What do “they” know about us?
Privacy issues have been around for years since the booming of the internet. Hundreds of articles have been published to make people aware of the risks having privacy leak. But how much these efforts affect us? Not much.
Don’t you think so?
Social media users skyrocketing, smart devices proliferating, online services provided anytime everywhere. We are getting more lulled with all the easy access but getting loose with cybersecurity awareness. A simple guess, how many people you think use one password for many accounts? or still using the birth date as part of their banking password?
Hope you’re not counted in.
Many people might think cyber threats only after big business, famous public figures, or rich people to get money from. Even more worrying, some think that they don’t have any issue with privacy leak as they considered they never do something bad. This shows a misleading on how we understand what privacy means and who can be the target of the threats.
Imagine, what if our important data get encrypted suddenly and to get them back, we have to pay with a high amount of money in limited time otherwise we’ll lose them forever. This is what ransomware does. Michael Berg, the executive director of SonicWall, predicts the total lost for redemption caused by this ongoing malicious software reach up to USD 11.5 billion in 2019. Malwarebytes reported that around 40% of the target pay the money and IBM found that 55% of the victims they have interviewed pay it for family pictures. What would you do?
Another lesson, we might be good behaved in social media, but we still expose our banking accounts in online shops. EY reported that in 15-month range since January 2017, around 1.95 billion personal and sensitive records are compromised. As this confidential detail leak to unauthorized parties, they can steal our money or open credit cards under our details. Recent findings by SonicWall analysts mentioned that the loss caused by this typical threat reach around USD 12.5 billion since May 2018.
Those cases show that the effect of data breaches and cybercrime could be detrimental, not just end up in predicting our behaviours to offer us matched advertisements. Anyone who connects to the internet with a narrow understanding of how security threat works and does not put preventive actions is prone to cyberattack.
What should we know?
Get into the hacker mindset. Knowing what is happening in a step-by-step cyberattack. Starting from reconnaissance when the attacker trying to find the flaws in the system. They explore networks including social media accounts to define their targets and tactics to attack. Once they configure the flaws, comes weaponization to create the attack. It can be malware in a form of virus, worm, trojan or spyware depends on the flaws and the goal. Then the delivery of the malware can be through email or USB.
Scamwatch Australia reported that the top 1 scam category is phishing. This happens when the attacker contacting their victims through phone calls, email, or social media by pretending to be someone they know or trusted organisation to collect the victim’s sensitive information. They also stated that the top 2 delivery methods are phone and email. If an email contains a link, beware that it might lead to a malware site to infect the system automatically. Once infected, they will exploit the system’s vulnerabilities, find ways to be installed. After settled, they can sign the attackers to remotely give command and control to perform the targeted actions like sending data or messing up the system.
What do we need to do?
Just one thing, keep updated.
Update our password, update our knowledge with recent cyberattacks and current cybersecurity technologies, update our system. A strong password is an essential blockade. It should be a combination of letters, numbers, and symbols, which keep changing over some time and not used for multiple accounts. Meanwhile, keep update with security development will make us more cautious of cyberattacks. We may be more sceptical to click on random emails or links.
AI in Cybersecurity
It is also important to notice that cyberattack and cybersecurity now are embracing Artificial Intelligent (AI) technology. Attackers can generate malicious emails which look more plausible to the target automatically. Security analyst, instead, use AI for automatic threat detection. So, that is why a regular system update is not meant to bother us, one possible reason is it shows that the latest approach of cybersecurity has been embedded to the update to protect us from new more harmful threats.