Cybersecurity - Better Safe Than Sorry

The other day, my close friend received a call from the bank stating there was a large transaction on her debit card in London.  The amount was more than her monthly earnings!  She took instant action, reported the transaction to the bank and blocked the card, changed all passwords, did everything the bank asked her to do.  Thankfully the bank suspended the transaction.  But the stress of going through all that and the long wait before getting the money back in the account plus the hefty service charges paid to the bank, set me thinking that I should write something on cybersecurity.  But being as naïve in this matter as most of the general population, I asked my cousin Ameya, who is a technologist, to help me write something by providing points which I can elaborate.

Ameya has been kind enough to write a whole blog on the matter with inspiration and contribution from Nisha, his better-half, who teaches cybersecurity.  I am sharing the same below.

Right from my childhood, I have enjoyed watching crime investigation serials and reading detective stories, esp. Sherlock Holmes. I still do. 😊 But, gone are the days where the detectives needed to deduce using the power of observation, knowledge and deep thinking. These days, most stories have mobile location footprints, social media posts, CCTV footages, histories on devices and google searches to assist the investigators. But the ying-and-yang philosophy applies here too. Technology today is an equally potent ammunition for criminals, if not more.

In the last two decades, working close to technology has given me an opportunity to understand and watch this space - the internet, ecommerce, mobile phones, apps, social media - evolve and get deeper and deeper integrated into our lives. This blog is an attempt to create a level of awareness of the risks associated with this hyper-integrated cyber world. The risks are real and are huge! They apply to most (if not all) people, organizations, governments, industries – irrespective of the level of technology used by them. I do not attempt to talk about technical aspects of the risks or attacks here, nor do I attempt to list the precautions to be taken. Those are deeper subjects and change every day and perhaps may be topics for subsequent blogs.

 

Three stories: All of us, The Organizations We Deal With and Our Country/Government!

 

All of us could be possible victims!

One afternoon at work, like we always did, we were getting together for lunch. Some of us were wondering where one of our friends was. That day she arrived late – just in time for lunch. The entire lunch conversation that followed was about how she became a victim to a “google-pay / paytm” based fraud which many have fallen prey to. She attempted selling a sofa set on OLX; she received a call from an army personnel interested in buying it who wanted the sofa urgently at his home in Mumbai; he could not come personally to collect it; nor could he pay cash given his posting/duty.  So he offered to pay through Google Pay. But, instead of paying, the person withdrew money from my colleagues account – by tricking my friend into entering an OTP to receive funds.

Times of India, March 8, 2021

This was over 18 months ago. Just few weeks ago, Arvind Kejriwal’s daughter was also duped of Rs. 34,000/- through the same modus operandi. As per the reports I’ve seen till date, some arrests have been made, but the masterminds are yet to be found.

This is an example of a well thought-out story woven with “psychological tricks” (urgent need, army personnel, on duty, wanting to help home) that makes gullible individuals fall prey to it. 

More than 95% of the cyber frauds are due to lack of awareness or human errors.

 

Organizations we deal with

Imagine this – you go on a vacation with your family for a week. One of the stays is in a Marriot hotel. (Marriot owns many brands – Renaissance, Sheraton, LeMeridian, Courtyard, Four Points among others).  You return rejuvenated with many memories (and photos) to cherish!  A year down the line you read this: The Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. Your credit card details, your passport details are in the hands of the criminals and probably being sold on what they refer to as "The Dark Web."

Or you regularly order food from Zomato. Which was also hit by a similar attack. 

Times of India, March 8, 2021

Most organizations we transact with have information about us. Be it credit card, our transactions, our user ids and passwords, our addresses, our mobile device/computer details, likes/dislikes, et al. These are of interest to many, not just for financial gains, but for several other reasons too.

Not all of it is within our control! hence, being aware and vigilant is the need of the hour!

Just keeping a watch on our financial transactions, our emails, having strong passwords, changing them frequently are simple things within our hands which reduce the risks of us being impacted by crimes like these.

Our country and government

Many elections are being influenced by well-engineered social network management teams – from within the country or outside. Cyberspace is the new battlefield for wars these days.

Today’s paper carried a Swaminomics blog by Swaminathan Aiyer, claiming we should focus more on cyberattacks from China than on the toolkit issue. It speaks of the two power outages in the recent past in Hyderabad and Mumbai, being caused by cyberattacks. While that is not something that governments have publicly accepted, I know for a fact that in 2019, the Kudankulam nuclear power plant in Tamil Nadu was under cyberattack and had to shut down.

Such breaches are significant. These could have caused a disaster too. Blow up the entire power plant, or transportation network (air, rail, roads etc.). Just two weeks ago, a cyberattack allegedly tried to poison Florida’s water supply.

But thanks to systems being there in place, most of these attempts were stalled in time and major disasters averted. So, while the risks loom, it is not all that gloomy!

For fun you may recall the Italian Job movie where the road CCTV and Traffic Light networks being hacked into for the heist.

 

How Not to be Sorry

One of the quotable quotes from Readers Digest that has stayed with me is “Trust in God, but lock your car”.

So, while our governments and institutions are doing their bit to help our privacy, our safety and reliability of services. We still need to do our bit, we need to be aware and be vigilant.  There are hundreds of places to learn more. Go ahead and improve your awareness.

10 Simple tips:

1.       Any offer / promotion received via SMS/email/WhatsApp/phone which looks a little too good is fishy (Phishy!). Avoid falling into the trap.

2.       Having strong passwords: 8 or more characters, no words / names / birthdates

3.       Do not share OTP over phone. Please bear in mind that OTP or a passcode is needed only when you need to pay, not when you need to receive.

4.       Do not open email attachments from unknown senders

5.       Review privacy/visibility of your posts on social media – keep access to people you know

6.       Be careful of what you post – are you revealing more than needed?

7.       Any spurious activities on your social network, please act immediately. Change passwords!

8.       Be careful of what you download! It could contain malicious software which could steal information from your devices (especially .exe files)

9.       If you are transacting online, please do so from secure sites and your own devices.

10.   Be skeptical on what you read online (WhatsApp, Facebook, advertisements) until you validate and revalidate from at least two authentic sources

& there could be many more… but I’ll stop here.

If you are interested in more details, please find the link to the booklet released by government of Maharashtra:

 https://www.bankofindia.co.in/pdf/CyberSecurityAwarenessBookletbyGovtofMaharashtra.pdf

I hope you found the article interesting and helpful.  If you did so, please mention in the comments.  The greater the number of comments, the more pressure I can put on the lovebirds to contribute more to the blog! And of course, subscribe and follow to get alerts on new posts.

Disclaimer:  This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the authors. These do not represent views/ opinions of people, institutions or organizations that authors are associated with in professional capacity.

About the Authors:

Ameya is a technologist, a wanderer who dabbles with photography and cricket in free time.  Nisha is an Asst Professor who teaches Cybersecurity and Cyber forensics to budding engineers.  They are a foodie couple who enjoy travelling whenever they can fit it into their busy schedules.  I am proud to have such talented cousins!