Monday, May 23, 2022

News Destination For The Global Indian Community

News Destination For The Global Indian Community

TECHNOLOGY
LifeMag
Cyber-attacks: Tech. vs. Tech. or Human vs. Human

Cyber-attacks: Tech. vs. Tech. or Human vs. Human

Ever felt the pounding heart after clicking that, oops, link, that opened something you couldn’t comprehend, followed by, God forbid, the frozen screen of your phone or laptop! Welcome to the unwelcoming scare of Cyber Attacks. The terrifying tumult of cyber threats is getting shadier and more vehement with time and before you realize, it has tightened its reins deeper around your life.  

This risk may be as mild as a frivolous virus promptly disposed of off by your antivirus to the extent of seriously locking you out from your device and asking for a ransom to be deposited in crypto to reinstate your access. The big question is if an investment in better technology is enough to make you feel safe?

Now, visualize yourself getting driven in the most advanced car with the latest security features of adaptive cruise control, emergency braking, face recognition, safe exit and whatnot, and then one fine evening, you let your five years old fiddle with the system and who accidentally turns off the safety features. Having the best of technology is remarkable though pointless without our minds aligned with it. To appreciate our mental alignment with our technology, let’s go over our forever interfering antivirus installed in our devices. It seems to be doing its work but someday could shock you by failing to catch the most dangerous virus from the virtual world. Before you call foul, ask yourself how long have you been reluctantly ignoring the antivirus updates notification? At the end of the day, your antivirus is just a program that only knows how to recognize a virus by matching its signatures from its Virus definition bank. Every day new hackers are born with fresh skills to craft new viruses and these antivirus companies race to update their definitions at the earliest. So even if you have the best technology, it’s you, who fails and you let your technology fail with you. 

If we examine the above scenario, at one dark edge it’s a motivated human who codes a virus and injects it into the cyber world and on the other edge, it’s you, the procrastinated user, who falls prey to the few lines of malicious code, because you were reluctant to act on those Update Notifications.  

As per IBM, Forbes and majorly everyone else, 95 percent of security breaches happen because of human errors. As per the website purplesec.us, 98% of the cyber-crimes rely on social engineering which relies totally on human fallibility. Just the two of these statistics reveal that it is never between tech. vs tech., cyber-attack is primarily a war between humans positioned at two opposite edges. 

It is extremely important to understand that Social Engineering is the term used for psychological manipulation or swindling a person into disclosing their sensitive and personal information to the so called, not even a hacker, conman. In India, we, our friends or acquaintances have received that call or sms at some point to disclose our credit card details on the pretext of either blocking it or something else, we have been tricked into believing to ‘Pay’ some amount in order to claim that big money, we have been called repeatedly to fall prey to various other socially engineered tactics. We have been made excited, surprised, gloomed, threatened, and confused to give in to the tactics of these low-end, young criminals. The pandemic seemed to have upgraded our regular roadside breed of fraudsters into the techno-savvy social engineering expert swindlers, who are clever to exploit the slightest of follies of our human minds be it our ignorance, fear, greed, panic or moral exigencies.  They just know how to extract the relevant credentials to break in the bank, social media, email accounts or whatever without any specific technical expertise.  

Another type of social engineering in vogue is, phishing - the email, with an appeal, so authentic that it even opens up the authentic-looking websites for you to pour your credentials with urgency only to be stolen. The catchy words like ‘Urgent, Request, Important, Payment and Attention may be used to irk your psychology. It is an imitation game with the subtext of theft and robbing you of not just your assets but leaving you with a long-term psychological cyber scare. Just a few weeks ago, the theft of Non-Fungible Tokens (NFTs) running on the most secure blockchain from the website openspace.io left everyone dumbfounded. It was not the blockchain-based platform that was at fault, the phishing emails caused the users to click the links with the tenacity of urgency that they missed checking the URLs (the cumbersome website address on the browser) and pressed the buttons themselves with their credentials losing exorbitant amount of NFTs in seconds. This is high-tech theft in the blockchain world! Nonrecoverable too.

