The world is fighting an invisible war through the Internet: Interview with Khrystyna M.
The internet is a world where individuals can connect without worrying about oceans and borders. Still, everything needs to be limited and regulated to prevent specific individuals from getting too close. Luckily, cybersecurity analyst, Khrystyna M., is aware and concerned about protecting data. Khrystyna has more than five years of experience in cybersecurity and is certified as SANS Security Awareness Professional. Although she resides in Canada, she can protect data for any company or institution around the globe. She leads a blue team, trains individuals with exercises like simulated phishing attacks, and has a very informative Youtube channel called Cyber Lady Grape. She spreads awareness and offers tips for getting into cybersecurity.
The internet makes everything seem effortless. Online shopping takes a few taps on a screen, and suddenly, there is a giant box on your doorstep. It is magical and fast, but do we ever stop to think whether the site we are buying from is secure? Your full name, address, and credit card information are saved for fast checkout, but where else is that information also filed on the internet? Khrystyna M. explains why secure internet servers are essential and why the need for them has increased over the years. She also talks about cyberattacks and data loss prevention by suggesting simple things like using different strong passwords and using a VPN server. The world is drowning in cyberattacks which explains the fast development of secure internet servers around the most threatened parts of the globe. Khrystyna encourages everyone to fight the data protection war or at least know how to guard their personal information.
Listen here:
Adriana: Do you protect things like finance and social security numbers?
Khrystyna: For some reasons, NDA reasons, I could not tell you exactly what companies I have. It can be anything; transportation, finance, banking services, education institutes, or hospitals. All companies and places have that data and want to protect that data, either personal or corporate. It doesn't matter where they're located or what they're doing.
A: So you could be in Canada and work with somebody in the United States?
K: Yes. It can be anyone around the world. I cannot disclose what we do or for what companies precisely, but it doesn't matter because, in general, everyone needs that protection by the end of the day. And the way you can protect their data can be pentesting, or it can be the security awareness service. Managing the human risk for people and understanding they don't need to click on the link or not send their credentials to someone can be endpoint protections to make sure people can protect their workstations and laptops. It's extensive, this field is broad, and there are different ways to protect that data.
A: That sounds scary!
K: Well, that's the world we live in right now. Those cyberattacks will be just growing because cybersecurity jobs are also increasing. And there are more and more positions that are unfilled around the world because there are not enough cybersecurity professionals to work and protect this data. It's getting awful right now. And that's why I also encourage more and more people to consider this cybersecurity career and become cybersecurity professionals and protect their data.
A: Why is having a secure internet server important?
K: That's a great question. Encryption helps protect private information and sensitive data and can enhance the security of communication between clients and servers. In essence, when your data is encrypted, and a person or entity gains access to it, they will not read it because it will be encrypted. That's the benefit of all that idea to encrypt the internet. There are plenty of reasons why you should encrypt that internet traffic. The first one is that internet traffic encryption is essential if you want to prevent, for example, your internet provider from intruding on your privacy. You know that unencrypted data can be monitored, and you don't want to do that. If you've never done anything illegal, of course, but Wi-Fi admins, hotels, and all those places where we have public Wi-Fi and other third parties, will still monitor your data, and they can see what you're doing if you are using that public Wi-Fi. You can protect yourself from being spied on by encrypting your internet traffic. Encrypting your internet connection can help you stay safe in a public Wi-Fi network and avoid having your sensitive information stolen, especially if you're buying something online and entering your credit card info or any other personal information.
A: Do you know in what parts of the world cybercrimes are high?
