What do “they” know about us?
Privacy issues have been around for years since the booming of internet. Hundreds of articles have been published to make people aware of the risks having privacy leak. But how much these efforts affect people actually?
Not much. Don’t you think so?
Social media users skyrocketing, smart devices proliferating, online services provided anytime everywhere. People are getting more lulled with all the easy access but loose with cybersecurity awareness. A simple guess, how many people you think have one password for many accounts? or still using birth date as part of their banking password?
Hope you’re not counted in.
Many people might think cyber threats only after big business, famous public figures, or rich people to get money from. Even more worrying, some think that they don’t have any issue with privacy leak as they considered they never do something bad. This shows a misleading on how people understand what privacy means and who can be the target of the threats.
Imagine, what if our important data get encrypted suddenly and to get them back, we have to pay with a very expensive cryptocurrency in limited time otherwise we’ll lose them forever. This is what ransomware do. Michael Berg, the executive director of SonicWall, predicts the total lost for redemption caused by this ongoing malicious software reach up to USD 11.5 billion in 2019. Malwarebytes reported that around 40% of the target pay the money and IBM found that 55% of the victims they have interviewed pay it for family pictures. What would you do?
Another lesson, we might be good behaved in social media, but we still expose our banking accounts in online shops. EY reported that in 15-month range since January 2017, around 1.95 billion personal and sensitive records are compromised. As this confidential detail leak to unauthorized parties, they can steal our money or open credit cards under our details. Recent findings by SonicWall analysts mentioned that the loss caused by this typical threat reach around USD 12.5 billion since May 2018.
Those cases show that the effect of data breaches and cybercrime could be detrimental, not just end up in predicting our behaviours to offer us matched advertisements. Anyone who connect to the internet with narrow understanding of how security threat works and do not put preventive actions are prone to cyberattack.
What should we know?
Get into the hacker mindset. Knowing what is meant by Cyber Kill Chain, a step-by-step cyberattack. Starting from reconnaissance when the attacker trying to find the flaws in the system. They explore networks including social media accounts to define their targets and tactics to attack. Once they configure flaws, comes weaponization to create the attack. It can be malware in a form of virus, worm, trojan or spyware depends on the flaws and the goal. Then the delivery of the malware, can be through email or USB.
Scamwatch Australia reported that the top 1 scam category is phishing. This happen when the attacker contacting their victims through phone calls, email, or social media by pretending to be someone they know or trusted organisation to collect the victim’s sensitive information. They also stated that top 2 delivery methods are phone and email. If an email contains a link, beware that it might lead to a malwares site to infect the system automatically. Once infected, they will exploit the system’s vulnerabilities, find ways to be installed. After settled, they can sign the attackers to remotely give command and control to perform the targeted actions like sending data or messing up the system.
What we need to do?
Just one work, keep update.
Update our password, update our knowledge with recent cyberattacks and current cybersecurity technologies, update our system.
A strong password is an essential blockade. It should be a combination of letters, numbers, and symbols, which keep changing over a period of time, and not used for multiple accounts. Meanwhile, keep update with security development will make us more cautious of cyberattacks. After knowing phishing, we may be more sceptical to click on random emails or links.
It is also important to notice that cyberattack and cybersecurity now are embracing Artificial Intelligent (AI) technology. By harnessing Natural Language Processing in AI, attackers can generate a personalized phishing emails which look more plausible to the target. Security analyst, instead, utilising machine learning for automatic threat detection. So, that is why a regular system update is not meant to bother us, one possible reason is it shows that the latest approach of cybersecurity has been embedded to the update to protect us from new more harmful threats.