When Apple Inc. announced it had a security breach at its developer portal last week, it issued this statement:
“An intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed.”
While any developer registered to build apps on Apple must have been relieved, the incident immediately raised some troubling questions – what did the hacker manage to get from his or her illegal foray? Apple’s answer – that the hacker might have gotten access to some developers’ names, mailing addresses, and email addresses – can’t have been a reassuring one.
With stories every week of hackers waiting to prey on unsuspecting e-mail recipients, accidental security breaches of once-secure databases, and governments planning secret digital surveillance, it’s easy to see why so many of us are now on edge when it comes to protecting our privacy and security.
Yet despite all of the fears around privacy and security, there are many companies out there trying to offer solutions to both business’ and consumers’ privacy concerns – whether it’s as an all-in-one solution, or several smaller solutions for specific problems.
For example, at McAfee Canada, the company offers multi-layered solutions, with various defensive mechanisms covering more than one part of the network. For example, one safeguard watches how data enters through USB ports, while another monitors Internet gateways and provides malware detection, says Doug Cooke, director of sales engineering at McAfee Canada.
This is even more necessary than it once was, he adds, saying he’s noticed an upswing in the level of sophistication among today’s hackers.
“Going back a few years now, when hacking and virus activity first started, it was more stuff hackers were doing to entertain themselves and to get prominence on the Internet,” he says. But nowadays, he says, hackers are more concerned with financial gains rather than bragging rights.
After creating a new virus, today’s high-level hackers are more concerned with attacking very small segments of a network to get something valuable from that, whether that be financial data or personal information.
That means security companies are often left playing catchup in creating solutions that are more preventative than anything else. For example, Cooke says, many security solutions involve whitelisting some applications to be executed, whereas others are not allowed to execute for fear they are dangerous or harmful to a device or network.
While it is helpful to have network-based intrusion prevention systems, or different ways to spot malicious activity, in some ways security companies are still playing catchup, he says.
“There always is a cat-and-mouse game, and hackers are well-funded, they’re very knowledgeable, and they do keep ahead of us,” he says. “And that’s why there’s a whole industry trying to keep up to them.”
But while multi-layered defenses are a good idea, it doesn’t hurt to also pay attention to smaller, more targeted solutions, says Chris Houston, founder and CEO of Toronto-based startup SurfEasy Inc.
SurfEasy focuses on providing small-to-midsized businesses (SMBs) and consumers a virtual private network (VPN) in places with unsecured Wi-Fi, like the local coffee shop. The private network prevents hackers from getting access to users’ data, or from being monitored while users look at different Web pages. It’s available for all devices, including mobile.
While marketing a VPN solution is still difficult, as many consumers don’t understand its function, what they do understand is the need to protect their online privacy. And in some ways, that marks a shift from worrying about security and relying solely on anti-virus software, Houston says.
“The privacy space will become much more relevant … What’s dominating the news is big data, big government, all recording and monitoring everything we’re doing online,” he says. “(SurfEasy’s) current solution definitely solves a portion of that issue, but I think you’re definitely going to see a shift, especially in the consumer space and even among SMBs and enterprise.”
This might be a good thing for smaller businesses looking to protect their customers’ privacy, or for individuals looking for cheaper home solutions, says Tamir Israel, a lawyer for the Canadian Internet Policy and Public Interest Clinic (CIPPIC).
SMBs don’t have all of the resources to make privacy or security their top priority. What they can do is hire consultants who will go through their networks and check for any gaps or loopholes that could be exploited.
Once they’ve enlisted the help of a consultant, SMBs can then pick and choose through third-party service providers like startups, getting a cheaper solution to patch up whatever areas need to be better protected, Israel says.
“The problem is, from a company’s perspective … you just have to spend more time making sure every ‘t’ is crossed and every ‘i’ is dotted, and make sure you make use of this growing market of third-party tools or consultants,” he says.
Ultimately, SMBs can choose to pay for services from a major provider or a small startup, but keeping data private and secure is a concern for everyone, Houston says.
“[Privacy and security concerns] are gone from the tinfoil hat crowd,” he says. “It’s about as mainstream an issue as you can get for Internet-related topics.”
“Companies have been collecting and monetizing users’ data … there’s been a lot of unchecked investment in that space within the last little while, and I think this is kind of the pendulum swinging back.”