By Fred Mitchell, Security Business Unit Manager at Drive Control Corporation
Cybercrime has become a global epidemic, affecting Internet users the world over and increasingly in Africa as connectivity on the continent becomes more available and affordable. While there are many benefits to being online, there can also be pitfalls in the form of cyber threats, and Internet users need to know how to protect themselves, their computers and their personal information from harm. Ensuring that your antivirus and protection solution is genuine is the first step in preventing yourself from falling victim to the attentions of cyber criminals.
Online banking and shopping, social media and applications are all becoming ever more accessible to the African market. However as more users on the continent get connected and join the online community, they are becoming attractive targets for cyber criminals. The efforts of these criminals is increasingly being focussed on harvesting personal information such as email addresses and passwords, user names and log-in details for websites, and even banking and credit card information. This data is then sold by the hackers to the cybercrime underworld, where the information is used to steal identities and money.
While cyber crime, identity and data theft are not new phenomena, the methods used to gain access to this information are constantly evolving as criminals attempt to find ways around people’s defences and security solutions. Since the explosion of social media there has been a rise in cybercriminals using social engineering techniques to get users to reveal personal or financial information.
Social engineering is also increasingly being used to trick users into installing fake antivirus, known as or rogueware, taking advantage of a growing awareness of the need for security alongside a market that is unaware of which products are genuine and where the dangers lie with rogueware. For example Internet users may be presented with a pop-up window claiming that their PC is infected. They are then deceived into installing a software program that appears to be a genuine antivirus application.
Because the user has ultimately made the decision to run the program, traditional antivirus techniques may be less effective at blocking these types of threat. It is important for users to be aware of this threat and arm themselves with a genuine solution that includes both cloud-based reputation analysis and disk-based behavioural detection. These tools will help counter new cybercrime techniques and ensure you are protected against the very latest, new and unknown threats. Education is also key in ensuring that Internet novices in emerging markets such as Africa are aware of the benefits, but also the potential pitfalls of going online.
Employing a multi-layered approach is critical because cybercriminals employ a variety of different tactics. These include spyware, viruses, email phishing attacks, drive-by downloads and web exploits as well as fake antivirus and online scams. Security and protection suites should incorporate antivirus signature databases to detect and block known threats, as well as the cloud to analyse and determine multiple new threats. For those threats which are brand new, also known as zero-day threats, advanced protection is required. Behavioural protection watches and analyses the actions of a particular file and then blocks and rolls-back any actions it has taken once it can be determined that the file is a threat.
Cybercriminals constantly change their methods of attack, but there is always the possibility that they may use old and existing methods of attack. This requires the standard protection devices such as antivirus, antispam, firewalls and so on along with the sophisticated new tools available. Protecting yourself from attacks in this multitude of guises requires different layers and types of protection to ensure that the most effective protection is deployed to counter specific types of attack.
When it comes to protecting yourself from cyber threats, there are three key rules to stick by. Firstly, make sure you are using genuine software on your computer. Your operating system must be authentic, as should all other applications, and these must be kept up to date. Secondly, you need to have some form of genuine, comprehensive security application installed. This means antivirus and antispyware, a firewall, and web protection from a reputable software developer. Generally anything you can download for free off the Internet is not going to adequately protect you, and in the case of rogueware will actually cause harm.
Finally, it is up to every Internet user to educate themselves of the dangers and to remain vigilant to threats. The Internet can be a fantastic resource if you use common sense. Be aware of the common ways cyber criminals will try and steal your information. Don’t click on links that ask for personal information, that request a username and password, or that claim to need your banking information or PIN numbers. Don’t click on links or open attachments in emails from people you do not know or trust.
Remember, as a general rule of thumb, if you are offered anything, from a prize to cash to a job, and it seems too good to be true, it probably is.