Happy Safer Internet Day to all those who celebrate! Cybersecurity experts from across the industry have weighed in on how we can use the internet in a safer way, both professionally and personally, in an age of increasing attacks and novel attack vectors. One thing’s for certain, our experts say that AI and deepfakes rule when it comes to internet worries in 2024. MFA and the importance of good password security continue to be a good place to start when it comes to online safety.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, says:
“Safer Internet Day aims to raise awareness of a safer and better internet for all. In an ever-changing digitally transforming world, Artificial Intelligence (AI) will be part of the work that the future workforce will come to do and ultimately will form part of our everyday lives.
“As well as learning to harness its benefits, users must be aware of its risks and learn how to mitigate them. For instance, as AI becomes more sophisticated, it can be used by bad actors to endanger internet users.
“Regulators around the world are taking initiative to establish new rules towards this direction (e.g. from the US, to the EU and UK), designing laws to safeguard users from malicious and illegal content. It’s encouraging that governments are on the front-foot when it comes to keeping the internet safe, but legislation can only go so far – we need qualified and experienced people to implement the regulatory changes. Businesses must equip their staff with training and skills to use, manage and understand data to avoid being caught breaking the law. This way, users can feel empowered to use the internet in a safer way, now and in the future.”
Nick Rago, Field CTO of Salt Security, says:
“As digitalisation creeps into nearly every aspect of our lives, the way we access things like financial, educational or medical services, shop for goods or carry out our daily jobs has been changed irrevocably by the internet. And at the heart of making sure these systems can talk to each other, access pertinent information or carry out transactions smoothly are Application Programming Interfaces (APIs). The proverbial building blocks of the modern internet, API usage has exploded in recent years, with some experts even suggesting the API market will grow more than the entire UK economy by 2027.
This Safer Internet Day, organisations should be reminded that attackers are increasingly seeking to leverage insecurities in APIs to breach databases, steal information and cause considerable financial ramifications by abusing APIs. As such a crucial part of what makes up the internet and how we use it, businesses looking to innovate by digitising services and internal processes need to assess the risk that is posed by APIs and ensure they are properly governed.”
Darren Guccione, CEO and Co-Founder of Keeper Security, adds:
“A fundamentally “safe” internet is simply not feasible with the barrage of threats that individuals and organizations face in today’s world. In a new study by Keeper Security, 92% of IT security leader respondents reveal that cyberattacks are more frequent now than one year ago- and growing more sophisticated. AI-powered attacks, deepfakes, cloud jacking and fileless attacks topped the list for the emerging attack vectors they feel least equipped to defend against.
Although the internet itself will always pose risks, organizations can be safe online by developing a proactive approach to cybersecurity, combining advanced defense mechanisms and basic best practices to mitigate and fight existing attack vectors and burgeoning threats. Specific steps include:
- Leveraging strong, unique passwords for every account and enabling strong multi-factor authentication (MFA). Stolen credentials have long been a leading cause of breaches and cyberattacks. It is essential to use a password manager to create high-strength random passwords for every website, application and system.
- Exercising an abundance of caution when it comes to opening email attachments and clicking on hyperlinks. Bad actors are increasingly using generative AI to create realistic phishing emails and URLs for spoofed websites and generating variants as fast as they can to circumvent spam detectors.
- Deploying a Privileged Access Management (PAM) solution. PAM helps IT administrators and security personnel manage and secure privileged credentials, and ensure least privilege access. This, combined with tightly monitored access and activity, can greatly reduce cyber risks. In the event a cybercriminal is able to gain access to an organization’s networks, PAM can minimize the blast radius by preventing lateral movement.”
Camellia Chan, CEO & co-founder, Flexxon:
“On Safer Internet Day, it’s vital to understand the transformative changes in technology and how this impacts online safety. In particular, generative AI tools such as ChatGPT, DALL-E and Bard have risen in popularity and become ingrained in everyday life. However, while they’ve boosted creativity and productivity, they haven’t simply been adopted by those with good intentions.
Gen AI tools have lowered the bar for cybercriminals considerably. You don’t need to be an expert technical coder or a wordsmith to produce authentic looking phishing emails. In fact, a ChatGPT-type tool for cybercriminals – WormGPT – exists, meaning criminals can execute campaigns simply and cheaply.
