91 percent of cyber attacks exploit humans as weak points, only 9 percent target technological gaps. These surprising figures were presented by Reza Mehman, Chief Innovation Officer at Virtual Forge, in his webinar "Cybersecurity in Transition". The IT security expert cited the good faith of many IT users as the main cause - and advised greater caution when using online services and the Internet.
The Target of Cyber Security is Constantly Shifting
Reza Mehman, responsible for the development of innovative initiatives and projects at Virtual Forge, made it clear at his well-attended webinar: "The more cyber security evolves, the more complex and difficult it becomes to get a grip on it". This is mainly due to the constant innovations in the areas of software and hardware products, mobile devices and IT trends such as Internet of Things (IoT) and cloud computing, which involve the risk of new vulnerabilities. Mehman summed up the core problem as follows: "The goal of cyber security is constantly shifting."
Practical experience has long shown that "what can be hacked will be hacked". Cyber criminals hijack access data for online services such as Twitter, Yahoo or Uber in order to obtain personal data or, in the worst case, bank or credit card information. They take advantage of smart home products such as the increasingly popular vacuum cleaning robots by hacking the installed film camera and spying on their victims' homes. This can be not only embarrassing for the residents, but also expensive - for example, if the information gained is used to plan a break-in. Not to mention the devastating consequences that hacking the systems of combat aircraft like the F-16 can have - by 2015, a US security expert should have succeeded in gaining control of the engines of a Boeing!
Identity Theft Widespread
"Although every IT user is hacked at some point, there are many who don't even notice it," Reza Mehman said as another important experience. One of the most common crimes is identity theft, i.e. the misuse of users' personal data, for example to order goods on someone else's account or to conclude contracts under a false name. Attacks with blackmailer software are also widespread, in which the data is encrypted on the victim's computer and only becomes freely accessible again after payment of a ransom. As a rule, the starting point for these attacks are phishing e-mails that deceptively imitate the design and tone of trustworthy institutions or company colleagues and friends. For example, users are lured to fake websites, such as those of banks or online services, or persuaded to open attachments with malware.
According to Mehman, this is exactly where the Achilles heel of cyber security lies: "Phishing works so well because people trust too much, even if they should not! Since in nine out of ten cases the human being and not the technology is exploited as a vulnerability, the human factor must be given greater consideration in future - especially since the development of suitable IT security technologies is being pushed ahead at full speed anyway. For example, the use of artificial intelligence (AI) and machine learning already makes it possible today to determine whether an unauthorized third party wants to access an online bank account - for example, because he types in the login information more quickly or presses the keyboard more firmly than the account holder.
Appeal to Common Sense
In order to get a better grip on the human weakness in the future, Reza Mehman appealed to the common sense of the users and gave the audience three recommendations for action:
- Question your IT usage intensively!
Instead of immediately clicking on links or attachments in incoming e-mails and possibly bringing malware into their homes, users should rather ask themselves whether they really need the information. Less is often more.
- Implement a basic security protection for your IT!
It gives you a reassuring feeling when your IT is secure. Therefore, users are well advised to protect their computer against intruders with anti-virus software and firewalls, for example. Virtual Forge's security products are ideal for SAP systems.
- Be a little "paranoid"!
If users receive an e-mail and are asked to confirm a transaction or make a bank transfer, it is advisable to pick up the phone more often to clarify whether the specified sender is actually correct.
Download webinar recording and get more details to "Cyber Security in Transition"!