Hacking into personal data requires state-of-the art programming skills? Not at all, you will be surprised how easy you can gain (loose) control over other (your own) data. This blog deals with phishing and general cybersecurity concerns, which are affecting me, you & every other person with access to digital content.
While scrolling through HackerNews (which I can highly recommend if you are into technical IT news), I found this amazing blog post of a hacker called Alex. He made a bet with a friend that within 12 months he could hack into all her online platforms (without her noticing of course). The way he describes his operation is not only fun to read but also shocking. Shocking in a sense that you do not require deep technical skills in order to create a substantial damage to personal data.
This is the moment where I must give credits to “Alex” (@mangopdf on twitter) and his genius work. Please read Operation Luigi here: https://mango.pdf.zone/operation-luigi-how-i-hacked-my-friend-without-her-noticing.
If you are unsure whether to take the extra 5 minutes to read, HackerNews top-rated feedback is “best commentary on a real-life social engineering hack I’ve seen”.
I hope you enjoyed the read as much as I did, so that we can now turn to Operation: Prevent Luigi. How can we prevent such attacks and keep confidential data confidential?
- Don’t be lazy! Many social network and online platforms have increased options for security, but let’s be honest, how often did you press “Remind me later” when asked to set up additional security steps? I can assure you that the time invested will pay off soon.
- Make use of two-step authentication! Google (Gmail) is one example that started to make use of it. Obviously, this cannot pretend cyberattacks per se, but the extra layer of security might at least scare off hackers searching for easy targets.
- Don’t use the same password! I know it’s convenient to use your favorite football club combined with your birthyear as password and keep it on all platforms, but the hacker will appreciate it even more. Make use of password managers (I can recommend LastPass) that will simplify your life a lot.
- Pray! (We all know that cybersecurity is becoming crazily dangerous, but investments and research initiatives even on governmental levels give me faith.)
Since the course Information Strategy doesn’t particularly deal with individuals, I want to highlight some statistics and macro trends on cybersecurity which are concerning many organizations. Please give it a thought:
- Just 38% of global organizations claim that they are equipped and able to handle a complex cyber attack.
(Source: IBM, 2019 Cost of a Data Breach Report 2019)
This means that there is almost a 2 out 3 chance that the hacker is successful when using a complex cyber attack. Although I am not sure how “complex” is defined, I am sure that I would double check the security standards when giving personal data to third parties.
- In most cases, it takes companies about 6 months to detect a data breach. (Source: ZD Net 2015)
The fact that it takes such a long time to detect data breaches is once again in favor to the hacker since he / she can cover their tracks. Let’s all hope this statistic is outdated (since it was published 4 years ago) and security improved…
- IoT attacks were up by 600% in 2017. (Source: Symantec – Internet Security Threat Report 2017)
Thinking about your next smart watch? The increasing number of devices connected to internet gives cybercriminals a broader scope for possible attacks. The question is whether the improvement rate for security is keeping up with the growing threats…
Let’s all start thinking more critically about security standards, not only by pointing to the tech giants but also starting to update our own security settings in the web.
Resources:
http://images.mktgassets.symantec.com/Web/Symantec/%7B3a70beb8-c55d-4516-98ed-1d0818a42661%7D_ISTR23_Main-FINAL-APR10.pdf?aid=elq_
https://www.ibm.com/security/data-breach
https://mango.pdf.zone/operation-luigi-how-i-hacked-my-friend-without-her-noticing
https://news.ycombinator.com/
https://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/
I checked the Operation Luigi blog, it is really interesting to read, so thanks for recommending!
Personally I think if you want to hack a certain someone, it is easier to hack someone you know, as, well, you already have some of their informaiton. But still, when your information/ password is leaked due to some system security loopholes, it is difficult to know, let alone taking actions about it. Yes we do need to change passwords and check our accounts regularly, but honestly, who would do that?
Thanks for writing this blog! I think there are some useful tips in the blog on how to protect your online personal data. Personally I was shocked by the high amount of organizations that are saying they aren’t able to defend against a cyber attack and the amount of attacks on IoT-devices. I think your tips are a small step in the right direction, but organizations have a lot to do when it comes to cybersecurity. Unfortunately this is quite complicated and companies will have to reach out to technology expert to prevent major data breaches from happening and therefore be able to protect customer data.
Thanks for writing this blog! I think there are some useful tips in the blog on how to protect your online personal data. Personally I was shocked by the high amount of organizations that are saying they aren’t able to defend against a cyber attack and the amount of attacks on IoT-devices. I think your tips are a small step in the right direction, but organizations have a lot to do when it comes to cybersecurity. Unfortunately this is quite complicated and companies will have to reach out to technology expert to prevent major data breaches from happening and therefore be able to protect customer data.