If you are reading this, hopefully, you understood that an average modern-day thief, even in India, is now either technologically aware or equipped and if you don’t, you are, nothing but retrograde and vulnerable. Cyber security is primarily about mental acumen and then comes the security software. The days of house break-ins are going to be passe, computer and mobile break-ins are the new norms and there is no tech on its own but humans behind it, using tech as their weapon.

At a more sophisticated level, there are tremendous ways to hack into the system but for that is needed more skill and hacking education. There are software vulnerabilities, backdoor entries, payload attacks, Bluetooth, and wifi hacks that need savage hacking skills.

However, even without that, the statistics of cyber-attacks are at scorching heights, all because, a simple phone call, text or email easily solves the purpose for the scammers. They would just play with your mind and get it. They don’t even need to take any pains to hack the Software because users have an insignificant cyber security quotient, this scenario is nothing but seriously funny.

The cyber security threat is not primarily a technical vulnerability but human fallibility. The confusion, lack of awareness, lack of vigilance, and lack of due diligence and confidence, make us fall.

The corporations must adapt to the cyber-attack drills to check, which employees fall for it and then train them. This should be repeated at frequent intervals till the time employees are trained to be vigilant and diligent in their response to phishing emails and social engineering calls.

At an individual level, one should take responsibility and be very cautious in responding and dealing with emails, SMS and calls. Never ignore the system upgrades or antivirus updates, who knows if there is an urgent patch received, for the safety of your device.

As cyberattacks grow in volume and complexity, artificial intelligence (AI) is aiding cybersecurity, analyzing massive quantities of risk data to speed response times and augment under-resourced security operations.

Having said all that, a conman doesn’t need to be bothered about AI, Antivirus, Proxy, OTPs, and Double authentications because all they need to do is play with our minds with a phone call or phishing email. It’s a race about who is more alert on the cyber platforms, us or them. Let us not give in so easy, let's raise the standards of our hustlers, shall we?

 

 

 

Cyber-attacks: Tech. vs. Tech. or Human vs. Human

Cyber-attacks: Tech. vs. Tech. or Human vs. Human

Ever felt the pounding heart after clicking that, oops, link, that opened something you couldn’t comprehend, followed by, God forbid, the frozen screen of your phone or laptop! Welcome to the unwelcoming scare of Cyber Attacks. The terrifying tumult of cyber threats is getting shadier and more vehement with time and before you realize, it has tightened its reins deeper around your life.  

This risk may be as mild as a frivolous virus promptly disposed of off by your antivirus to the extent of seriously locking you out from your device and asking for a ransom to be deposited in crypto to reinstate your access. The big question is if an investment in better technology is enough to make you feel safe?

Now, visualize yourself getting driven in the most advanced car with the latest security features of adaptive cruise control, emergency braking, face recognition, safe exit and whatnot, and then one fine evening, you let your five years old fiddle with the system and who accidentally turns off the safety features. Having the best of technology is remarkable though pointless without our minds aligned with it. To appreciate our mental alignment with our technology, let’s go over our forever interfering antivirus installed in our devices. It seems to be doing its work but someday could shock you by failing to catch the most dangerous virus from the virtual world. Before you call foul, ask yourself how long have you been reluctantly ignoring the antivirus updates notification? At the end of the day, your antivirus is just a program that only knows how to recognize a virus by matching its signatures from its Virus definition bank. Every day new hackers are born with fresh skills to craft new viruses and these antivirus companies race to update their definitions at the earliest. So even if you have the best technology, it’s you, who fails and you let your technology fail with you. 

If we examine the above scenario, at one dark edge it’s a motivated human who codes a virus and injects it into the cyber world and on the other edge, it’s you, the procrastinated user, who falls prey to the few lines of malicious code, because you were reluctant to act on those Update Notifications.  

As per IBM, Forbes and majorly everyone else, 95 percent of security breaches happen because of human errors. As per the website purplesec.us, 98% of the cyber-crimes rely on social engineering which relies totally on human fallibility. Just the two of these statistics reveal that it is never between tech. vs tech., cyber-attack is primarily a war between humans positioned at two opposite edges. 

