Cybercrime is a serious global concern that needs strong technical and legal responses. Information is exposed to continuous and virulent attacks by cyber fraudsters and significant harm is done to financial and human wellness. Personal information of millions of people is stored on social media sites and victimisation is becoming more prevalent as cybercriminals are operating from safe haven.
Cybercriminals are more advanced than companies and are developing new, ingenious methods to hack into systems. So it is imperative that IT security specialists should be more proactive and have a competent approach in increasing the security level of their systems. The success factor is to increase the financial effort in establishing the latest security solutions.
Types of attacks and tracing
Social engineering attacks like phishing, smishing, malware, hacking, loss of mobile devices, SQL injections and so on are very diverse/different in approach and this makes tracing them more difficult. Nowadays, the most critical security issue is attack detection and based on the studies on past attacks, there is a considerable gap between time to compromise and time to detect the attack. This shows the depth and knowledge in systems penetration and hiding of penetration traces by cyber criminals.
The driving force for cybercriminals could be financial gain, revenge, fun, recognition or can be an act of terrorism. Cyber criminals target individuals or a property or an organisation.
• Politically motivated cybercriminals crying for recognition
• Cybercriminals who are psychics, financially motivated hackers, or organised criminals including terrorists
• Disgruntled or former employee or ex-friend seeking revenge
• Internet gambling and digital piracy
• Sexual addiction on the internet and child pornography
• Online exploitation of children and women
• Means of terrorism
• Cyber stalking and cyber-bullying
• Victimisation of women on social networking sites
• Malware, hacking and ransomware
• Religious/Political wings in cyberspace and propagation of ideologies via internet
What governments can do?
The internet has no governance in either technological implementation or policies. Internet has no geographical or political boundaries and it can be accessed from anywhere in the world from billions of smart devices interconnected. India is the world’s largest democracy, and we must have a proper Data Privacy Law, Intermediary Law instead of the incompetent IT Act, which needs to be amended as per the present technological scenario.
What organisations must do?
Planning alone is not enough. You should have the security staff and tools in place to execute it and some of the suggestions could be
(a) Having proper security policy and identifying critical security incidents, and having a team with proper plan, role, and communication system.
(b) Use security tools to detect anomalous behaviour in network traffic, endpoints, applications and user accounts
(c) Isolate the affected systems and clean them and reconnect
(d) Identify the root causes
(e) Having production systems back up and testing them frequently
Tips for individuals
Presently cybercriminals are using basic social engineering tactics and commit credit card thefts, financial frauds, shopping, matrimony, romance, jobs frauds, harassment and defamation through social media among others. This happens due to a lack of cyber safety awareness, and it is imperative that we educate ourselves not only on cybercrime but also on internet ethics and digital wellness. The most important tip for any individual is to have consent both on offline and online modes.
(The author is the founder of End Now Foundation, www.endnowfoundation.org)
Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.