Cyber Security Today, Week in Review for Friday, Sept. 16, 2022

With me for the first time together are commentators Dinah Davis, vice-president of research and development at managed service provider Arctic Wolf, and Terry Cutler, who heads Montreal’s Cyology Labs, a training and incident response firm. Hello to you both.

You can listen to the podcast here

Howard: I want to start with the story about a private British bank called Coutts. Over the weekend it told customers not to install the new Apple iOS 16 operating system on their iPhones and iPads. Why? Because it wouldn’t work with the bank’s mobile app. Not only were customers told not to install the app, but the bank also gave instructions on how to turn off automatic updates on their devices. However, on Monday — as iOS 16 was released — another online notice appeared, saying the bank’s Apple app was now compatible with the new operating system and customers could update the app and install iOS 16. Is it just me or was there something wrong here?

Terry Cutler: It’s a clear case of a vendor [afraid to] release software that can break functionality. When you’re a user of these services you can have a choice: If I upgrade the operating system, I could continue working, but not on my banking app. But if it’s not working, could prevent me from upgrading? The problem is if you’re not upgrading [the operating system] sometimes opens you up to various cyber risks. And, of course, if your device is linked to your company through a VPN it could allow an actor to hack in through your device and get into your company.

One of the problems we always see in healthcare is software that still requires Internet Explorer 7. You have to go back to the archives of your computer to even find this application. But you see it very often because the vendors that created certain mission-critical software are out of business, or the developers have moved on, and no one’s there to take care of the software. There could be all kinds of reasons for application upgrade delays.

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.