The Journey to Protection, Vol 1.

by Ryno Nel | May 25, 2021

I ended my previous article by saying that 95% of cybersecurity breaches are caused by human error or human intervention. Before I kick start this article with some ideas and approaches on how to secure your end user access points, take a moment to absorb and digest the realism of cybercrime through the recent 2021 stats from How Many Cyber Attacks Happen Per Day? [2021 Stats and Facts] (techjury.net):

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of cyberattack.
  • There were 20 Million breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Around 94% of all malwares are spread through email.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet

For deeper insight into the magnitude and amount of daily cybercriminal activities around the world you can visit the website https://www.fireeye.com/cyber-map/threat-map.html.

To illustrate the contents from this website I have extracted a snapshot from the above website on the 21st of May 2021 at the local time of 10:52:29. A total amount of 330,745 cyberattacks had already been recorded for this day alone. This clearly illustrates that there is no indication that they will end their relentless attempts and attacks any time soon and that companies and organisations need to protect themselves and their employees effectively against such breaches. Both the users within the organisation and the organisation itself have knowledge and information about each other and therefore the ability to protect must be universal and coherent.

What intrigues me the most is the Top 5 Reported Industries that are constantly under attack. The Top 5 recorded industries are:

  1. Financial Services
  2. Services/Consulting
  3. Telecoms
  4. Manufacturing
  5. Insurance

These industries are very common throughout the world and my prediction is that each person reading this article is either directly or indirectly exposed to at least one of these top 5 industries. This means that 99.99% of information or data, whether it is company or employee related information or data, is recorded at some financial institution, telecommunications, or insurance company. This just goes to show how vital it is that protecting yourself includes protecting someone else and we need to work together if we want to successfully combat cybercriminals and hackers.

So, what exactly do I mean by saying that human error is the leading cause of cybersecurity breaches?

The definition of a human error can be described as follows:

Human error refers to something having been done that was –

  1. “not intended by the actor; or
  2. “that led the task or system outside its acceptable limits”.

So, what do we have to do to minimise the risk that we become a victim?

When looking at a simplified IT infrastructure, as outlined below, the most common entry point or targeted spectrum for any cybercriminal or hacker will be at the end user access point that is ultimately controlled or operated by a human being. For this reason alone, it is of utmost importance that everyone within the organisation is continuously trained and sufficiently equipped to combat any attempts made by cybercriminals or hackers.

So where do we start?

We start off by identifying the various methods or applications we can use to strengthen our access codes to any end user access points.

The most common access codes used are a pin code or password with less common methods being facial recognition or biometric scanners such as a fingerprint. In most cases the type of device you use will determine the combination of the above methods. For example, desktop users will be more limited to pin and password methods while mobile devices, such as laptops, may allow fingerprint or facial recognition as additional options.

The key here is to differentiate your login methods by using various methods as access codes. The problem when using a single set of access codes, such as passwords, is that users often use similar structured passwords for various login platforms. This puts them, and eventually the business or organisation, at higher risk because once a hacker has your initial login password, they would most probably be able to hack any other sites or company databases if a similarly structured password were used. With the magnitude of applications and platforms that require a username and password it is almost impossible for a single person to remember which username, but more importantly which password, has been created. And so, as human beings we will try to make life easier by using a common password. Unfortunately, this could ultimately make life worse for ourselves.

There are quite a few ways to go about structuring your password. We like to recommend the software called KeePass. What makes KeePass so effective is that it allows users to generate complex and sophisticated passwords based on certain requirements, such as Upper-case, Lower-case, Digits, Minus, Underline, Space, Special characters, and Brackets. You can even decide the length of the password itself. Now think about this: – generating a password with a length of 36 characters that comprises a combination of the above-mentioned different character sets? WauAmazing right!

Imagine setting up each application or login platform with these complex and sophisticated passwords. If you want to check and see how they calculate the time it will take to crack a password visit Estimating Password Cracking Times (betterbuys.com) for more detail.

So now you have a collective database, a database that is stored on your local computer, with all your usernames and passwords. The only tricky part when using KeePass is that you will have to create a complex and sophisticated password just to gain access to your KeePass alone, and this password will have to be structured in a way that you can remember it. But it is much easier to remember one complex password rather than multiple complex and sophisticated passwords.

What combined method will work effectively?

The best solution would be to set up your device using the following combined method:

  1. Using pin codes, facial recognition or fingerprint scanning to gain access to your operating device.
  2. Using your ultimate password to gain access to your KeePass application which then allows you to gain access to the database that houses various usernames and passwords.

To put this into context, if for some reason someone gains access to your computer by knowing your pin code [Unless you have a doppelgänger, facial recognition or fingerprints will be difficult to mimic] or you left the computer unattended and have not securely logged off, at least all your passwords are protected and it would be extremely difficult for a hacker or cybercriminal to gain access to any other platform or application.

Another very important notice – NEVER, NEVER, NEVER let any web browser or system remember your username and password, regardless of how convenient it sounds, as this is the easiest way hackers or cybercriminals can get access to sensitive systems, applications, and information.

Additionally, in using username and passwords, there are also Authenticator Apps, such as the ones for Windows and Google, that cycle the one-time password codes every 30 seconds. This is one of the best solutions I have seen. If only this could be applied on every platform and application, then our fight against cybercrime activities would improve dramatically.

For now, I will end by saying: Stay safe and keep those safety guards up.

If you have any questions or comments on the contents of this article, please do not hesitate to connect with us.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *