Data leaks on the Internet have increased by one and a half times, but there is a way to protect yourself
[ad_1]
It just so happens that today we live in an “era of change.” Realizing that an engineer’s view of global problems will always be one-sided, I will nevertheless assume that the root cause of these changes is the creation of a global computer network. It is thanks to the exponential growth in productivity and the mass distribution of computer systems connected to the global Network that big data technologies, artificial intelligence, the Internet of things, and three-dimensional printing have emerged and reached maturity, allowing us to move to a new level of the economy – digital.
Global connectivity, the spread of mobile communications and social networks give rise to a new social reality and allow us to conclude that relatively soon we will come to a new type of society – an information society. At the same time, it is equally obvious that we, people, for the most part, do not keep up with the new reality. Modern life is so complex and diverse, and the information field of our contemporary is so overloaded that, according to the apt remark of the American humorist, author of comics about the absurdity of modern office work “Dilbert” Scott Adams, “today all people are idiots.” Adams, of course, meant that a person in the modern world is not able to be at all competent in the whole variety of modern technologies and relationships outside of his professional competence and social circle.
That is why it is not surprising that there are regular reports that scammers have defrauded a famous scientist or deputy minister of a large sum of money. Of course, fraud and betrayal of the trust of seemingly highly intelligent, competent people who are not prone to hasty decisions have occurred before. But today, thanks to the same new technologies, artificial intelligence and big data, this type of crime has been put on stream. Alas, not only industrial and creative processes, but also illegal activities are well automated with a significant reduction in cost. Modern fraudsters and criminals do not need to personally be at the crime scene; everything can be done remotely, being on the other side of the world. Today, an attacker, armed only with free programs, fake accounts on social networks and using publicly available services, is able to cause significant damage to both an individual and an organization. The closer we are to the information society, the more crimes there are in the information sphere.
In fact, we see that the share of crimes in the information sphere is increasing quarterly. Although no one in the world keeps uniform statistics on all such threats. We can draw this conclusion based on statistics on the number of cyber attacks, data leaks, computer crimes and cyber fraud. According to Surfshark research, the number of data breaches in the world in the second quarter of 2023 increased by 156% over the year. At the same time, Russia firmly holds second place in the world in the number of both cyber attacks and data leaks. The European information collection portal “Statista” notes that the average cost of one data leak in the world in 2023 has increased to $4.45 million, and in general, crimes in the information sector in 2023 will cost the global economy $8 billion. Tripwire analysts noted that The world experiences at least one cyber attack every 39 seconds.
Domestic experts cite orders of magnitude lower figures: 170 attacks on Russian companies per day, 20 million rubles average loss without taking into account reputation from leaks, an increase in the number of incidents by only 17% compared to last year. But at the same time, they put the Russian Federation in first place in terms of the number of attacks in the world. And all experts note that the complexity of attacks has increased significantly, while more than half of the cyber attacks on companies were targeted. That is, the attackers knew exactly about the vulnerabilities of the object and acted with the specific goals of gaining access to confidential information or disrupting the normal operation of the object. Unlike most attacks of the past, where attackers would randomly search for a victim by simply going through all the portals in a row looking for a vulnerability, or send out mass emails in the hope that someone would accidentally run malicious code, today’s attacks are based on careful research into how infrastructure of the target object, and by analyzing information about the company’s employees.
Unfortunately, attacks on individuals in the information sphere have also become targeted. Just last year, telephone attackers simply called all known numbers from open or criminally obtained directories, sometimes knowing the name of the owner of the number, and introduced themselves as “bank security service” or “investigator for particularly important cases.” They used primitive psychological mechanisms, which only a very naive and vulnerable person can fall for, and lured out small, generally speaking, money. And already this year, scammers purposefully select specific wealthy people, about whom they find out a significant amount of details, analyze their public behavior, identifying specific psychological weaknesses. And they call, introducing themselves and faking the voice of their boss, children, relatives to commit fraudulent actions, leading to large financial losses.
That is, both in attacks on companies and in attacks on individuals, “cyber intelligence” is carried out, combining elements of searching for vulnerabilities, open source intelligence and human intelligence. The use of the last two factors – open source intelligence and human intelligence – is of particular concern, since there are no countermeasures against them within the framework of the concepts of ensuring information security and protecting critical information infrastructure. Unfortunately, even if we fully ensure the protection of information in an enterprise, we will not be able to protect it completely.
The weakest link in the information sphere—the human being—remains outside of standard information security practices. The only aspect of human protection in the information sphere that receives any attention is protection from “harmful” information, whereas, obviously, it is possible to deceive a person and force him to act to his detriment with the help of harmless information, and even with a simple stream of current news. Alas, the tasks of human protection at this level go not only beyond existing practices, but beyond the current understanding of branches of science.
So can we protect against this new type of targeted attack with existing mechanisms? Rather yes than no. Yes, not one of the methods will solve all problems, but at some stage it will help. The latest generation of defense tools, like offensive tools, introduce artificial intelligence that can recognize the work of other artificial intelligence used by fraudsters. Thus, even the most modern generators of a fake video stream, used by fraudsters in video communication and video authentication systems, cannot completely replicate the defects of real video camera lenses, so at the current stage, AI embedded in security systems can recognize fake video. Banks and telecommunications operators are introducing voice assistants that are trying to prevent the well-known mechanisms of “divorcing” pensioners out of money. These mechanisms work. Against cyber intelligence, large companies are implementing cyber counter-intelligence services, in particular, removing data about decision makers from open data and public space. But the main method of protecting the individual in the information sphere remains training. Training in information security and information hygiene measures. In relation to corporate security, training is the task of the organization, but in relation to personal protection, it is a private task. If you want to protect your funds or the funds of your loved ones from scammers, then you should take financial security training. Fortunately, in the field of financial cyber fraud, the problem has long been recognized by the Bank of Russia; the government has adopted a strategy for the development of financial literacy, within the framework of which a knowledge base is maintained and events are regularly held, including to combat cyber fraud. If you are warned and trained, and personally protect your personal data, then the risks of a targeted attack against you are reduced. So if you want to protect your funds, you need to study, study, study.
Newspaper headline:
How to repel a cyber attack
[ad_2]
Source link
