Information is a good or a product that can be sold, and cybercriminals know this.
Hacking or information theft is an entire industry. The benefits cybercriminals reap range from proving themselves –their skill in circumventing the technological security of companies and governments– to making an economic profit by selling your data, or even through activism. We explain what network security is and why we should invest in it.
Specialists from the World Economic Forum say that there’s been an increase in cyberattacks due to the arrival of the Covid-19 pandemic and the use of the internet to keep in touch.
They estimate that social engineering methods are implemented in the vast majority of cyberattacks, in approximately 98% of cases, so we’re all more vulnerable.
For example, more than half of the organizations in Mexico were victims of cyberattacks.
This is more than double the number of people affected in Brazil (22%), South Africa, and Japan (23% each), according to a study by Sophos, a British security software and hardware company.
Hence the importance of network security, which is something perhaps not given enough importance or sufficient investment. This is especially true in Mexico, according to Leonardo García, app developer and columnist on topics to do with information technology and social media.
People know him as Leo García on Twitter, where he dedicates himself to raising awareness about how vulnerable we are to cyberattacks. In an interview for Tec Review, he describes network security as making use of technologies and private messaging while, at the same time, not exposing the integrity of your personal information.
Also, there should be a certain level of privacy to this information in communication and the flow of information, so that it isn’t exposed to a malicious attack.
“Network security encompasses identity management, security credentials, such as our password, as well as two-factor security tools and biometric information, which are data inherent to the person or user. These are all the elements that can make our contact with the internet safer,” he says.
Simply put, network insecurity is that weakness or flaw that can be exploited by a malicious actor to perform unauthorized actions within a computer system.
Leo Garcia explains that hacking or information theft is an industry and, as such, has its own black market. Governments in some countries have already taken network security so seriously that they classify it as part of their national security.
“Information is a good, a product that can be sold and that is very valuable. That’s one of the cornerstones of information technologies,” he says.
When groups of hackers manage to prove that they’ve breached a bank or a company, they can gain the attention of a government, which then recruits them to become part of their intelligence community.
There are other cases in which companies are forced to pay for the information that was stolen in order to operate again, as was the case in the United States with Colonial Pipeline, the cyberattack on the largest pipeline network in that country.
In the end, the company acknowledged that a security breach had halted its operations and affected its computer systems.
“It wasn’t so much a question of the information that was stolen from the pipeline, but what they were going to do with the pipeline information,” the expert says.
García explains that there are platforms dedicated to buying cybersecurity flaws, such as Zerodium, created by cybersecurity experts in order to establish a community of researchers in this sector, to provide cybersecurity services to companies.
“There are a lot of eyes looking at flaws in institutions, which are at the same time dedicated to exploring them,” he says.
He adds that in the case of Pegasus, the creators realized that it could’ve arisen from three security flaws in Apple devices.
The Israel-based NSO Group managed to divert the cybersecurity community’s attention despite operating for more than five years, developing and selling mobile phone surveillance software to governments around the world.
It wasn’t until August 2016 that The Citizen Lab reported the existence of malware.
“This flaw at Apple lasted between five and six years and was exploited by NSO. Apple only solved it through updates,” Garcia says.
Not just companies, but human rights defenders and journalists are also vulnerable. We can all fall victim to a scam, deception, or information theft.
We fall for them because they know our fears, the things we’re interested in, or the things that we often do. This is called social engineering.
Leo García explains that users can fall for a ruse with the theft of information through sophisticated tools such as Pegasus. Those pretending to be banks can be the most aggressive, making people believe they’re entering their bank’s website, and the victims end up giving up all their information to be stolen.
“This is nothing elaborate. They just know what right message to send to hook people and get them to hand over their data. Here, the trick is that they know how to present it so that people give away their information,” he explains.