How you can understand the real facts behind an attack

If you believe that someone is not professional enough if they got hacked, you are wrong. In the paragraphs below, I want to explain why and help you distinguish between the different factors related to cyber-security and understand the real messages behind each successful attack. Each attack has a different impact on you.

I am going to analyze for you today the messages you should be getting from the latest attack on McAfee’s twitter account.

Message #1: Know the benefits and security drawbacks of each account you have: Social media companies are promoting a specific culture. That of connecting more people together, which is great. However, this connectivity comes with dangers because unfortunately we live in a world where cyber-criminals exist. Do not expect social media companies to change their culture if it comes in contradiction with your security. You are the one who needs to take action by understanding the real value of each account you have based on the information included and deciding whether that risk worth it. Notice, I said understand the real value because it derives from the perception of a cyber-criminal who knows how to analyze the data of any account, find ways to connect them and eventually hack the important accounts you have. I do expect that you understand the benefits and dangers each type of account has, in order to take advantage of its benefits, yet still minimizing the danger. This understanding is a great supporter of your security levels. So, I am not here to tell you to stop using social media. I am here to convince you to learn how to use them correctly and isolate them as much as you can from your important data.

Message #2: Technological companies do not value your security and privacy. Their innovation is driven by sales. True innovation usually takes place at the startup stage of a technological company where they plan their products for years to come. Thus, with the 2012 IoTs (everything got interconnected to the internet) the companies that were on the market longer find it more challenging to adapt and offer security and privacy to their clients. This is due to the fact that in order to do that, they have to start from scratch and be based on more secure hardware infrastructures, which at the moment do not exist. One of those examples are social media platforms, which by principle, are completely against privacy and are definitely not doing much about security either. If already established tech companies would step back and do that (meaning start investing in setting up proper security); they would stay behind competition for a period of time, plus they would face profit issues.

Technology is fired up by speed. So, for example, it would be utopic to expect social media companies to change their culture, which is connecting more people together, but they could improve their authentication methods. The whole message is to do what is in their power as such technological giants have the power to demand even the redesign of a telecommunication infrastructure. The idea is that we have to do our best as consumers and citizens, and collectively force companies and governments to arm us with better security infrastructure.

Message #4: High-profile people are under increasingly higher threat levels, especially security experts: A huge factor that affects your threat level is how valuable of a target you are for the cyber-criminals. Security professionals have high value for hackers for two reasons:

Message #5: Security experts get over exposed to protect you. At least take advantage of that: Security experts do not control the world or the internet. No matter how good they are an attack can affect them too. With their increased value they are one of the most tempting targets for criminals due to the factors I described in point 4. Additionally, in order to help you increase your security and privacy levels they need to loosen their security a bit. Why? Because for you to trust them you need to see who they are and have information about them. In order for them to give you that information and build your trust they have to give up some of their own security. No serious security expert wants their bio out in the internet, their photos, information about where they are and when. When I say, “security experts” I do not refer only to cyber-security, as there are many more specializations out there right now — from physical, to hardware. Simply, they do not want social media accounts associated with them because they know that their habits and behaviors are the easiest to compromise. Not at all! They make this compromise because they value helping you more than their security. Having said that, they always take calculated risk in the process, and I say that from first-hand experience. Calculated risk means that they are careful what information they disclose, and they disconnect as much as they can their social media accounts from anything else. Just to make sure you are taking the right message here; how much a security expert will be affected depends on their abilities.

Obviously, an attack to a social media account in comparison to an attack on their company, where they have sensitive client, financial and other data, has a completely different weight, and should be interpreted differently from you.

Message #6: Challenging authentication dynamics: Based on my experience authentication is often ignored or not done properly. Even in the case of employing second factor authentication (an additional way to check the identity of the user that wants to have access to a specific account); in the majority of cases it is set up or offered incorrectly. Selecting the right way of second factor authentication is an art. It is not enough to only have enabled any type of second factor authentication, but instead, to have the proper one for each case, and each case is completely different. Just to be clear, I am not referring only to social media platforms, but to more important accounts as well such as online banking and this is based on my experience. Second factor authentication depends on the service provider, and in the majority of cases, if offered at all, it is not the proper one or it is not employed and used correctly by its users.

Message #7: The approach to attack on a high-profile target is different from a mass attack. If you think a message to your phone as a second step of authentication can protect from an attack, it is not the case. True, this does not apply to general public, but rather to high-profile and value targets where there is a different approach from cyber-criminals — the so called targeted attacks. Of course, you can never know when and why you can become valuable to a skillful hacker. Right? One thing is certain. There are so many surfaces they can use to attack you. From your devices environment, to your physical environment, to the telecommunication towers, which are triangulating your signal (meaning, reading your location or intercepting, reading and/or altering the message you received) and are easily hacked (which was the case in the McAfee Twitter account hack, why? because they were designed based on an outdated technology), and of course let’s not forget your habits and actions. They have a huge number of possible openings to find a vulnerability of the high-value targets and it’s just a matter of time for a cyber-criminal to achieve their attack goals. Just as a side note, the general public does not require so much effort from hackers. They trick you by taking advantage of your behaviors and habits.

Message #8: Let’s not forget your first factor authentication -your passwords: No matter how they can gain access to your second factor authentication without your password they cannot do much. That is why a strong password weight is gold for your protection.

In summary. the next time you will hear about an attack, go through these 8 messages, and I am certain that you will understand better each publicly announced attack. These messages will additionally help you evaluate your threat levels and better understand cyber-criminals: what triggers them, how to minimize the threat and eventually how to increase your protection environment.

So, I am now turning it over to you.

I cannot wait to hear your comments.

Until next Monday, stay safe!

About Yiota Nicolaidou

Related posts:

Esto es lo que propone en uno de sus seis modelos de negocio el profesor del máster de innovación en el periodismo Miguel Carvajal. Y es que para mi es la forma mas sensata de crecer, ya que si eres…

What is No Fault Collection? No fault collection is a debt collection method that focuses on the debtor’s willingness and ability to pay, rather than on assigning blame or fault for the debt. This…

Having had the terrifying experience of being interviewed on TV, we knew that practicing for a media interview can be difficult: Virtual reality provides a great way to practice media interviews in a…