K: There are different sources. All those sources have different data when you search on the internet. But I would start with one study that Symantec published, a security research company. They mentioned a few contributing factors that attract those cybercriminals to specific regions of the world. They rank 20 countries that face or cause the most cybercrime, and in compiling such a list, they consider software that interferes with the computer's normal function; it can be malicious or cause some trouble; a zombie system. The zombie system is a compromised computer system that another person can remotely control. They also observe the number of websites that host phishing sites designed for computer users to disclose personal data or banking account information. After that, Symantec also obtained data on the number of bot-infected systems controlled by cybercriminals. To start with, obviously, the first place goes to the United States. After that, they have China, Germany, Great Britain, Brazil, Spain, Italy, France, Turkey, and Holland, that's the top 10. And after that, of course, we have India, Russia, Canada, South Korea, and Taiwan. That's from that one source that I think can be considered to be trusted.
A: What types of internet security methods do you mention?
K: There are a lot of them. I would say the most common is VPN. Use it when you're browsing or doing your shopping. It stands for a virtual private network; it hides your IP and sends your traffic through a secure remote VPN server, making it impossible for spies to intercept any data that you're entering or sharing. Another way you can consider is when you log in as an admin, go to your settings and check what encryption is enabled for your Wi-Fi. When you're using your Wi-Fi, even at home, you don't know who your neighbors are. Or what they can do. And there are some old protocols that we used to have, like BPA, they're not secure anymore; there are different attacks that they can use to break into your network. Another thing is to use only HTTPS when you're browsing. You've probably seen that set of letters when you go to any website. It stands for Hypertext Transfer Protocol, and the S stands for secure. Before, we only had HTTP, which wasn't secure. There's a different protocol. Let's say, your shopping, you can use any protocol, but then when you transfer your credit card information, or you're trying to put passwords, make sure that that specific page uses HTTPS. You can always check that in the corner of your browser. Last probably, but not least, it's our messaging apps. We have messaging apps like WhatsApp and Telegram, and they use end-to-end encryption. Even though we have that man in the middle attack, which means someone can intercept that message that you're sending, that message will be encrypted. Even though that attack will be successful, they're not going to be able to read anything, so it's going to be the cipher for them.
A: Would you say that anyone can do cybercrime or just professionals like you?
K: The assumption is that outside hackers cause the data breaches, but it's not always true. There are different types of those attacks. Let's say that a person already knows something that they're not supposed to know, for some reason, an accidental insider. For example, a team member could use a coworker's computer and read files without proper authorization or permission. Access is unintentional, and no information is shared, but because an unauthorized person uses it, the data is considered to be breached. That's a kind of data breach, but that person is not a hacker, just a regular coworker. There are also malicious insiders. That's another example. That person wants to cause that trouble, but it doesn't mean they have a lot of knowledge of cybercriminals. They might be trying to find something they need and then use that data against you. Also, lost or stolen devices. Unencrypted, unlocked laptops, or external hard drives, anything that contains sensitive information that goes missing. Anyone can use it at that point, and you don't know what's going to happen. Malicious outside criminals, like hackers or malicious actors, can conduct different attacks and gather information from a network or individual. We don't know their intentions, but they can use multiple attacks if they're trying to hack you or find your data. Anyone can be that person who can steal your data and cause trouble.
A: What steps can a regular person with no cybersecurity knowledge take to avoid having sensitive data on their internet apart from putting their social media on private?
K: Keep your software up to date and make sure you always install that updated software on your iPhone when it's prompting you to do so because probably 99% of them are security updates. Use antivirus protection. There are so many of them right now, like McAfee. Anything would work. Even if you think you're not doing anything or wonder who can potentially hack you. Sometimes you can search on the internet, download, open an attachment, which can be malware. Also, I will sound basic, but for your security, use strong passwords and never use the same password on different platforms. You should understand that if someone knows that one password you're using everywhere, they're going to have access added magically to all those places. Also, other items I would mention, like the multi-factor authentication. It's not when you only use your password, but after that, you have your app or phone linked, and you receive an SMS notification—That's one more step to keep your data protected.
We don't have to be scared of the internet, but we must be careful and aware of its risk. Secure internet servers are increasing because attacks are rising. Protect your data and your personal information starting now by taking action on simple steps such as using strong passwords and keeping social media platforms private because you never know who is searching your name in Google at this moment.
