New Delhi: From Cambridge Analytica to Marriott Starwood hotels leaking user data that hit millions of users, serious data breaches have highlighted the importance of protecting personal data from time to time.
Cambridge Analytica had 5,000 data points on every American — invisible information that was not visible to anyone except the data scientists at the British political consultancy firm.
Last month, Google removed seven stalker apps that were available on its Play Store as apps for children’s safety or finding stolen phones but were being used to stalk employees, romantic partners or kids.
The apps were able to track the surveilled person’s location, collect their contacts, SMS and call history.
This year hasn’t been any better as the use of malware designed to harvest consumers digital data, known as password stealers, grew 60 per cent in the first half of the year, thus, affecting a large number of users in India, according to cybersecurity firm Kaspersky.
Most frequently, the malware has targeted users in India, Brazil, Germany, Russia and the US. The number of users, targeted by the stealers, peaked from less than 600,000 in the first half of 2018 to over 940,000 during the same period this year.
Password Stealing Ware (PSW) is a major weapon in the cybercriminals’ toolkit to sabotage users’ privacy.
A recent survey called “7 uncomfortable truths of cybersecurity” by global cybersecurity major Sophos stated 76 per cent of Indian businesses were hit by cyberattacks in 2019.
On an average, Indian organisations that investigate one or more potential security incidents each month spend 48 days a year, or four days a month, investigating them.
So how do you safeguard yourself from the danger of data breaches and hacking?
According to Sunil Sharma, Managing Director-Sales, India and Saarc, Sophos, a single network breach often leads to the compromise of multiple computers. So the faster you can stop the infection from spreading the more you limit the damage and time needed to clean it up.
“Businesses must learn to extract value from and utilise data at a deeper level. They need to also recognise that transparency builds trust. Today, it is critical to communicate clearly and honestly with customers about what happens with their data,” Sharma told IANS.
One way of finding out if your email id has been hacked is to run a search using Have I Been Pwned or HIBP.
“If your email address was found in a breach where passwords were also stolen, such as the massive LinkedIn breach in 2012, then change your password for that site, if you haven’t already,” Sharma said.
“Of course, the sooner you change your password the better. If you’re changing your password now for a breach that happened in 2012, you have to expect that most of the damage has already been done (you should still change it though),” he added.
Notably, it is not only the email user information that gets compromised. Cybersecurity firm Kaspersky in July uncovered new encryption ransomware named “Sodin” which exploits a recently discovered Windows vulnerability to get elevated privileges in an infected system.
The ransomware takes advantage of the architecture of the central processing unit (CPU) to avoid detection – functionality that is not often seen in ransomware.
The firm found that most targets of “Sodin” ransomware were found in the Asian region: 17.6 per cent of attacks have been detected in Taiwan, 9.8 per cent in Hong Kong and 8.8 per cent in the Republic of Korea.
As early as last month, when “photo-morphing” application FaceApp was courting controversy, a fake app designed to trick users into thinking it is a certified version of FaceApp was found infecting users’ devices with an adware module called “MobiDash”, Kaspersky had said.
Hackers often use phishing techniques to steal your information. The goal of phishing is to trick the recipient of a malicious email into opening and engaging with it.
So always be careful before clicking on a link, and also while downloading an app. And do not forget to keep your passwords secret. In fact, security researchers advise that it is better to use different passwords for different services.
But all these measures also may not guarantee full security as bad actors get smarter by the day. The trick to stay safer is to find a way to know as soon as you are attacked and take remedial measures.