In-depth

Why security vendors need a red card during the World Cup

The World Cup is being seized on by security vendors to spread FUD. Davey Winder's not impressed

Football

OPINION: Unlike many people, I am not a fan of football and the inescapable hype surrounding the ongoing kicking competition known as the World Cup irritates me. On a professional level, however, it makes me mad.

It's not just the football World Cup, but any and every major sporting occasion attracts the data security chancers. The sad thing is there are chancers on both sides of the security divide and I want both to be shown a red card.

There is no doubt that the scammers,  spammers, phishers and the malware distributors of this world will be rubbing their hands with glee at yet another chance to exploit the naivety of the average internet user.

There is also no doubt the volume of online bait (be it email or web-based) using the World Cup as a hook will be peaking during the coming few weeks as we reach the climactic final stages of the competition.

Advertisement
Advertisement - Article continues below

That should be taken as a given by any enterprise that deploys a sensible education programme warning staff about how the bad guys work. Apart from a gentle reminder to be on guard at such a time, there's really no need to go overboard with the World Cup data danger warnings.

There's no doubt the volume of online bait (be it email or web-based) using the World Cup as a hook will be peaking during the coming few weeks.

What about the chancers on the security vendor side of the fence? In an effort to shift product, more often than not, events like the World Cup are met with a veritable hail of press releases warning users not to click on that World Cup news report, visit that site selling cheap World Cup tickets or download that fake World Cup results app.

It's all good advice, for sure, but it's all good general advice that applies every day of the year and not just during a big event. This jumping on the hype bandwagon only serves to dull interest in the message, rather than sharpen attention to it.

Worse, the sheer glut of World Cup-related security stories which appear every four years serves to drown out potentially important warnings that could actually help prevent data loss.

In the case of the World Cup, for example, I have received no less than 139 separate press releases claiming to be of urgent priority to my readers and urging me to pass the information on.

Of these, only half a dozen cover two topics that can genuinely be said to have any real impact or value to the enterprise.

One being news of the Anonymous #OpWorldCup DDoS attack strategy, which just about cuts the relevance mustard, and the other details how malicious USB charging points can be used to steal data.

DDoS alerts

The Anonymous DDoS attacks have been threatened for some time, and the actual impact is debatable. I'm inclined to say the 'you need DDoS mitigation' advice being pedalled on the back of this still falls under the World Cup FUD category, although enterprises that have even a loose affiliation to targeted commercial or governmental sites may do well to ensure their strategic plans are up to date.

Advertisement
Advertisement - Article continues below

Of far more interest to me, and I suspect anyone who has staff that travel a lot, is news about the deployment of fake battery chargers in Brazil.

I had not previously heard of these devices, which look like genuine AC/DC power sockets complete with a handy USB port for charging, and appear in public places such as bus depots, train stations and cafes.

The malicious bit comes courtesy of the unit being plugged into a real socket so it will still charge your mobile or tablet, while stealing data via the USB port or even installing malware in some cases.

The best advice being that staff should always carry a spare battery pack or booster, and be wary of using any chargers in public places. Add this to your educational advice about not using free Wi-Fi and you could prevent an own goal.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019