Now that the Republican National Convention (RNC) is over, it’s time to review what may be the biggest story to come out of that event. It’s a story of widespread deception that fooled many, and the possible consequences of the success of that deception.
I’m talking, of course, about the duping of some 1,200 convention delegates, who were fooled into logging onto fake, “free,” public Wi-Fi networks.
Fake Wi-Fi Networks
Avast, an antivirus software purveyor, set up fake Wi-Fi networks with real-sounding network names (SSIDs) for a single day. And ignoring much of the non-political news of the day and any education they may have received at work, delegates connected.
“Some 68.3 percent of users’ identities were exposed when they connected, and 44.5 percent of Wi-Fi users checked their emails or chatted via messenger apps,” The Register reported on July 21.
In many cases, delegates were completely clueless about the risks they were taking. “With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting. Although convenient, this feature is eminently easy to exploit by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, web traffic can be visible to anyone on any Wi-Fi network that is unencrypted. Any Wi-Fi that does not require a password is a risk,” the article added.
Now, none of the preceding paragraphs should be news to anyone carrying a smartphone, whatever the delegate selection criteria were for this event. But sadly, the RNC Wi-Fi debacle is more typical than exceptional.
People Open Phishing Attachments
In his recent blog post, Ransomware: The Threat and How to Protect Your Enterprise Part 1, my learned colleague Eran Livne noted that “23 percent of those who receive phishing emails open them, and 11 percent of those recipients click on attachments to those emails,” from the Verizon 2015 Data Breach Investigations Report.
Verizon also found that a phishing campaign of as few as ten emails was more than 90 percent likely to fool at least one recipient. This despite earnest user education efforts about ransomware, not to mention highly visible media coverage.
Which brings us to the crux of the issue: the all-too-human tendency to know, but not to do.
To Know, But Not to Do
“Currently, more than one in three American adults over 20 is obese—up from roughly one in four 20 years ago—and nearly 70 percent are overweight,” reported Catey Hill in the December 2015 MarketWatch.com article.
And those figures make weight loss big business.
“Companies that focus on weight-loss services (think Nutrisystem and Weight Watchers) raked in $6.3 billion in revenue in 2015, according to an IBISWorld report; sales of supplements—many of which promise weight loss—add billions more,” the article added.
By the way, that IBISWorld report estimated 2015 profits for weight-loss companies at $934.5 million.
The amazing thing about this market? Most weight-loss advice boils down to the same guidance: eat more mindfully and move more often. Which implies that most of us who struggle to avoid the “obese” category know what we need to do, but just don’t do it.
Wi-Fi security is a lot like weight loss. Tons of money gets spent on Wi-Fi security, but someone puts themselves, their personal information, and their company’s networks at risk every day by connecting to networks with no or inadequate security.
You Know What to Do, So Do It!
So, as Eran also said in his blog post, “…by all means, implement a user-education program—but also take at least some basic measures to protects the data on all endpoint devices.”
Then, head for the LANDESK webinars page, and register for our August 3 webinar on: “Ransomware: The NSA’s Top 10 Mitigation Strategies (and More),” which will feature LANDESK CSO Phil Richards.
Don’t forget to check out some of our solutions for fighting ransomware and other IT threats, including our free white paper below. That way you can minimize the negative effects of that all-too-human tendency mentioned earlier, “to know, but not to do,” the next time it hits one of your colleagues. Or you. (Just sayin’.)