Business TimesPREMIUM

Privacy laxity exposes us to cyberattacks

It's not possible to overstate the cybercrime threat

Constant water bursts, electricity outages, illegal dumping and potholes are just some of the issues facing Johannesburg as its infrastructure buckles under the strain of a malfunctioning planning department.
Constant water bursts, electricity outages, illegal dumping and potholes are just some of the issues facing Johannesburg as its infrastructure buckles under the strain of a malfunctioning planning department. ( Sydney Seshibedi)

Recently operations at the Western Cape Blood Service had to switch to manual mode when a cyberattack brought down its systems. This news arrived as Transnet started restoring its systems after what may have been a ransomware attack. In 2019, the City of Johannesburg had to untangle the damage from a successful breach by online criminals, and last year a justice fund came under attack.

While we spend a lot of energy discussing these attacks, one narrative remains overlooked - concerns over data privacy. If we can turn such concerns against cybercrime, the digital world would be a much safer place. But we're not. We don't even seem aware that there is a connection and thus a misdirection of effort.

When it comes to our priorities in the digital world, data privacy ranks very high. Specifically, we worry about what social media sites and tech giants do with our data. Often these narratives let users off the hook. Few articles on data privacy point out that users freely give up their information to access free services. They are often cast as the victims, not facilitators, of data monetisation.

Treating people as passive observers of their data is dangerous. We see its effects through fake news, which proliferates because people do not realise or accept their responsibilities when distributing information across digital channels. One upside of the pandemic is that it has forced some reflection and good habits regarding what information we spread, not to mention laws to enforce responsibility. The fight against cybercrime would benefit from similar levels of reflection and good habits.

Cybersecurity
technologies aren’t
sufficient... Only
vigilant humans can
counter
[ cybercrime ]

We've grown comfortable with a world that offers online banking, easy communications and real-time feedback such as from your smartwatch during a jog. All that is in danger because of cybercrime.

It's not possible to overstate the cybercrime threat. Statistics compiled by information aggregation site Comparitech hint at its scale:

• In 2020 there was one successful cyberattack every 1.12 seconds, up from one attack every 39 seconds in 2007 - and these are just attacks we know about;

• 87% of companies surveyed in 2021 had experienced a successful cyberattack; and

• 83.7% of South African companies surveyed had experienced a successful cyberattack in 2019 - yet that only ranks us 12th in the world.

It's all but certain that the attacks involved a user doing something wrong. They were likely conned by a phishing attack, which uses fake e-mails to hoodwink users into clicking on a dangerous link or opening a poisoned attachment. Criminals use that to expand their operations inside a victim's system.

Forget the Hollywood image of a hacker typing away furiously against a countdown timer while people on the other side try to hunt them down. In most situations, the bad guys are in systems for months and are often only spotted because they made themselves known - intentionally or by chance. At that point, it's too late to stop them. And it could have started a long time ago through one employee's oversight.

Technology can't save us from cybercrime. Cybersecurity technologies and services are essential but aren't sufficient to stop highly motivated humans. Only vigilant, skilled and equally motivated humans can counter them. If loose lips sink ships, then ignorance causes breaches.

Here's the question: if people placed the same priority on cybercrime as they do on the actions of Facebook and co, would that make the digital world safer? Without a doubt. Spotting a phishing e-mail is not that hard. Most attempts are broad and impersonal. You might get "urgent" correspondence from a financial service you don't bank at or receive proof of payment for a service you didn't provide. Often these e-mails provide some incentive, such as unexpected financial windfalls.

Others will urge you with scare tactics, such as debt collection or unique treatments for Covid-19. There are more professionally crafted phishing e-mails and attempts that are much harder to spot. But the average cybercriminal doesn't need to be that sophisticated because users are often not vigilant enough. Our lack of attention and diligence is the number one reason why cyberattacks are so successful. Yet, we clearly can rise to the challenge if we can appreciate the threat: look at masks, sanitisation and social distancing.

The same applies to cybersecurity:

• Have good passwords - and preferably a password manager;

• Use two-factor authentication;

• Ignore strange e-mails;

• Be very careful to whom you provide personal details; and

• Don't install software without making sure it's legit. A simple Google search can reveal if you're dealing with a scam or not.

Our society spends considerable energy and information bandwidth to scrutinise and criticise the social media giants. But we do this without holding users accountable. This lack of accountability translates into poor security habits. We already saw that effect through fake news: people don't seem to appreciate the responsibilities that come with digital. Treating people only as digital consumers - and not collaborators or enablers of digital - makes it easier for cybercriminals to thrive.

Facebook, Amazon, Google and co deserve scrutiny and regulation. But blaming Facebook without holding its users to higher standards encourages a digital consumer who doesn't know they should close the barn door behind them. Then, when someone steals all the animals, we blame the barn door, the barn manufacturer, the farm, the animals - everyone except the person who didn't pay attention.

Perhaps a better question is: has our "new world" digital social construct, especially during Covid-19 restrictions, compounded our need to participate at any cost? Consider the apps installed on your phone: we would never hand an unlocked phone to a stranger yet we feel the necessity to give apps full access to our location, camera, photos, contacts and microphone indefinitely - just to be able to use the app. Our very behaviour puts us closer to the risks of cybercrime.

More responsible users make cybercriminals' lives harder. But if we keep blaming Facebook and cast its users as victims, not enablers, we'll not get ahead of the bad guys. Always remember, if the service is free, you're the product.

• Kotze is chief development officer at Performanta

Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.

Comment icon
Sign UpLog In

Please read our Comment Policy before commenting.

Editor’s Choice

1

‘I’ll take the flak on Senzo Mchunu’: Ramaphosa

2

HOGARTH | Comrades at cross-purposes

3

MAKHUDU SEFARA | Police power and political patronage put wrong people in uniform

4

‘Emoji judge’ Mbenenge returns to work after probe finds court secretary Mengo lied

5

PETER BRUCE | Expel Israeli, but then cocktails with Iran?

Related Articles