“The house that is the Internet has been built on a shaky foundation, but it has been the home of some the greatest innovation in history.”
The ninth workshop at the Arab IGF followed the theme of “Information security: culture, knowledge, and application”. Khalid Samara, Network Information Security Supervisor at Orange, Jordan, and Shadi Al-Seuri,Information Security Professional at TL – Zain, Jordan, covered the topic through a series of examples, in order to clarify the risks of Internet use.
In fact, the only way to be completely cybersecure would be to forbid everyone from downloading or installing content from the Internet, exercising close and constant surveillance on all online activity, and requiring 100-word-long passwords followed by a special whistle or hum to access any account. The amount of threats and malware out there is ridiculously overwhelming, and the long and winding road to cybersecurity depends on a balance between confidentiality, data integrity, and data availability.
Slide explaining the Information Security Triad
The speakers discussed the different types of cyber crimes, from password attacks, to phishing, to “dumpster diving” (acquiring confidential data by recovering deleted files and compiling them), etc. There are also five types of hackers, namely white hats who are hired by companies to find and fix their weaknesses, grey hats who do it independently and then sell their work to the companies, black hats who are highly experienced and use the weaknesses of companies for their personal gain, hacktivists who use the loopholes in favor of a cause, and script kiddles, who download scripts from the Internet and use them to discover confidential information.
“A breach WILL happen. When it does, will you be ready?”
What was once known as the “Internet of Things” has developed so quickly and exponentially that it can now only be called “the Internet of Everything”. This means that it now encompasses everything from physical security threats, like credit cards and access IDs, to tech security threats, like inpoint security and firewalls. The problem is that with smart electronics, everything has an IP address now. This means that everything has internet access and can easily be hacked. Security risks are hence becoming more and more complex and invasive, and hackers can even become “uninvited guests into our homes”.
Khalid Samar describing the three makings of cybercrimes: opportunity, pressure, and rationalization
As end-users, we have no way of knowing if we are compromising ourselves through choices like installing security cameras. We are vulnerable to a vast array of threats for Internet predators to choose from. For instance, “ransom attacks” are as simple as sending a virus to encrypt all of the files on a computer, then sell them back to the owner for bitcoins, a virtual currency. This is one of the rare instances where you can have a backup plan. Literally: BACK ALL OF YOUR DATA UP. Another example is social engineering, which is more targeted. Long story short, if you get a call from a new IT tech to resolve an issue you reported, never ever give them your password. Ever. The most disturbing example was that of social media. Say you post a picture with your house in the background. If the wrong person got their hands on it, they could call your bank, give them your address and phone number (which they figured out from your IP address) as answers to their security questions, and empty out all your accounts. So posting sensitive information is also a massive no-no.
So the take-away is this: awareness awareness awareness. The ease of use of any system is inversely proportional to its level of security, so we must never take cybersecurity for granted. The debate of freedom of expression versus cyber safety is ongoing and becoming increasingly complicated. Meanwhile, as we try to find a balance, it might be worthwhile to start reading those mind-numbingly long privacy policies and terms and conditions we blindly agree to.