Aviva Zacks of Safety Detective had the privilege of sitting down with Tim Berghoff, G Data’s security evangelist. She found out what he thinks about modern-day smart devices and how much he worries about his mother and other seniors.
Safety Detective: How did you get into cybersecurity?
Tim Berghoff: I started working with G Data in 2009, initially in support, and I had contact with everybody from home users to business users and public institutions. There, I started to gain an understanding of what problems users have and what we could do to help them.
I also worked with several customers on projects on an international scale, and that gave me some insight into the challenges and limitations that many organizations face. That is a journey that’s taken me the best part of 10 years so far.
Today, my primary role is security evangelist. I always keep an ear to the ground about current IT security trends or emerging ones that might become relevant in the future. I also take what I learn and make it understandable to the general public, whether for home users or B2B users.
SD: Can you tell me about G Data and who it serves?
TB: G Data has been around since 1985. We were the first company that provided a commercially available antivirus software back then. It was for the Atari platform, so we obviously have always focused on modern operating systems, initially for home users primarily.
About 20 years ago, we got into the B2B market and now sell our solutions worldwide. We have customers in every industry that you can think of: governments, public institutions, and private companies.
SD: What are the cyberthreats that end users and businesses need to be concerned about these days?
TB: The media likes to present very intimidating stories about all manner of cyberthreats and zero-day exploits. From my point of view, home users should not really be concerned about these things because when it comes to trying to steal any kind of data, attackers usually go with the path of least resistance. They would not use expensive tools to infiltrate a computer or a network; instead, they will approach the humans operating the machines, whether it is through phishing or social engineering. Everybody has gotten emails with fake invoices or letters from lawyers that threatened them with some sort of disadvantage, be it financial ruination, a lawsuit or other predicament. Those are the main threats for home users to be concerned about – not the fancy and expensive exploit tools used for industrial espionage or by nation states.
The same is true for businesses because email is still one of the most commonly used ways of infiltrating a network.
SD: Tell me more about phishing and how hackers are targeting the elderly.
TB: My own mother, who is generally very cautious when it comes to email, phones me and tells me about an email she just received if she is in doubt about its legitimacy, and that is something that not many people do. Targeting the elderly seems to be a good business model for attackers because a lot of older people are not as familiar with many of the schemes currently employed, and we see that in email campaigns.
We also see that in the form of very well-made social engineering scams with people allegedly calling from Microsoft and telling them about some issue with their computer that they are going to take care of. I have spoken with fake Microsoft hotlines just to see how they act and what they do. For anyone who is even remotely familiar with IT security it is difficult to keep a straight face during such a conversation, but funny though it may seem, the issue is very real and certainly no laughing matter. I can absolutely see people who are not that familiar or comfortable with computers falling for these scams because the stories presented by the scammers are consistent. They show some manner of information on the computer, which allegedly represents a problem. That can be some log files from Windows, which they claim show hacker activity, and if you are not familiar with the matter, then there is a pretty high likelihood of falling victim to this. Once the attackers have built up enough pressure, they try to coax their victims into paying a certain sum of money, either via credit card or via gift certificates. Strangely enough, an alleged Microsoft hotline also accepted Apple gift cards. After the payment is made, fraudsters may proceed to install “security programs.” Note the quotes here – at best they install a free antivirus solution that anyone could get without paying hundreds of dollars. At worst, the perpetrators have just charged you a hefty sum of money for installing a back door on your computer which grants anyone permanent access to your data. In other cases they just straight-up delete data from the system and lock the user out.
SD: What do you think about people’s use of smart home devices?
TB: I get why smart home devices are very appealing to people. They have huge potential to make life easier and more comfortable. On top of that, there is still that “Sci-Fi” factor of being able to ask a device a question and get an answer in an instant. Being a Star Trek fan myself I can also appreciate that. The problems start when it comes to proper security in newly released devices, apps, and appliances. Security is often less than stellar in smart home devices. Security needs to be incorporated into every product development process of smart homes, smart webcams, and smart fridges from the get-go and not as an afterthought.
Add to that the fact that the use of the internet is now so pervasive and integrated into our lives that kids and young adults never experienced a world without the internet.
From my perspective, younger people seem to be far less critical of things that might have an impact on their data and their privacy. They do not seem to worry too much about what they share or do not share online. There seems to be a sort of acceptance that a lot of our lives take place online. Privacy is not necessarily a prime concern for younger people, especially if the trade-off is being perceived as something desirable.
SD: How is G Data helping small to medium businesses secure their data?
TB: A lot of what applies to the consumer market to some degree also applies to the B2B scale of things. Companies are worried about targeted attacks and hackers, which are so overhyped by some media outlets; 99% of those scenarios do not apply to small and medium-size businesses. And those companies should really look into good baseline protection as opposed to shelling out money for consultants and appliances.
We sell our solutions in over 90 countries worldwide. And we also are building new technologies into our own solutions. One of them is coming up in our next B2B release. The key, on both the B2B and the B2C side, is to use more proactive measures to protect data and assets as opposed to finding fast solutions to sudden problems.