Careless web users making breaches easy for hackers
Employees contribute to companies vulnerability
ABU DHABI // Internet users are leaving themselves open to hackers who will access their personal accounts and employer’s systems, resulting in disruption and financial losses.
Security consultants warned that a spate of cyber attacks, including the Wannacry and Petya viruses, has held businesses to ransom.
Among the victims were the Ukrainian central bank and Russian oil giant Rosneft.
Simple errors such as opening emails from unknown senders were among the possible causes of the latest attacks.
This week, the UAE telecoms regulator TRA warned users of ransomware, adding: "Do not obey the hackers, there is no guarantee that paying the ransom will lead to the decryption of the files."
A study by the Global Commission on Internet Governance estimated that 80 per cent of all attacks are a result to lack of user compliance, warning that "digital hygiene, such as downloading software patches, changing passwords and not clicking suspicious links, could address between 80 and 99.9 per cent of all attacks".
Eddie Schwartz, executive vice president of cyber services at DarkMatter’s in Abu Dhabi, described it as "a type of malicious software designed to block access to a computer system until a sum of money is paid – online users should not click on links or attachments included in emails that are unsolicited or from unknown senders".
Recent attacks mean that "every day individuals need to be aware there are threats everywhere and their behaviour when connected to digital networks needs to be a considered one" stresses Mr Schwartz.
There are a number of basic steps that consumers can take to ensure they are secure on the internet or using applications on their smartphone.
Hackers tend to look for personal information and "it can be a goldmine for criminals looking to spoof our identity. On social media sites like Facebook and Twitter, users should set privacy settings so only their chosen friends can see details. They can also restrict the amount they publish," said Mr Schwartz.
Phishing is now considered to be one of the most common types of computer attacks, "whereby a criminal pretends to be from a legitimate source, often a bank or utilities provider, to trick customers into giving out passwords or even making a direct payment".
"As a very basic rule, do not respond to anyone requesting your banking ID, account numbers, username or password, or passport ID, be that by SMS, email or an old-fashioned phone call. Most reputable banks make clear that they never ask for this information in whole after your account has been set up," said Mr Schwartz.
Joyce Hakmeh, academy fellow with the International Security Department at think tank Chatham House, said "human compliance and vigilance is a must when browsing on the internet or opening links and files from unknown sources".
Scott Manson, cyber security leader for Middle East and Turkey at Cisco, said one of the ways to protect individuals and companies from ransomware is back everything up, meaning there is no threat of losses, and including on devices like iCloud, which have layers of security.
Mr Scott stressed the importance of backing files to ICloud and other applications to make it harder for hackers to access data and information.
"If vulnerabilities aren’t patched, an organisation will continue to be at risk for infection by this ransomware".
In another stance, purchasing goods online is a daily event for most of the public, Ms Hakmeh highlights the importance of avoiding fraud by stressing the need to use a credit card instead of a debit card "you can claim fraud on your credit card and can get the money back – however – with a debit card the money can be easily cleared out of an account and you won’t be able to claim it back".
Mr Manson urged that "it really is down to the cooperation and workplace to implement threats awareness and ways to stay safe on the internet among its employees".
Updated: June 30, 2017 12:15 PM