The Darkside Reflection

Below is a reflection from Kevin Mitnick (aka 'The Darkside Hacker') who became infamous for his high-profile 1995 arrest that lead to five years in prison, following various computer and communications-related crimes.

"Hackers are breaking the systems for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, but now hacking is big business."

In the modern era, there are many talented yet malicious people who can exploit vulnerabilities to make money.

Wherever valuable data can be found, there is a risk that hackers will try to investigate, infiltrate, extract, and extort said data - This may be done for monetary gain (e.g. Ransomware), on behalf of another entity (e.g. Industrial Espionage) or for a Nation-State (e.g. military secrets).

This is why we must stay vigilant and be mindful of security whenever possible, whether you are a receptionist or an engineer, and whether you work in an office or from home.

All of us have a part to play in ensuring that our systems and organisations stay secure, in the face of cyber-crime that has become more sophisticated over time.

¬

Connected people; Connected risks

The world is more connected than ever, which is both a blessing and a curse.

For better or worse, modern networks will connect everything from office computers and bank accounts to baby monitors and pacemakers

Unfortunately, privacies we may have previously taken for granted are being steadily exploited in exchange for frictionless convenience - Additionally, the ability to communicate across continents has come with a drawback: A decrease in our collective digital safety.

Sure, we can message seamlessly between devices and make VOIP calls across continents, but we are now more at-risk of malware and phishing, with AI now being harnessed to assail people.

¬

An Internet of Distrust

Many of us are utilising the myriad of opportunities that are available to us, all thanks to the power of the internet: This includes software and streaming services like YouTube, Netflix, Sony, USPS, TicketMaster, etc...

Many of these providers decree promises about data privacy, yet these are regularly found to ring hollow. Often companies sit idly while our personal data is being compromised, stolen and leaked with disturbing regularity. Sometimes they will even sell our data themselves, to make a 'quick buck' from Data Brokers.

Is it any wonder that increasing numbers of people believe that their data is less secure than ever before?

The findings of a 20-country IPSOS survey released by "The New Institute" in Germany reveals that internet users’ trust in the internet has dropped significantly since 2019.

“The survey clearly shows distrust in the largest communication and information network humankind has ever created ... Clearly, Internet users want concrete and effective policies that will empower and protect them” said Dr Christian Kastrop a former German Federal State Secretary for Digital Society and Consumer Policy.

Only 63% of internet users on average across the 20 surveyed countries said they trust the internet, with 79% of those surveyed expressing that online privacy major concern. Half of those surveyed felt online security is inadequate, with many feeling that governance is lacking.

This is a respectable perspective, especially when we consider that a third of countries across the world have no implemented legislations for Data Protection & Privacy, as illustrated below:

This is one of many reasons why we must be actively conscious of our own security.

¬

Simple steps to mitigate risks

We should be aware of how dangerous the internet is and we have cleared up that we can't necessarily rely on Governmental legislations to protect us.

To that end, it's important that we empower you (our readers) with the 'know-how' to keep systems secure.

Below are seven simple steps that can make a massive difference to safeguarding your data:

1) Hide sensitive materials to prevent data from being leaked or manipulated.

2) Restrict users to only have what they need, only for as long as they need it.

3) Keep systems up-to-date with patches installed to fix any vulnerabilities and prevent exploits.

4) Avoid clicking on suspect links, downloading files from untrusted websites, or inserting suspect USB sticks / CDs or even peripherals to your devices.

5) Keep an eye out for suspicious activity and remain vigilant in escalating this.

6) Maintain event-logs, audit trails, and activity-monitoring so discrepancies can be tracked.

7) Regularly undergo pen testing and vulnerability assessments, using staff who can ‘think like a threat agent’ to predict the agent’s ultimate goal, so you can then implement preventions.