To be able to exist as a digital society, nations must have solid cybersecurity protection. Considering how much time each person spends on the internet, it is of great importance to have a stable security framework and ensure safe usage of digital services. With the rising number of various online cybersecurity attacks, more and more questions arise. How can we prevent these attacks? How do data breaches happen? What can we do in these situations?
In discussing the 2021 data breaches with Aviel Tzarfaty, a cybersecurity expert with years of experience in the industry as an Ethical Hacker, now a Program Manager at Cybint Solutions, and a Senior Consultant for Fortune500 companies, we touched on the regulatory side of data breaches, case studies from the current news, and why cybersecurity is important, now more than ever.
According to Kaspersky, a leading global cybersecurity company that specializes in providing security solutions and services to tackle the threats, “cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security.” This can be used in many contexts, and also divided into a few systemized categories. Looking at the National Cyber Security Index, measuring the protection capacities that are implemented by the central governments, Lithuania is ranked #4 out of 160 countries. Even though Lithuania is at the top of this field, the country is still in need of well-equipped, knowledgeable specialists who can help build a stronger force in the industry. Recognizing the growing demand in cybersecurity, LCC International University has become the first educational institution in Europe, and the first one in the region, to have partnered with a bootcamp provider, Cybint Solutions. Cybint is a global cyber education company with a commitment to reskilling the workforce and upskilling the industry in cybersecurity, applying innovative and leading-edge education, and training solutions. This bootcamp will cover hands-on and practical skills to successfully prepare students to become specialists and help land high-paying careers in one of the fastest-growing industries.
What exactly is a data breach? An intentional or sometimes unintentional release of confidential information to an unauthorized party can be identified as a data breach. The victims of a data breach can vary from an individual person to a large, worldwide company, organization, and even government. But what usually causes the breaches? According to the IBM Cybersecurity Intelligence Department, “Human error is the main cause of averagely 95% of cybersecurity breaches. In other words, if human error was somehow eliminated entirely, 19 out of 20 cyber breaches may not have taken place at all.” This means that if there is a possibility to remove human errors from this equation, we would only have 5% of cybersecurity incidents. “As cybersecurity experts, we must ensure that people do not make mistakes. It is mostly about working together with your team to mitigate and avoid human-related errors,” said Aviel Tzarfaty, a Program Manager at Cybint Solutions. Until 2018, it was unclear who was responsible for most data breaches in Europe, as it involves a huge database, and it needed to be validated by forensic and cybersecurity experts. It was basically an ideal space for some companies to benefit from the "perfect crime."
Later, as the need grew for better cybersecurity, the European Union implemented a General Data Protection Regulation (GDPR) law on data protection and privacy in the European Union and the European Economic Area. This regulation provides core data protection: data processing, by using only necessary information, data protection from unauthorized access, the right to receive a copy of your personal data and demand to erase it if needed, and the right to report a data breach within 72 hours. After the regulation was passed, the cybersecurity talent shortage seemed to increase and the demand for qualified information security specialists grew even higher. “To provide proper security we cannot be aligned with the industry, but we must be ahead of it,” added Aviel.
To tackle cybersecurity threats it is important to understand what information is the most important to hackers. Hackers usually seize a chance to manipulate people, because it is simply easier to manipulate them instead of software. “Hackers can 'hack' someone in about 10 minutes and easily have them open a malware program. It would take much longer to analyze software and find how to inject the malware into the software,” commented the former ethical hacker. The usually highlighted hacks are divided into three categories: the bad, the worst, and the obvious. The easiest way to leverage someone’s information and use it for a greater reach is by gathering their full name, home address, and location history. Other risky data collection comes from gathering people’s email addresses, phone numbers, and bank account details. Although many understand how sensitive and important this data is, somewhat unconsciously we let it hang around the surface of the internet, where it can be easily exposed by hackers. Lastly, information collected is from credit card details, credentials, and even confidential business information. This type of information is what hackers are looking for in the first place in the planned attacks on organizations or companies. The scale of cyberattacks varies, and every year hackers introduce us to new, modern ways to hack information from society.
One of the most recent data breaches in Lithuania has already been echoed around the world. In February 2021, almost 4% of the Lithuanian population was affected by the attack on the car-sharing service, Citybee. Cybercriminals shared over 100,000 users’ sensitive data, which included personal identification numbers, telephone numbers, e-mail, home addresses, driver's license numbers, and encrypted passwords. The interesting part is that the hacker gathered the data approximately three years ago, in 2018. The attacker had been holding on to that information and waiting for perfect timing to release it. “The hacker was investigating the website and saw a prospective medium to launch a cyberattack, a so-called ‘cloud’ that allows everyone to access the data. It was not secure, so the hacker had full access to all the information,” noted Aviel. Such a situation is an example of an absolute human error that could have been avoided and prevented with proper GDPR enforcement and reassurance from cybersecurity experts.
In many cases, cybersecurity attacks cannot be patched up simply by changing passwords, emails, and other personal data. The effects and consequences can bring long-lasting issues for finances, reputation, morale damage, or even result in identity theft for individuals. It is essential to investigate your data from time to time and check whether it has been exposed or compromised in any way. No security plan is perfect, and most likely will not provide 100% security over the years, but educating yourself, utilizing software updates, high-grade encryption, and strong authentication can be the baby steps to achieving a safer and more secure presence in the digital world. As the security programs evolve and cybersecurity specialists become more qualified, society will have a higher chance of liberation from cyberattacks.