To commemorate cybersecurity awareness month, we discuss social hacking and the security threat we are to ourselves.
We have all heard the phrase ‘stranger danger’. It is a phrase that children, particularly in developed countries, are taught warning them not to trust strangers and that all strangers could potentially harm them. Us adults, on the other hand, should have developed sufficient discernment, so that we do not need to take the ‘stranger danger’ warning to heart.
To a considerable degree, humans, and more specifically, adults, are conditioned to trust our five senses: particularly, what we can see, hear and touch, which in turn feed into our intuition and our sense of safety. It is therefore why we are prepared to believe and act on what we read, and if we interact with a stranger briefly and there seems to be good rapport, we can become less guarded and more trusting. However, how does our ability to trust, and to discern who and what to trust, translate in the digital space?
The uptick in technology use has made us more vulnerable
In the digital world, and although we might not realise it, we are even more handicapped. Essentially, we can only rely on two senses: sight and hearing. Further, as our countries continue to transition to Information Societies and digital economies, our reliance and use of technology also has been increasing, and has even accelerated due to the COVID-19 pandemic. As a result, we have been relying, even more than we did before, on the internet and ICT to keep our everyday lives, and by extension, our business and societies, functioning.
However, as we have become aware, this uptick in technology use has been a boon for hackers. Many platforms were not ready for the growth in demand for their services, and so became more vulnerable as they tried to evolve to accommodate. Additionally, many people found themselves in uncharted territories, in having to rely on online or digital services that replaced the in-person interactions that were no longer permitted, thanks to COVID-19, but which may have caused them to be more exposed to a broad range of threats.
Social engineering is on the rise and has gone social
The threats in the digital space tend to fall into two broad categories: technical hacking; and social engineering. Generally, technical hacking speaks to the use of digital tools and techniques that does not required interaction with users (or the prospective victims) in order to compromise devices or even networks. Commonly used tools and techniques include, viruses, worms, trojans, botnets and ransomware, to name a few.
On the other hand, and with social engineering, attackers use individuals – using psychological manipulation – to compromise devices and/or to share private information, which can then be exploited. Although we have all heard about security breaches of large organisations due to viruses and ransomware for example, increasingly, the initial compromise was due to an individual within those organisations who unwittingly facilitated the breach.
It is also important to highlight the fact that in the world of security, the attackers tend to be one step ahead, with security professionals and firms reacting to and trying to develop remedies, such as new intrusion detection tactics and tools, along with new protocols. However, when the enemy is within, that is the person who falls prey to a social engineering-based threat, who could be any one of us, all of these new-fandangle tools and protocols might be of little use.
It is also important to highlight that social engineering-based hacking is increasing, and in that context, humans tend to be the weakest link. Further, and although we may all be familiar with phishing emails, such as those about Nigerian princes who are willing to give us hundreds of millions of dollars if we send some money to him, or from courier companies about deliveries we know nothing about, these days, increasingly social hacking is leveraging social media, which makes the threat even more insidious.
Stranger danger?
Without a doubt, most of us have social media accounts and are using them with varying degrees of intensity. However, two phenomena that social media appears to foster are a sense of intimacy that can appear to exist, and a need to feel connected to, and validated by, those in your network. This environment can lead individuals to overshare. In report published by social security firm Tessian, it found that
84% of people post on social media every week, with two-fifths (42%) posting every day. More than half (55%) of the people Tessian surveyed have public Facebook profiles, while 67% have public Instagram accounts.
(Source: Fast Company)
With all of this information being made publicly available via our social media accounts, for example, we make it easier for cybercriminals to learn seemingly intimate details about our lives, which can be used to gain our trust. Moreover, and since to a considerable degree, much of the communication we receive is via emails, instant, direct and text messages, the visual cues that one might have when talking in person are absent, which can handicap our discernment.
Go back to basics and cover your bases
In the absence of visual cues, there are still things you can do to keep safer online, much of which has been said before yet bears repeating. First, use strong passwords, at least 15 characters and a combination of upper and lower case letters, numbers and symbols. Second, do not reuse passwords.
Along the social engineering front, be mindful of the amount of details of yourself that is available online, and accordingly be careful about what you post. Every bit of information can be a clue to reveal more of who you are to persons who might wish you harm. Additionally, carefully consider the persons who you allow to connect with you. Yes, it can be a bit of an ego trip to have a large social network, but that inherently increases your exposure to individuals you really don’t know.
Finally, when you are checking your emails, pay attention. There may be subtle (and not so subtle) hints that it is a scam email. If, for example, within the body of an email, you are correctly addressed, but somehow are still unsure, a good place to start when in doubt is to check the sender’s email address. In many instances, the email address has no bearing on who the sender proclaims to be, and so may confirm your gut instinct. Also, if you are not sure what to do, reach out to someone in your circle who might be more experienced in these matters. The key is to be vigilant.
Image credit: Gerd Altmann (Pixabay)
Probably one might be led to point out that with the advent of smartphones, Information Technology took on a somewhat “sudden evolution”. Therefore, education about it lagged, and has continued to lag, behind its evolution. Hence this “oversharing” or, perhaps, even “mis-sharing” of personal data.