UC San Diego

When it comes to preventing big computer hacks, it's all about patching the holes

It’s time to sit up and pay attention. Increasingly bold and sophisticated cyberattacks are becoming commonplace, leaving millions of people at risk — from everyday consumers to top-level corporate employees.

Last year, Target and Home Depot suffered massive malware attacks that compromised customers' debit and credit card information, and last month’s hack of Sony Pictures Entertainment has escalated to an international incident with historic ramifications.

Digital pirates are getting more and more brazen, costing global businesses and consumers between $375 billion and $575 billion a year, according to a recent study by Washington, D.C.-based public policy think tank Center for Strategic and International Studies.

So how best to protect against the cybercriminal? The answer is a bit complex, and it involves both the security software and the individual or corporate computer user.

Patching it up

The goal of software producers isn’t to minimize cybersecurity risk — nor should it be, according to Terrence August, professor of innovation, technology and operations at UC San Diego’s Rady School of Management. Rather, those software producers must analyze economic trade-offs involving the uncertain benefits that increased security investment might bring.

In other words, it’s a fact that hackers and other malicious actors are highly adaptable and that consumers are usually behind the curve, leaving themselves vulnerable to attack. August, a cybersecurity expert who has consulted for major corporations such as Honeywell and Time Warner, focuses his work on finding ways to provide incentives that would increase consumer participation and on advising software companies on how best to ramp up their efforts.

For many breaches, security patches are available that would easily prevent the crime, August said. The weak link is the individual.

Diligently updating software with patches, which are regularly released by companies such as Microsoft, is a major factor in foiling attacks. Not only does it guard individual consumers but also the computing public as a whole, as a better-protected population is a deterrent to hackers.

“Software producers develop these security patches quickly, and yet consumers often significantly delay deployment, if doing so at all,” August said. “We’ve studied how consumer rebates might increase incentives for staying up-to-date with the latest patches.”

Staying a step ahead

Aside from downloading security patches, there are a number of other steps that can help protect against cybercrime.

“The use of functionally equivalent software products that are less popular is one means of mitigating risk,” August said. For example, users can forgo well-known Web browsers such as Internet Explorer, Chrome or Firefox and opt instead to use Opera or Safari. Choosing a functionally equivalent product with a smaller user base might expose you to less risk.

“Of course, any software can still be attacked,” August said, “but hackers have greater expected payoffs from writing malware that spreads across a larger user base than a smaller one.

“Using a mix of cloud and on-premises software offerings can also be beneficial because the distinct risk profiles help to diversify the risk being faced,” he added. August also recommends regularly running security programs and antivirus software on business and personal computers.

Exercising discretion

He also advises that people think twice and use more caution when it comes to getting online — especially if they’re using public Wi-Fi, which might not be secure and could be vulnerable to hacking. Encryption is key.

“If you do [connect to public Wi-Fi], be smart and connect to a VPN to encrypt your traffic,” August said. A VPN, or virtual private network, is a means by which users can secure their communications when connected to a public network. You can set up a VPN within your computer’s “Network and Internet Connections” menu.

Another piece of simple advice: Be careful about which mobile apps you download.

“People should use considerably more discretion,” August said. “My recommendation is to only install and use critical mobile applications from trustworthy sources and pay attention to the privileges being granted [to third-party access to your private data].”

Continued education and research are also crucial in protecting against more invasive and damaging cyberattacks, August said. His work is perhaps just beginning.

“Cybercriminals have become increasingly brash in their actions, and there is still a lot of room for improvement in how consumers and businesses protect their information assets,” he said.

Robert Young, Brand Publishing Writer

Copyright © 2016, Los Angeles Times
71°
ADVERTISEMENT