Consequently, people have to be even more vigilant of possible dodgy emails as the traditional red flags to look out for – misspellings and poor grammar – aren’t there. Harder to recognise phishing emails means more businesses falling victim to cyberattacks like ransomware, so they must look to expand cybersecurity postures to include hardware security. That way, when the human defence line inevitably fails and advanced attacks make their way past software-based solutions, data is protected from the very ground up.”
Steve Bradford, Senior Vice President EMEA, SailPoint, says:
“Safer Internet Day serves as a reminder to all of us – young, old, students, experts, employees – to stay vigilant online. Cyber criminals are becoming more sophisticated, leveraging AI to impersonate trusted figures through phishing or deepfakes, and making bogus websites or emails appear even more convincing.
A tip for staying safe on the internet is placing equal importance on your digital identity as your in-person one – you wouldn’t hand over sensitive information to a stranger, so the same ethos should be applied online.
Always consider ways to digital padlock your account and look over any online interaction with a sceptical eye. Processes like multi-factor authentication, one-time passcodes from banks to authorise larger transactions, and complex login passwords unique for every account are all crucial to maintain identity security.
Additionally, on an enterprise level, businesses need to train staff to recognise suspicious or out of the ordinary requests. So, whether it’s in or out of the office, on email or on social media sites, we’re always exercising best practice and staying alert to cyber threats.”
Niall McConachie, regional director (UK & Ireland) at Yubico, says:
“Safer Internet Day is an ideal opportunity to raise awareness around the need for better cybersecurity practices. According to a 2023 survey conducted by Yubico and OnePoll, Gen Z has adopted worse cyber habits than Boomers, which puts their online accounts at significant risk of cyber attacks. Despite this, the survey found that 90 percent of Gen Z respondents are concerned with the cybersecurity of their online accounts, and while improved awareness is a great first step, change is needed to stay secure from increasing cyber attacks like phishing.
The first step is improving basic cyber hygiene practices – for example, the survey found that Gen Z is more likely to use the same password for multiple accounts compared to Boomers. Although policies requiring passwords to become increasingly complex and more frequently updated have demanded more from users’ time and memory, simple passwords are easily guessed. Once a password is stolen, cybercriminals can successfully bypass other login methods, such as a code sent by text message. One effective way to address this is with modern passwordless technology, such as phishing-resistant hardware-based passkey authentication like security keys.
More often than not, Gen Z can adapt easily to new technology, meaning technology such as hardware security keys could be a great leap forwards for ensuring safety while online. Unlike passwords, passkeys are physically stored on users’ devices such as phones, computers or security keys and can’t be intercepted or stolen by remote attackers. This Safer Internet Day sheds light on the ineffectiveness of passwords, and how more platforms and services should enable passkeys to create a safe and secure internet for all.”
Christopher Budd, director, threat research at Sophos, says: “It’s also important to remember the power of ‘no.’ The best way to protect your data and information is to not give it away in the first place. Just because a site asks you for your birthday, for instance, doesn’t mean they need it, or they’re entitled to it. If a site or service doesn’t have your information, they can’t lose it or accidently disclose it.”
Alex Laurie, SVP at Ping Identity, concludes: “The internet is a double-edged sword. It offers convenience, productivity, accessibility and worldwide scale, while criminals leverage it to launch cyber attacks on individuals and businesses alike, aimed at stealing personal information for financial gain. Safer Internet Day serves as a reminder to be vigilant about what and how digital identity data is shared, collected and stored, especially given the increasing prevalence of artificial intelligence (AI) tools.
“The day also underscores the value of relying on authentication methods that provide more security and convenience – like passwordless and Multi-Factor Authentication (MFA) when accessing information online. In fact, 50% of consumers say MFA makes them feel better about the service they are using, and 65% would switch to a comparable brand if it offered passwordless authentication. It’s never been easier for businesses to meet consumer demands while making the internet a safer place.”
The post Safer Internet Day: Cybersecurity Experts Weigh In first appeared on IT Security Guru.
The post Safer Internet Day: Cybersecurity Experts Weigh In appeared first on IT Security Guru.