Dean Anthony Gratton
Cybersecurity: You’re Not That Important
I have been ‘hacked,’ you say.
I would start asking why – who made you so important or, rather, was there an opportunist who saw your digital front door open and thought, “Mmmm, whilst I’m here, I might take a gander and see what’s worth pilfering.”?
Don’t Open the Digital Door
For me, to be hacked or to have that feeling someone has been going through your digital belongings is largely down to user error. Now, I have used this analogy before, and I will use it again, especially for those who are a fan of the genre, who should relate to this. In particular, I’m referring to the collection of numerous vampire movies, where such fans know that a vampire cannot cross your threshold unless they are invited. Well, pretty much, that applies to security. If you have left one of your many digital doors ajar, well, you are just asking for that bite.
It's just plain common sense. Firstly, most internet service providers, which offer broadband to your residence, tender you with the essential mechanisms to protect your home and your personal network by default, along with an additional option for parental control. Likewise, your email service will often filter out rogue or suspicious emails that might arrive in your Inbox. It’s often you, the user, that will click through and proceed to view the enormous lottery win you’ve just received. In fact, I use Google Chrome and, if I have stupidly clicked a link to a website that I’m not familiar with, it tends to stop me with a big warning saying, “Don’t do this you muppet. Move away…”
We Are All Fallible
For the sites that might make it through your Google security extensions, where you may receive a pop-up dialog mentioning that, “Your computer is at risk, call this number,” those of you who do, are simply asking for trouble. Typically, you reach an Indian call centre where you are asked to install their third-party tool on to your computer, which will, of course, solve all your computer troubles. Invariably, they take control of your system and hold you at ransom until you pay some extortionate fee to take back control – again, user error.
So, I’m talking very much from a personal perspective which, for me, is down to common sense – there are normally TV campaigns attempting to educate the non-tech savvy public about installing the latest operating system updates, for example. However, significant enterprises that house sensitive consumer data are, of course, at a greater threat, and typically they will have industrial-grade security mechanisms and procedures in-situ yet, we are all fallible. More so, there is always one in the company that hasn’t thought something through and opens a link that opens that door – yep, user error.
There’s A Man in the Middle
It is very much someone opening that door and allowing someone in. Typically, if I have communicated with a company, the receiver of my email will be warned about clicking links and are informed, “If you don’t know the sender, don’t click on any of the links within this email.” In some instances, I’m also aware that emails can be spoofed so that the receiver is led to believe that the email is genuine, but you need to apply common sense, and question, “Was I expecting this?”.
There are, of course, other types of attacks hackers use to gain access to sensitive data. For example, denial-of-service (DoS) and distributed denial-of-service (DDoS) which are used to drain the resources of a system, where the affected company is not able to provide the services to their customers. This is a common attack, which we often read about. Another type of attack is the man-in-the-middle (MITM) which permits hackers to eavesdrop on the exchange of data between the sender and receiver and, as such, glean more about potentially sensitive information.
Until next time…
I was talking earlier about the email type of attacks allowing you to believe your family name matches the Nigerian high commander and he’s left you $20 million. Or perhaps, you have received an email from your bank alerting you to update some details on your account because your account has been compromised. These types of attacks are known as ‘phishing’ where you are given the impression that the sender is genuine and, in the latter instance, the email will use the look-and-feel of your bank (the bait) to ‘reel you in.’ The hacker simply wants to access very personal information or gain access to sensitive areas across the enterprise.
Hackers have various tools both hardware and software at hand to break open that digital door. Some of their tools, are extremely advanced and some are also automated, which use artificial intelligent (AI) algorithms to determine patterns and commonality across your network to identify the weaker areas that can be easily compromised – after all, a hacker only has to be right once! To be honest, I’m astonished that today, even the so-called most secure government agencies throughout the world can become compromised, as they ultimately should know better than anyone else. Nonetheless, it’s probably a combination of two things: user error, a rogue or carless employee; and, a hacker, with an extraordinary amount of time on their hands.
So, this is where a “garlic bearing, stake wielding,” Dr G, signs off.