Cyber Attacks – A threat that is here to stay

Cyber security
Opinion by Ayman El Hajjar

With the exponential growth of Internet users in the last ten years comes two potential problems that organisations and individuals connected to the web need to be aware of; privacy and cyber security.

Gone are the days where the Internet was simply a static encyclopedia that students used to research information.

The Internet is now a far more sophisticated environment that can learn your habits, understand your needs, identify your friends, know how much money you have, where you work, what your hobbies are and what your favourite take away is.

Intellectual property is a bit of a grey area and is disputed.

Legally speaking, you are the owner of your data regardless of where it is uploaded.

Once you upload anything online, it is very difficult to remove and can be seen by anyone on social media if your account is not well protected.

Furthermore, social media posts are usually crawled by search engine crawlers.

This makes it possible for anyone to find those photos by simply searching for your name, hence making it accessible to your employer, potential employer or lecturers at your university.

Recruitment in the modern day can commonly involve online searches that potential employers do to learn about the candidate.

This can affect a student’s marketability even after their studies. There are quite a few legal cases that proved that it is very difficult to remove personal data from the Internet.

Several things can be done when online to secure your data and your digital presence.

The most important of them is to be vigilant and aware of what you are sharing on the Internet and with whom. A well-known method to steal your data, known as phishing, relies on either human curiosity or a reward.

An email that promises the receiver a prize if they visit a website, no matter how genuine it sounds, can simply be a malicious link that opens a port into your computer for a continuous thread of communication.

Another important security measure that often gives people a sense of security is a password.

Most online services asks you to authenticate yourself and to check whether you are authorized to access this service using a username and password. One of the most important factors when looking at how we can secure our personal data online is to make sure our password is secure.

A password that is five characters long can be cracked in ten seconds regardless of how difficult it is to guess, however, by doubling this to ten characters, the amount of time it takes to crack can take as long as two thousand years as long as it is a combination of letters, numbers and symbols.

Higher Education institutions often have a complex network infrastructure that contains a lot of services, private data and data of intellectual properties materials such as research.

Students in most universities access all those offered services and resources (VLE, library portal, email, cloud drives, etc) using the same credentials.

This can be beneficial to students as they only need to remember one account detail, but it is a risky method that perhaps needs to be re-assessed.

If the account gets compromised, all the student’s materials and data are now in the hand of a hacker.

I was doing a penetration testing job for a small company that prides itself in being secure and having a very small digital footprint.

At first, I couldn’t find much information as the company did not have a strong digital presence until I found a post in a world of warcraft forum that the company director was active in.

A bit more digging revealed that he liked this game, he talked about how many kids he has and how old they are.

That was enough for me to create a dictionary of potential passwords that combined his name, his children’s names and a mix of all their potential dates of birth in every single combination.

In less than an hour after reading this post, I was accessing his email and his computer remotely by resetting TeamViewer.

It is essential to keep on raising awareness of cyber security threats for students in Higher Education.

This month at the University of Westminster and in collaboration with Tech Force, a cyber security event was held with Mike Jones who is a former hacker for Anonymous and Thomas Ryan, a security expert.

The talk was interesting and students demonstrated a good understanding of cyber security threats being made online and what those threats mean for their privacy as well as how to mitigate them.

Students were able to ask questions to the panel about how to succeed in the field of cyber security, how to get involved further and how to continue staying protected in an ever-advancing field.

Cyber security threats are going to keep growing in the future with more connected devices that share personal information joining the Internet.

We will also rely more on Internet services.  Higher Education will keep on being a target as it moves more towards digital learning.

For this reason, cyber security awareness and knowledge needs to be spread to university students and workers in order to provide an enhanced cyber secure environment.

Human error makes us the weakest link regardless of how secure a Higher Education digital environment is.

Basic security can be achieved by taking simple measures and by being more vigilant about your digital presence and activities.

Higher Education institutions are now taking more interest in Cyber security courses.

At Westminster, we have an undergraduate course that specialises in network security and a postgraduate course in cyber security and forensics.

This is promising as it prepares the younger generation to take on jobs that mitigate threats and risks that organisations, Higher Education institutions and governments will face in the future.

Ayman El Hajjar is a Senior Lecturer in Cyber security at the University of Westminster.