Let’s talk 22nd century: human hacking & cloud security
During the last year, more than 900 million people have been affected by cybercrime. In the UAE alone, more than 3 million consumers were victims while $1 billion were lost. Here is where cybersecurity companies and startups come in.
“Cybercrime will create over $1.5 trillion in profits in 2018,” says Patrick Nohe in his article ‘2018 Cybercrime Statistics’.
With the latest tech trends such as AI and Quantum Computing, companies specialized in cybersecurity capitalize on cyber breaches.
Major data breaches that happened in recent history are: Yahoo in 2014 with 3 billion users compromised; eBay in the same year with 145 million users compromised; Equifax, 2017, 143 million users compromised; Playstation on 2011, 77 million users; Uber on 2016, almost 58 million users — and the list goes on.
Facebook, Google and other giants’ leaks
Earlier this year, 87 million Facebook users around the world were exposed to a potential data breach by Cambridge Analytica. About 70 million of those users were from the US.
It was revealed by the Observed that Cambridge Analytica was working with Donald Trump’s election team. The firm created a software program that would predict and persuade the vote of those 70 million users.
The app, called ‘thisisyourdigitallife’, paid a fee to every participant who took a personality test. Meanwhile, the app also collected information from the participants’ friends.
“We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.” — said Christopher Wylie, the source who revealed the Cambridge Analytica situation.
Another example is Google, who recently had to shut down Google+ after it was discovered that it exposed privacy data of more than 500 million users. Google knew this since March, but it was only taken into action in October.
Even Apple has not been able to escape this — last month Tim Cook, Apple’s chief executive, stated during a keynote speech that personal data was being ‘weaponized’ to use against the public themselves.
Businesses capitalizing personal data
Cook mentioned that these days businesses are using data to know the users better than they know themselves and that Apple prefers and tries to protect their users against these breaches.
Cook also complimented the General Data Protection Regulation, the GDPR, an EU-based privacy regulation law implemented last May, which gives users and consumers more control over how their personal data is handled by companies.
However, now engineers and scientists also play and explore with the possibilities of hacking targeted computers and even humans.
China has started ranking citizens with a ‘social credit’ system, and according to their behavior, they may be punished or rewarded. They are reminded on public places about the need to behave according to their regulations.
Citizens may be blacklisted from hotels, banned from top schools or their dog can be taken away. They may also be rewarded by receiving better bank interest credits, get discounts on bills or get you more matches on dating websites (If anyone wants a feel of how this can go then watch “Nosedive” (Season 3, Episode 1) in Black Mirror where such a future is proposed).
It sounds unreal but it has been happening for a while and some Chinese citizens themselves have reportedly said it is working for the best of society nationwide: traffic flow has improved and social quarrels have decreased, among other perks.
So taking that this system is officially implemented, what would happen if you could hack your ‘way up to the top’? If you could use your contacts and knowledge to rank yourself as a top citizen. Would this ranking system collapse or lose its original purpose?
The Iranian nuclear plant
The virus that hacked into the Iranian nuclear plant was designed so that it will target the software responsible for the parameters of uranium centrifuge operations in Iran.
Recently, there has been another similar attack on a Saudi Petrochemical Plant allegedly coordinated by Russia. So we can see that cyber attacks towards key targeted computers are coming out in the light, and the risks of a lack of ethics regarding ‘cyber behavior’ wouldn’t potentially be as ‘light’ as the ranking system in China.
However, what does it mean when nuclear plants can be hacked? When people can be ranked, and ‘updated’? “Why bomb a country when you can take over its military communications, shut down its electric grid, stop the payments of pensions and destroy its critical infrastructure?” says Ayman S. Ashour in his article Egypt’s Cyber Dilemma: Technology, Threats and Freedoms.
Knowledge is power and ironically, you’ll find most of the courses about cyber security online, whether it is ethical hacking or going right into the international cyber conflicts that are currently happening now.
We are living inside Black Mirror’s world
Technology now influences all aspects of life. Cyber attacks are now powered by Artificial Intelligence, data is analyzed and used to the researcher’s own advantage.
Citizens can be tracked, investigated and even organized by points. Soldiers can be turned into machines. Factories, companies, and plants can be attacked.
