With the Fourth Industrial Revolution now in full swing, cybersecurity experts are increasingly raising the importance of building awareness among the general public. The Covid-19 pandemic, coupled with the associated risks of digitalisation, further instils the significance of societal awareness on technology, cybersecurity, and digital privacy.
According to Risk Based Security’s 2021 Mid-Year Data Breach QuickView Report, more than 1,760 publicly reported breaches were recorded in the first six months of 2021, exposing a total of 18.8 billion records with personal information. Breaches, such as this, can be largely avoided when consumers and companies work together to build a safer digital space.
CYBER AWARENESS AND THE GENERAL PUBLIC
“The public has an idea about cybersecurity, which involves younger people sitting with hoodies in the dark on gaming machines pouring through neon code attempting to steal information access and nuclear codes,” said Andrew Schumer, Technical Director at Axon Technologies.
“All communication is geared toward this false perception, creating more false perceptions. Cybersecurity is becoming harder to understand in terms of clarity,” Schumer explained.
Schumer added that the public see data protection primarily as a password-based protection – which is considered a hassle. The priority now is to address cybersecurity as a collective effort and treat all individual data points a part of a larger ecosystem. Despite the complexity of cybersecurity, most attacks can be stopped at the user-level with proper awareness and training.
DIGITAL TRANSFORMATION AND THE TECH-SAVVY CRIME INDUSTRY
According to Jim Magats, Senior Vice President of Omni Payments at PayPal, the scope for fraud and scams are increasing, as businesses and customers have moved online, and cashless payments are growing faster than expected, in the wake of the pandemic.
The Cashless Countries Report by a UK-based price comparison website ranks the UAE as the eighth most cashless society in the world, with a likelihood of becoming the first cashless country in the Middle East thanks to the 83 percent of its population owning a debit card.
“Whilst there are many benefits to a cashless economy, businesses and consumers must stay vigilant as the influx of digital transactions have given rise to a plethora of online fraud ranging from identity theft to tax scams,“ he noted.
As per a recent report from the Ponemon Institute and PayPal, organisations recognise the need for digital transformation to stay competitive in this new digital era, but 81 percent of the respondents agree that they’ve become more vulnerable to online fraud.
“Magats added that at a fundamental level, small and medium businesses should monitor their transactions and customer accounts to identify any red flags.
For Schumer, the shift seems that a successful cyber campaign involves working with people at their comprehension and need.
“Like most situations, building new and healthy behaviour is better achieved when you positively incentivise rather than punish,” he said, adding that it happened because threatening employees doesn’t work as it creates an atmosphere of doubt and oppression, widening the trust gap between the management and the rest of the company which will further increase the risk.
The Middle East is directing its efforts towards the cause, developing some of the most comprehensive government programmes and organisations in the world.
In places like the UAE, for instance, this can serve as a double-edged sword.
“People believe the government has the responsibility to keep them safe from malicious cyber-attacks or data leaks,” Schumer noted.
“This is very dangerous, as the only way to keep data secure is to incentivise organisational commitment.”
He outlined a series of recommendations that could help tremendously, such as taking ownership of one’s data and security, thinking about security, and feeling responsible, while keeping home life and work life separate on devices.
Keeping passwords secure and at 11 or more characters and numbers, are also vital tools to help protect the public from cyber threats.
Ultimately, however, the fundamental understanding of the value of cybersecurity is perceived as the primary challenge today.
“We still see organisations with one or two people working in IT, given the responsibility of cybersecurity for over 1,000 people,” Schumer explained.
“This cannot be achieved, and at this point, they are barely able to cover the holes in the organisation.
The culture and comprehension of the job, whatever it is, should include safety and security.”
Should this mentality of “zero-value” continue, he warned that the breaches will be more extensive and more costly.
Starting small with low-cost programmes and basic simulations will prove crucial in helping people understand the necessity and outcome of cyber-related incidents, as well as creating department incentivisation schemes and making it well known that cybersecurity teams are working to ensure a safe, essential and productive environment for all.
And the shift is timely.
As we move towards even more remote working and ‘cloud adoption’, a massive increase in attacks, breaches, and opportunistic approaches to cybercrime have been recorded.
Such an increase is driving the awareness, with more institutions beginning to understand that attacks are not just related to credit card information or emails, but to Operational Technology (OT), which could disrupt oil, gas and essential services.
“It’s vital to have awareness and keep the attention fresh because we want to protect against these attacks,” Schumer concluded.
“We want to know how to fix them when they happen, and we want people to be prepared. Remember that it takes one opportunity to gain access and wreak havoc – still, thousands of hours of work to stop that one attack. We see an increase in awareness; sadly, because of the increase in attack frequency and damage being done”.