30 September 2020

How safe is the cyber world?

By Ts Dr Kelvin Yong Sheng Chek

We are often concerned about criminals or thieves invading our private spaces such as our home, neighbourhood or office. As a preventive measure, we install physical defences such as grills, walls, fences, and locks, or hire security guards to protect our surroundings. On top of that, we reinforce our defences with the use of technologies such as alarms, CCTVs, proximity card reader, biometric reader, and other similar technologies.

Today, the boundary has expanded to include the cyber world. With most things connected and accessible online, this creates great convenience to us but also giving the criminals new access or method to execute their evil desire. These criminals called cybercriminals are interested in your personal information or company’s secret which can be sold for money. They can also extort you by taking your system hostage digitally or use your machine to perform illegal activities such as launching an attack against a target.

Cybercriminals have many tricks up their sleeves. They can be very persuasive in tricking their victim to give out his or her private information or perform an action. We hear about countless victims duped by the smooth chatter online who will flirt and tempt them with non-existent expensive gifts and money. Cybercriminals also use urgency to force the victim to make an impromptu decision without having the time to properly analyse and consider the legitimacy of the request.

Such a technique is called social engineering which is commonly used and quite effective. These cybercriminals do not need any technical knowledge or skills to perform this. All they need is the skills of tricking people using their words.

There are other ways which require knowledge of the system or network in order to steal private information. One of the methods is by using WiFi. We all love free WiFi, but do be careful and refrain from logging in to any site using free, public WiFi.

This is because cybercriminals can install a WiFi access point with the same name as the public ones. We might accidentally connect to the rogue WiFi access point thinking that it is the free WiFi provided by the eatery. This will allow the cybercriminals to access information that you enter while you are browsing the internet as every information to and from your browser will need to pass through the rogue WiFi access point.

With the COVID-19 pandemic and the Movement Control Order (MCO) imposed until the end of August, most people are working from home. Businesses are forced to go online in order to ensure business continuity and now, they are becoming more technology-dependant than ever before. Such a situation is attractive to cybercriminals because our home internet setup is not as well-protected against cyber threats as the setup implemented in our offices.

Therefore, it is not surprising to see the sudden spike of cybersecurity cases that were reported throughout the MCO or lockdown period in other countries. The issue of Zoom’s vulnerability which causes user accounts to be compromised and the possibility of Zoom meeting being eavesdropped further escalated the problem. This cybersecurity threat also affects other providers of video conferencing tools and remote access systems.

But all is not lost. As there are cybercriminals out there with their many tricks, there are also many cyber defenders defending against these cybercriminals. These defenders come in many shapes and sizes, from those who monitor and discover new techniques used by the cybercriminals, to those who produce the countermeasures, and those who perform forensic investigations on attacked sites, just like in the CSI series but in the cyber world.

These ‘heroes’ work hard to tackle these criminals to ensure a safe cyber world for all of us. It is a never-ending cycle of cybercriminals finding new ways to exploit and the cyber defenders producing new solutions to these attacks.

How about us, the normal citizen of the cyber world, you may ask? We can take precautions in our daily activity in the cyber world such as not clicking on suspicious links, installing anti-malware software, keeping our software updated regularly, ignoring any calls or messages that require us to reveal sensitive information, always checking with banks or authorities to verify information, and changing your password from time to time.

We all can do our part to stay secure, not only in the physical world but also in the cyber world. Stay safe!

Ts Dr Kelvin Yong Sheng Chek is a lecturer at the School of Information and Communications Technologies, Faculty of Engineering, Computing and Science at Swinburne University of Technology Sarawak Campus. He can be reached via email at kscyong@swinburne.edu.my.