Siri Malmborg –
We are living with more and more devices: laptops, smartphones, smartwatches and smart homes are ruling our day-to-day lives. While all these little helpers are nice and useful, they are also potential targets for cyberattacks.
Statistics Netherlands (CBS) published a new study today, with following findings: while traditional crime like violence, burglary, vandalism and theft has decreased by 43 percent over the past ten years, cybercrime has increased by 22 percent. These cybercrimes mostly include sales- and purchase fraud, but also some cyber bullying, hacking and identity fraud. While it’s often tricky for non-IT-professionals to navigate cyberspace safely, we are not completely delivered to it – there are ways how individuals can protect their data and their privacy.
Phishing via emails, phone calls and other communication tools are very common – so is fraud in selling and buying something online. These crimes fall into the field of “social engineering”, where cybercriminals psychologically manipulate their victims into a self-damaging behavior – like spending money on a scam or sharing personal and financial information. These are non-technical attacks, meaning there is no complicated hacking and programming necessary. “Here, the human factor is the weakest link”, says Alan Lewis, Cyber Security lecturer at HvA. “Hackers play this cat-and-mouse game using psychological principles, where they trigger us emotionally to click this link, or open that attachment”, according to him. He emphasizes the importance of being aware of these scams and thinking twice before opening links and attachments or answering suspicious questions over the phone.
Another useful tip is given by Denzel Blackson, Cyber Security student at HvA: using a password manager. “Many people use very simple passwords over and over again”, he says. “If your email-address and password is leaked from one site, hackers can use that information and try it on all your other accounts.” His teacher Alan Lewis adds: “I always compare it to burglary: traditional burglary is just one person physically robbing your house. Digital burglary is an army of robots trying every doorknob of your house.” A password manager can prevent these robots from getting inside. It generates secure passwords and saves them. The password manager itself can in turn be protected by multiple factor authentication – meaning you receive an access-code on your phone after entering the password for your password-manager on your laptop.
The student Denzel Blackson also uses a small webcam cover on his laptop to prevent so-called remote access tools to take unauthorized footage. “I know how to access my own laptop’s webcam via my phone. I don’t want other people doing it”, he says. Keeping software up-to-date is also crucial as new versions include security updates – activating automatic updates is the best solution here.
“Everything you post or say online will eventually be leaked”, says Alan Lewis from HvA. Data-leaks are abstract phenomena for most people – what happens with data that is leaked? Is it just floating around out there, doing nothing? “Could be, for a period of time”, says Alan Lewis. “But at any point, your personal data could be used for identity-theft, so to fake your identity; your financial data could of course be used to steal money from you; and personal information could generally be used to blackmail or hurt you.” Alan Lewis and his student Denzel Blackson agree: more cyber-literacy and awareness is definitely necessary.
This awareness is also key when looking at more advanced cyberattacks on a national level, like the ones that took Ukrainian government- and bank websites offline last week. The big fear of the cyber security community is a huge, state-based cyberattack on critical infrastructure – shutting electricity down, cutting water off or making money-withdrawal impossible. This critical infrastructure is a soft target and attacking it can have devastating consequences on civil society. While companies around power supply, hospitals and banks make efforts to protect their systems from cyber criminals, “none of these infrastructures would be able to resist a state-based attack over a longer period of time”, says Joe Pichlmayr, founder of the nonprofit organization Cyber Security Austria. In order to be able to withstand such an attack, countries would have to redesign their digital infrastructure, which according to Joe Pichlmayr would be extremely expensive.