2016: The year cybersecurity hit home

From encryption to large scale hackings, there's no avoiding the topic

2016: The year cybersecurity hit home

[Wikipedia Commons]

2016 has been an interesting year on many fronts. It’ll be known as the year of Brexit, the year of Trump and, in many ways, the year of cybersecurity.

These types of attacks have, of course, been happening for many years now, but a series of events took place, which led to cybersecurity being firmly placed in the minds of many.

On February 9th 2016, the FBI announced it was unable to access an iPhone 5C belonging to one of the gunmen involved in the 2015 San Bernardino attack. The FBI requested that Apple work with them to gain access to the phone. 

This sparked a vast debate, with very passionate arguments on both sides. Those on the side of the FBI claimed that this was a matter of national security and that Apple would be negligent if they opted against cooperating with the FBI. Apple stated that to do so would compromise personal secuirty and would have detramental effect down the line. 

What’s most worrying about this case was that the FBI managed to access the phone, without the help of Apple. An unknown source came forward to point out a loophole to the FBI. This loophole gave them the access they needed to complete their investigation.

Apple immediately took steps to close that loophole, but this story was the catalyst for a global conversation on encryption. 

Even the least technically savvy smartphone users began to look at their own privacy settings on their devices and accounts.

Shortly after this case died down, WhatsApp announced it was introducing end to end encryption. This required quite a bit of explaining as many questioned what level of security had been in place up to that point.

The end to end encryption on WhatsApp ensures that nobody can access messages sent on via the service, apart from the parties involved in any one conversation. 

This means, for example, should the FBI or, indeed any policing body, need to access a WhatsApp users account they would be unable to see details of any messages sent. This gives users piece of mind that their info is secure.

While neither of these stories impact the day to day of us, the consumer, 2016 also saw an incredible number of phishing attacks.

Phishing is the term for online identity theft and fraud. Those behind the attacks seek to obtain the personal information of their victims, such as passwords, bank account information and credit card details by sending a spoof electronic communication from what looks like a legitimate source.

Emails, appearing to be from banks, service providers or friends, have circulated. The email requires the receiver to click on the link within to execute an action. Very often this involves handing over important details, such as bank numbers, passwords or contact information.

These scams have become very sophisticated this year. One of the most recent scams we saw involved WhatsApp and Daft.ie. The sophisticated scam entails the criminals using the landlord's phone numbers, featured within property ads, to pose as Daft.ie staff via WhatsApp. The landlords are sent a link to a website, featuring an old Daft logo, and asked to enter a number of personal details. This then allows the criminals to edit the ads and target potential renters.

Details of an attack on Yahoo, which compromised the accounts of millions of users, emerged. This also heightened people’s awareness of cyber-attacks and hacks, but it’s all about what we do with that fear that matters. 

What to do:

We as consumers must do as much as we can to protect ourselves, and our data.

Passwords are important. Try to change your passwords often and avoid generics, such as Password123. Don’t share your password with anyone, and if you have to, change it again at the earliest possible opportunity.

Keep an eye out for phishing email scams. There are certain telltale signs that should help you. 

These systems are becoming more sophisticated but there's a few simple things you can do to ensure you and your data stay safe.

  • Look for urgency: If the email states urgent action is required to verify your details or process a refund, do not act. Chances are it’s a phishing expedition.
  • Company info: Many of these phishing attempts involve criminals posing as a well-known company or bank. Always check the sender’s email address. Look at any logos within the email and hover your mouse over any link within the email (don’t click on it); this may show a falsified website. If it doesn’t look legit, bin it.
  • Spelling: Watch out for appalling typos or sentences that just don’t make sense. We often scan emails rather than reading them fully so if you are suspicious - take a moment or two to read the entire email. If you spot something that dodgy, bin it.
  • Verify: If you are still unsure about the legitimacy of an email, call the provider and explain your situation. This may take a few minutes out of your day, but it’s better than losing money to a phishing scam.

This article comes with thanks to the the Energia Hub