It is extremely important to understand that Social Engineering is the term used for psychological manipulation or swindling a person into disclosing their sensitive and personal information to the so called, not even a hacker, conman. In India, we, our friends or acquaintances have received that call or sms at some point to disclose our credit card details on the pretext of either blocking it or something else, we have been tricked into believing to ‘Pay’ some amount in order to claim that big money, we have been called repeatedly to fall prey to various other socially engineered tactics. We have been made excited, surprised, gloomed, threatened, and confused to give in to the tactics of these low-end, young criminals. The pandemic seemed to have upgraded our regular roadside breed of fraudsters into the techno-savvy social engineering expert swindlers, who are clever to exploit the slightest of follies of our human minds be it our ignorance, fear, greed, panic or moral exigencies.  They just know how to extract the relevant credentials to break in the bank, social media, email accounts or whatever without any specific technical expertise.  

Another type of social engineering in vogue is, phishing - the email, with an appeal, so authentic that it even opens up the authentic-looking websites for you to pour your credentials with urgency only to be stolen. The catchy words like ‘Urgent, Request, Important, Payment and Attention may be used to irk your psychology. It is an imitation game with the subtext of theft and robbing you of not just your assets but leaving you with a long-term psychological cyber scare. Just a few weeks ago, the theft of Non-Fungible Tokens (NFTs) running on the most secure blockchain from the website openspace.io left everyone dumbfounded. It was not the blockchain-based platform that was at fault, the phishing emails caused the users to click the links with the tenacity of urgency that they missed checking the URLs (the cumbersome website address on the browser) and pressed the buttons themselves with their credentials losing exorbitant amount of NFTs in seconds. This is high-tech theft in the blockchain world! Nonrecoverable too.

If you are reading this, hopefully, you understood that an average modern-day thief, even in India, is now either technologically aware or equipped and if you don’t, you are, nothing but retrograde and vulnerable. Cyber security is primarily about mental acumen and then comes the security software. The days of house break-ins are going to be passe, computer and mobile break-ins are the new norms and there is no tech on its own but humans behind it, using tech as their weapon.

At a more sophisticated level, there are tremendous ways to hack into the system but for that is needed more skill and hacking education. There are software vulnerabilities, backdoor entries, payload attacks, Bluetooth, and wifi hacks that need savage hacking skills.

However, even without that, the statistics of cyber-attacks are at scorching heights, all because, a simple phone call, text or email easily solves the purpose for the scammers. They would just play with your mind and get it. They don’t even need to take any pains to hack the Software because users have an insignificant cyber security quotient, this scenario is nothing but seriously funny.

The cyber security threat is not primarily a technical vulnerability but human fallibility. The confusion, lack of awareness, lack of vigilance, and lack of due diligence and confidence, make us fall.

The corporations must adapt to the cyber-attack drills to check, which employees fall for it and then train them. This should be repeated at frequent intervals till the time employees are trained to be vigilant and diligent in their response to phishing emails and social engineering calls.

At an individual level, one should take responsibility and be very cautious in responding and dealing with emails, SMS and calls. Never ignore the system upgrades or antivirus updates, who knows if there is an urgent patch received, for the safety of your device.

As cyberattacks grow in volume and complexity, artificial intelligence (AI) is aiding cybersecurity, analyzing massive quantities of risk data to speed response times and augment under-resourced security operations.

Having said all that, a conman doesn’t need to be bothered about AI, Antivirus, Proxy, OTPs, and Double authentications because all they need to do is play with our minds with a phone call or phishing email. It’s a race about who is more alert on the cyber platforms, us or them. Let us not give in so easy, let's raise the standards of our hustlers, shall we?

 

 

 

Leave a comment

Comments (0)

Opinion Express TV

Shapoorji Pallonji

GOVNEXT INDIA FOUNDATION

CAMBIUM NETWORKS TECHNOLOGY

Opinion Express Magazine

TRANS GLOBE ADVISORS