By | Abhijit Bhaduri | Founder, Abhijit Bhaduri & Associate
The cyber security industry has evolved over the years. Consumers now understand that being reactive (after you have been hacked) to being proactive is a much better approach. Despite that awareness, the human being remains the weakest link in the security chain. That is why you need threat intelligence or is there something else?
Humans are the weakest link
Employees routinely share passwords with colleagues. And use the same passwords that they have used for their personal browsing. With most organizations implementing a bring your own device policy, the blurring of lines between office work/ device and personal is increasingly hazy. It is also one more reason for organizations to get wary of the risks the employees could pose unwittingly.
Then there are disgruntled employees who put the company’s trade secrets, documents and sensitive information online. “Data brokers” often acquire databases of individuals for a laughable rate and is shows up in the dark web. To get a database of 100,000 people in Bangalore, Hyderabad and Delhi the cost is less than Rs15,000.
Surface web, deep web, dark web
Cybersecurity has moved from being reactive to being proactive. The name of the game is “threat intelligence”. Companies used to employ individuals who would monitor the web: Surface Web (the web you access through Google), Deep Web (eg information in libraries and government servers) and Dark Web (found on the TOR network, an anonymous Internet that can be accessed by anyone using a special TOR browser). The Deep Web is at least 400-500 times the size of the Surface Web. The Dark Web is several times bigger than the Deep Web.
Human beings are irrational. When it comes to choosing convenience over data security, we inevitably ask for convenience. So we save our passwords in our browsers, credit card information on our phone and do much worse. We click on irresistible offers from unknown sources and share bank details on the phone with strangers who claim to have the last four digits of your credit card. When that information gets hacked, it rapidly changes hands just like currency note. There is a high chance that your email and password is doing the rounds of the Dark Web.
Your email and password is available
Cloudsek is a company that uses Artificial Intelligence to crawl the Dark Web and provide “threat intelligence” to its customers. Rahul Sasi, the co-founder and CTO of Cloudsek demonstrates this. He asks me for my personal email id. And within seconds tells me a password I had used to access Dropbox. More than 68,680,700 Dropbox had been hacked in 2012. My email was one of them, I knew that. But when someone tells you the password within seconds, it has a different impact.
Banks and financial institutions use their services for managing threat intelligence. The C-suite is especially vulnerable to having their emails hacked. With that hackers can send damaging emails spreading falsehoods about the company. Imagine getting an email from your CEO asking you for some sensitive information to be emailed right away. That could be way that material gets to the dark web where it will be sold to the highest bidder.
If you want to know whether your email has been hacked, check it out here <click this>. Go and change the password to something complex and hard to remember. Write it down in a diary and stash it away. Sometimes an analog solution works better for a digital problem.