Cybersecurity 101: From Vulnerabilities to Preventive Measures
What is cybersecurity & why is it important?
Cybersecurity is all about taking control. World-wide reach that we have today is beautiful, it’s great. We need the Internet, we use it every day, to collaborate, to learn, to teach, to share, to shop, to eat, in some cases even to define who we are but at the same time there are malicious people out there who have that same reach. We need to understand cybersecurity so that we can put the right controls in place, embrace cybersecurity so we can stop these bad guys from reaching us in order to protect our privacy and valuable assets.
The Internet as we all know is a fantastic tool enabling us to have instant access to pretty much everything we can think of with a simple keystroke. It’s how many businesses are growing exponentially and innovation is occurring at an unprecedented rate. As these businesses grow however, they require more people and those people need resources like computer, phones, email accounts, cloud storage and online profiles all of which need to be connected on the Internet. But for all of the good that the Internet is providing, it also allows criminals to access computers, online accounts, or even take documents that should be kept private.
So, how does this happen? When you connect all of the devices that make your business run efficiently, to the Internet, you essentially create a doorway into your business from either side. Now, most people would not attempt to walk in your building uninvited because they extend the same courtesy that they’d hope you’d extend to them, but some will use that happily to get access without you even knowing and this door will remain accessible until you implement measures to monitor and control it’s use, your business is vulnerable.
Why do cyber-attacks occur?
Now, why are others interested in your data? Well, first of all everyone loves secrets about others, this knowledge of someone else can be used to blackmail them, asking them to do something unethical or even illegal, it can be used for financial gains, or to steal intellectual property, or to steal your credentials to gain unauthorized access to your internal network, or disrupt operations, or even run their operations on your infrastructure, this was all on a personal level, but cyber-attacks can damage on a national level as well.
There are criminal individuals and organizations working for political gain, like gathering intelligence or conducting surveillance about the opposing party, hacking critical government infrastructure, asking for ransom to destabilize economy, gaining unauthorized access of sensitive documents, conducting state-sponsored attacks on other nations or entities.
How do we get attacked?
Many a times we lead the attacks to come hit us, it might be something we did unintentionally, not thinking or knowing about the repercussions. Think of it this way, you have your house, with multiple doors and windows, you have a rule employed to close all the doors and windows, and one day you forget to lock one window and you don’t know about it. This window could be the opportunity to potential harm. These are called back-doors in the cyber security world.
It could be a weak password, or our systems being exposed to phishing mail, or adware, it could be many things. They have the potential to disrupt critical infrastructure, like power stations, transport networks or hospitals, but also expose our personal data.
Intensity of Cyber Attacks
So, how serious can cyberattacks be?
If we talk numbers here, how frequently do they occur, Cybercrime, is up 600% as a result of the COVID-19 pandemic. Nearly every industry has had to embrace new solutions, and it forced companies to adapt, quickly. Global cybercrime costs are expected to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025.
The following images give a statistical overview of the financial impact and prevalence of cyberattacks, highlighting the billions lost to cybercrimes and the trends in attack types and frequency:
Real-life Examples
Some interesting cases that will leave you awestruck:
1) His car got remote hacked –
Andy Greenberg, a senior writer at Wired, once joined this incredible experiment testing car hacking. What did the experiment involve? While he was driving, hackers managed to take control of his car remotely. They started small by messing with the air vents and windshield wipers. Then, things got serious, they cut off the transmission and even activated the brakes, all while Andy was behind the wheel.
You can read his entire blog at: Hackers Remotely Kill a Jeep on the Highway — With Me in It
2) Who would want to be you? Some people can become You –
Laura got a call from a credit card company, telling her someone had tried to get a credit card using her details. She decided to evaluate the situation and check her credit reports before calling the authorities.
She came to realize that the imposter had managed to bypass her security questions and created over 50 accounts in Laura’s name, even signing up for utilities like heat, cable plus even a newspaper subscription. Moreover, companies were chasing Laura for their money.
After alerting the police and hunting down the imposter, Laura obtained a court order and fixed much of the damage, though it was a stressful ordeal.
You can read more on this here: ‘Someone had taken over my life’
3) The public Wi-Fi hack –
Maurits Martijn, a journalist from De Correspondent, walked into a bustling Amsterdam café with Wouter Slotboom, an ethical hacker.
In just a few minutes, Slotboom set up his gear and hooked into the café’s Wi-Fi. Soon his laptop was showing what others were up to: their apps, games, Google searches, passwords, emails and more.
His little black device tricked phones into connecting to his Wi-Fi, allowing him to see all the ongoing traffic. If he wanted, he could grab someone’s email login as they typed it in, giving him control over all the linked services.
You can read this entire blog at: Don’t use public Wi-Fi when reading this article.
These incidents and there are many others, serve as a reminder that counting on others to safeguard our information isn’t a viable strategy. Cybercriminals have one goal: it is to achieve their objectives, which may not even involve you directly, sometimes we just end up being an unintended victim, experiencing some serious repercussions later on.
Common Vulnerabilities leading to Cyber Attacks
- Poor Password Habits:
Most of the people around us, including some of the folk from the IT domain reuse their passwords across multiple domains and websites so that it is easier for them to remember the password, not knowing that not all domains are equally secure and that it is very easy to breach their data from certain less secure domains and website. - Poor Password Selection:
As discussed, passwords are the pillars for a safe browsing system, still some people keep their passwords on their names or name of their relatives or pets which become very easy to crack doing some social engineering and tracking the persons’ different profiles online. This becomes a major vulnerability and a big opportunity for the cyber criminals to get access to your private data or confidential data. - Phishing Attacks:
Phishing attacks, the most common type of fraud occurring online are the phishing attacks where in the user is baited to click on a malicious or corrupted link or attachment sent through an email claiming that you have a won a lottery or some other form or reward. These links can download malware (unwanted software that has malicious intents), steal your credentials, or take you to a fake website that captures your information. - Physical Security:
Many people forget that physical security also plays a role in cybersecurity. If someone can access your devices, they could install malware or steal data. Keep your devices in a secure location and don’t leave them unattended in public places.
Wise words from Boromir here,
Preventive Steps Everyone Can Employ
- Unique & Strong Passwords:
As we already know that weak passwords, or passwords based on your name or your pet’s name, or repeating same passwords across multiple domains, can lead to creating multiple vulnerabilities, so make sure to use random passwords and do not keep them written in any sort of soft copy because they are easy to steal. Use special characters in between random words to make the passwords stronger, also keep changing the letters to capital and smaller case to make them even stronger.
Thinking your password is unguessable? Join the Buzzillion others.
2. Multi-factor Authentication:
Enable multi-factor authentication to add an extra layer of security to your passwords. This authentication confirms your identity by using more than one method or factor, such as an OTP with a password or your fingerprints with your password. This ensures that no one can access your files and personal information based solely on your password.
3. Software Updates:
Update your software regularly, make sure they are up to date in terms of latest security updates, which protect your data based on the latest threats in the market. And save you from zero-day exploits.
4. Be Cautious Online:
Make sure that you check the links multiple times before clicking on an unknown link and report or block any suspicious emails or any phishing attempts. Be aware about the latest types of phishing attacks and scams in the market and do not share your passwords or OTPs online with anyone.
5. Do Not Use Public Wi-Fi:
Do not get into the trap of free Wi-Fi as it is very easy for an experienced hacker to gain unauthorized access to your computer through open Wi-Fi and networks.
Thank you so much for reading this blog! We hope it was worth your while.
- By Zohra Qureshi & Darsh Shah