Basically, anything with access to or from a computer can be, as Tim Cook said, hacked and used as a tool, and today that includes humans too.
Companies who are the main targets of these attacks are dedicated to healthcare, retail, finance, aerospace and even as mentioned, governments themselves.
“The cybersecurity industry is a rapidly changing beast in which the good guys and the bad guys are constantly trying to one-up each other,” says James Paine, Inc. contributor.
“As soon as an exploit is discovered, white hat developers scramble to find a fix while the black hats try to take advantage of it for profit — or sometimes just for fun.” James Paine, Inc. contributor.
So who can we trust? Who are these white hat knights? According to RocketSpace website, the top 2018 Cyber Security Startups are battling cyber breaches with Artificial Intelligence to respond in real time, by providing cyber insurance by analyzing tailored risks and tackling those risks, and by using hybrid-cloud environments.
“A security system with several layers is difficult to hack. So, even if your data is targeted, getting through the many tiers of security will be a hassle. The simplest of programs, such as free online email accounts, have multi-layered security, too. Even if accessing your accounts takes a few extra steps, it is still worth the effort, certainly better than losing your data. Using a firewall, making sure your antivirus software is updated, running antivirus checks frequently and updating your programs regularly are all part of maintaining your personal data security.” — Doug Theis, Innovative Integration, Inc.
According to 2017 Cost of Data Breach Study: Global Overview, the average cost of a data breach is $3.62 million. Whereas the cost of each stole a confidential piece of info is $141. Even though these numbers have decreased over the past couple of years, the numbers still remain high to small business and startups who may not be able to afford to recover from data breach liability.
To tackle cyberspies, there is ‘Predictive Security’, a service offered by companies specialized on cybersecurity or a process itself, which allows security organizations to analyze data from security systems and devices, in order to prevent possible cyber attacks.
Making the prey become the hunter: it collects and analyses unfiltered endpoint data, using the power of the cloud, to make predictions about and protect against known and unknown breaches, and provide visibility into attacks that evolve over time.
For more day-to-day cloud computing security systems check this list of 5 security features, or join the course of Cloud Computing Security.
What is your code of practice to prevent cyber attacks? Whether is for personal or professional use, what do you think are the most important things to do to stay safe online? Whatsmore, what do you think are the bigger threats for data breach at the moment?
Cybersecurity and Cloud Security events in the MENA and Egypt
Cybersecurity and cloud security are becoming an important topic in the MENA region as well! Check out the below events — perhaps they may be of interest:
SANS Khobar — December 1–6, 2018. Khobar, Saudi Arabia.
“Join us for SANS Khobar 2018 for immersion training that will provide you with the skills to defend your organization against security breaches and prevent future attacks.”
BSides Cairo — February 2, 2019. Cairo, Egypt.
“A more knowledge-based event regardless of age, academic title or industrial position, and to provide the Egyptian community with an alternative event by removing the current common industrial and marketing-driven conferences barriers and providing a more technical approach regarding all the organization aspects of an information security conference, from the speakers, to the target audience.”
Saudi International Exhibition & Conference for IOT — February 13–15, 2019. Riyadh, Saudi Arabia.
“The Saudi IoT Conference will showcase insightful keynotes, case studies, and breakout sessions, focusing on smart solutions leading the Kingdom in IoT technologies into 2030 and beyond.”
Future Technology Week — April 2–4, 2019. Dubai, UAE.
“Future Technology Week is what happens when you cross genius with technology, when you get major problems that need crazy solutions, and when you must be the first to market with game-changing products that need to be adopted early.”
International Conference on Network Technology (ICNT) — April 9–12, 2019. Cairo, Egypt.
“ICNT 2019 will include several distinguished keynote speakers and three conference days full of parallel sessions, Cairo city visiting, a series of exciting speeches to develop skills in and advance awareness of requirements engineering practices is of particular interest to industry.”
DevOpsDays Cairo — September 9, 2019. Cairo, Egypt.
“Devopsdays is a worldwide series of technical conferences covering topics of software development, IT infrastructure operations, and the intersection between them. Each event is run by volunteers from the local area.”
More 2018–2019 Cybersecurity & Cloud Security events around the world here.
