Cyber security is an area of great importance both for ordinary web users and large corporations. One of the most troublesome phenomena over the last few months has been cryptojacking. It involves cyber criminals secretly using a device’s calculation capacity to mine cryptocurrencies. This threat is increasing all the time. Figures show that in the last year it has overtaken ransomware, which is the theft of the contents of computers (mainly company ones), followed by ransom demands for their return.
In the next few years, hackers could start to carry out cryptojacking via the use of intelligent devices connected to the Internet of Things. The security of such devices has long been the subject of criticism and has been beset by problems due to the lack of a single standardised protocol to be adopted for the manufacture of smart objects.
Thanks to automation, cyber criminals could soon be able to use web trackers, with the aim of tracing their victim’s navigation history, but also to collect information from data brokers.
IT security and privacy
Another important chapter in the field of cyber security is privacy, an issue which has been very much under the spotlight in 2018, due to both the GDPR and the Cambridge Analytica scandal. According to research in that sector, it is very likely that in order to safeguard their privacy, users will gradually move to different platforms from those currently in use.
Data is crucial in the current economic model, one reason why the ability to protect it is becoming more and more important for businesses. Client data protection has in fact become a real emergency, one reason why, in the wake of GDPR, it is likely that ad hoc laws will also be introduced in other parts of the world in order to improve the situation.
The main risks to data
Cyber security and Data Protection are disciplines which involve preparing for different types of attack, which are all pose a risk to data security. Among the most frequent is phishing, which is when cybercriminals send out emails which closely resemble official communication from a company or organisation trusted by the targeted user (eg the bank where they hold an account). These emails usually request sensitive personal data, such as a password.
Unfortunately, such situations have become the norm, as demonstrated by the folder known as ‘Collection#1’, an archive containing over 700 million emails and more than 21 million passwords. Published on the Mega cloud service, it was discovered by a researcher working on IT security and removed a few hours later. According to experts, it is the largest database of sensitive information ever found on the web.
Users wishing to avoid their personal information meeting a similar fate are advised to carry out a thorough screening of the emails they receive. Phishing messages, despite being well constructed, always have some details which should set off the alarm bells, such as spelling mistakes due to inaccurate translations or domain names which differ from the official one of the company whose correspondence is being copied by the hackers.
Another useful piece of advice is to check for any violations of your personal email account. This can be done by using sites such as HaveIbeenpwned.com. All that is required is to insert your email address in order to get a clear report detailing any violations in just a few seconds.
It is very important to change the password you use for the most sensitive services, such as those relating to Internet Banking at frequent intervals. To avoid problems, it is best to use a system for generating passwords, which will help create passwords which are hacker-proof. In addition, cyber security experts suggest the use of a two-factor authentication system when logging into your social network profiles.
Translated by Joanne Beckwith