s started discussions “both internally and externally” about working with competing companies to develop industrywide privacy practices.
“We can’t share more details at this time, but we look forward to seeing forward progress and welcome the opportunity to partner with other companies in the industry in the name of consumer safety,” Tile said in a statement to CNET.
Apple and Samsung declined to comment on their respective future plans.
Understanding the scope of the problem
Sarah Tew/CNET
Part of the challenge is that it’s unclear how often AirTags or other similar Bluetooth trackers are being used for stalking or theft, says Jen King, privacy and data policy fellow at the Stanford Institute for Human-Centered Artificial Intelligence.
“At this point, I feel like it’s all anecdotal,” she said.
Heinrich and his colleagues are trying to help answer that question, too. The Technical University of Darmstadt is using the AirGuard app to conduct a study that could potentially reveal how often AirTags are being exploited for stalking.
AirGuard users can opt into the study, which would enable Heinrich and his colleagues to collect anonymized data untraceable to individuals. Information collected includes the signal strength of discovered AirTags, the number of notifications sent to the user and the dates and times pegged to those alerts.
Still, using data like Bluetooth signal strength and notification frequency to get an idea of how often AirTags are being used for stalking is tricky. Heinrich and his colleagues can see when AirGuard sends notifications, but they don’t have the context behind these alerts. Many users could simply be trying out the app to see if it works, for example. That’s why the team is planning to conduct a second study that includes a questionnaire to add more context. In the meantime, data like Bluetooth signal strength may help Heinrich and his colleagues understand how close the AirTag in question might be to the user.
“We try to use this information to see if, for example, that might have been an actual tracking attempt,” Heinrich said. “Because then the device is probably closer than if you have gotten a false alarm by someone who was sitting next to you on the bus, or something like that.”
What users can do to protect themselves today
Sarah Tew/CNET
Right now, Android owners can download an app like Apple’s Tracker Detect or AirGuard to check for rogue AirTags. Meanwhile, iPhone owners will receive an alert that says “AirTag Found Moving With You” without having to download an app. If it’s a different Find My-enabled product, iPhone owners will receive a similar alert showing the product’s name.
Manually searching areas that could make for good AirTag hiding spots, such as inside pockets or underneath car cushions, is also a good idea. We have an article with advice about how to prevent unwanted AirTags tracking, and Apple has a support page dedicated to the topic.
There’s another factor at play that makes it difficult to circumvent threats that may emerge from new tech products. We simply don’t have the same instincts for avoiding potentially dangerous virtual scenarios as we do in real life, says Petros Efstathopoulos, the global head of NortonLifeLock Research Group, the security software provider’s research arm.
“If you’re sitting in your living room, and you see somebody looking through the window, you have a very kind of instinctive reaction to that,” he said. “And you’re like, ‘Who are you? Why are you looking at me?’ So that kind of trust or lack thereof, that sense of safety and trust doesn’t map very well to the digital world.”