Understanding the dangers of cyberspace
The world we are living in is a tricky and, often, dangerous one. Over the years, danger came in various forms and from varying sources, from wild animals and epidemics to war and nuclear attacks. What constitutes danger also keeps changing over time, and in this age of digitisation and technology that we find ourselves in, cybercrime presents one of the most formidable dangers.
The internet, as a medium, is an inherently insecure space. Cybercriminals and fraudsters are constantly looking to exploit vulnerabilities to perpetuate frauds and extort victims. Credit card cloning, DDoS attacks, WannaCry, identity theft, social engineering are just some of the most commonly used tools of cybercriminals and this is changing. Cyber frauds and hackers are becoming more imaginative and their tools are becoming more sophisticated.
With connectivity and increased sharing of data, we are more than ever susceptible to such attacks. No one is safe and it is a matter of ‘when’ and not ‘if’ an online attack happens. With sufficient awareness and precaution, individuals and organisations can protect themselves from cyberattacks and that is the key. There is nothing to stop hackers and criminals from trying, but with the right awareness and systems in place, most, if not all, cyberattacks can be prevented.
A common misconception about cybercrime is that it is purely an IT problem. We must understand that cybersecurity is also about risk management. It is not just big organisations that are being targeted, small organisations with just 4-5 systems and even individuals with supposedly little or no valuable information are the targets. Believing the myth that it will not happen to me is erroneous. No one is really safe and we are perpetual targets of social engineering and phishing attacks looking to trick us into opening infected e-mails, web pages and links.
With things around us from watches, speakers, household appliances, buildings and even cities becoming connected and getting smart in the process, we are increasingly under threat and the danger will only grow as the connected network grows. While being connected may be empowering, it can cause serious privacy concerns. News of fitness apps giving away private information such as location, movement patterns and preferred routes is unsettling; this information can be critical when it pertains to military or law enforcement agencies. Broadly speaking, the world can be classified into two categories—ones who have been attacked by cybercriminals and the ones who are unaware that they have been attacked. This is true for companies as well as individuals.
Preventing a cyberattack will necessitate a change in attitude of individuals as well as organisations. Contrary to popular belief, cybersecurity is not always a costly affair if we are proactive. Taking small incremental steps and awareness is the key. We need to have a keen understanding of the risk factors, stay aware of the latest frauds and their modus operandi, limit social media posts to avoid sharing personal information, shouldn’t share confidential information such as passwords and PINs, and use up-to-date anti-viruses and original software, along with other available safety and security tools when going online.
The ‘watering hole attack’, a targeted attack against a business or organisation, is an effective technique for hackers. In one such attack, hackers compromised the server hosting the website of a popular restaurant frequented by government employees—replacing the menu file with another set that was embedded with malware. So, when employees viewed the menus from their secure machines, they were unknowingly downloading the malware as well.
Dealing with cybersecurity also calls for a strategy towards risk mitigation and contingency planning. A one-off approach towards risk mitigation and dealing with attacks is unlikely to be effective in the fight against cyberthreats. Every threat, every incident should be viewed as a stepping stone to check preparedness and improve security standards. To be effective in dealing with cyberthreats, the entire exercise needs to be a sustained and proactive process, and not just a reflexive one. The same is true for individuals, as well as organisations of all shapes and sizes.
The author is managing director, Netrika Consulting