With more people connecting to digital platforms given the events of the past two years, breaches on social networking sites like LinkedIn, Facebook, and Instagram have become commonplace.
By Richard Frost, product head: cyber security at Vox
Social engineering and password hacks are increasingly sophisticated with any individual or company, regardless of size, country, or industry sector, now a target.
Fortunately, consumers are starting to become more cybersecurity savvy. Recent memes highlighting the risk of sharing information like your first dog, car, celebrity crush, and so on, which hackers can use to build up a profile of their intended victim have certainly helped in this regard.
But even so, people are still falling prey to social engineering attacks based on what they share on LinkedIn, Facebook, and Instagram.
Social media dangers
It has become too easy for people to live public lives using social media. They share photographs of their kids on their first day of school; they share location-based info on where they are currently vacationing, and they make their profiles public to anyone who can search for their names on a social site.
This either means that most people have innocent mindsets or simply do not care about what they share online. But this is no longer good enough. For instance, consumers must start creating circles of trusted friends on Facebook with whom they share information.
They must also start thinking more about what they post online. A great way to test this is for a person to think about their content from a hacker’s mindset. Most of us will be in for a rude awakening.
For their part, organisations must start profiling their senior executives for social engineering and see what information they have made publicly available online.
And while most people know that it is important to use different passwords for different sites, very few do so. Furthermore, how many people can honestly say they log out from their social accounts or log off from their computer when they are done using them?
Good password hygiene includes creating difficult passwords with 16 characters or more. People should also not use common words in a row and can swap out vowels for numbers. Add in a few special characters and encrypt the password for good measure.
This is where password managers are great tools in this regard. These can automatically create sufficiently advanced passwords for each site. The user simply needs to remember the master password to access the solution.
But even that is not sufficient. If the files on a hard drive are not encrypted, a hacker can simply rip the drive out, and plug it into another machine to bypass all passwords, pins, and biometric access controls.
Heading into 2022, we will start seeing biometrics becoming more accepted as the means to safeguard devices and data. Combine that with a Zero Trust approach where people will not trust anyone until they can prove they are who they say they are, and the environment will automatically become more secure.
Artificial intelligence and machine learning will also be used to build up patterns of user behaviour to protect systems. For example, if you are logging in to your online banking profile in Johannesburg and twenty minutes later a login request from Russia takes place, access will automatically be blocked.
Multi-factor authentication and one-time passwords, while frustrating to some as they create additional steps in the process, will also become more prevalent. Ultimately, the password landscape of the future will be one where a combination of tools and strategies will be used to protect people and companies.
Of course, for this to work, users must also learn how to best manage the content they post online for all to see. Rethink your Cyber stance, use different passwords for different sites, think zero trust – and don’t become a victim of yours or someone else’s mistakes.