India has transformed into a mobile-first economy. The ease of accessibility and cheaper data make these a primary source of entertainment. Given the transition to remote working, people are well accustomed to new technologies and are discovering different ways to stay connected. Recent incidents have shown the vulnerabilities individuals and business owners can witness if one is not cautious to protect their data and identity in the digital world.
In an email interaction with Augustin Kurian, Assistant Editor of CISO MAG, Ritesh Chopra, Director Sales and Field Marketing, India & SAARC Countries, NortonLifeLock, discuss the increasing cyberthreats given the current social apps scams making consumers vulnerable.
Chopra is responsible for developing and implementing strategies to drive the adoption of NortonLifelock products among consumers in the sub-continent. He champions NortonLifelock’s partner strategy in India and manages OEM/ISP and online channel relationships. Chopra also held the position of Country Manager until June 2018 before being promoted and has been with the company since 2012. With over 20 years of extensive experience in the technology sector, he is a sales and marketing strategist in India and Asia-Pacific regions. He has been recognized with Six Sigma qualification and has successfully conceptualized and implemented multi-tier channel loyalty programs in his previous role with Seagate, Singapore.
In the interview, Chopra has also provided insights on the growing usage of the dark web as well as key findings from the NortonLifeLock Digital Wellness Report.
Email addresses were the most common piece of PII shared with apps and were shared with 48% of the iOS apps and 44% of the Android apps analyzed. With the rise of the dark web, do you think better nationwide cybersecurity regulation can bring in a lot of difference?
Personally, Identifiable Information (PII) such as medical records, bank details, passwords, phone numbers, and email IDs are most targeted by cybercriminals. Cybersecurity regulations will certainly help in making a difference in how data is handled on the dark web. But consumers also need to be aware of the kind of data that is shared through apps. Certain apps can enable attackers to mine information from the device in the background, even without the user’s knowledge. Unlike desktop users, smartphone users cannot see the entire URL of the site they are visiting, which makes them vulnerable to phishing attacks. Such threats can be avoided, to an extent, by using strong passwords, avoiding using public WiFi, watching out for phishing emails, regularly backing up important data, and keeping all apps and operating systems up-to-date. Amidst the evolving cybersecurity landscape, it is imperative for individuals to invest in robust anti-theft device security to ensure digital safety.
COVID-19 changed the cybersecurity landscape. It is now even more important for companies to support the security of their workforce – regardless of geo-location or platform. With myriad compliance and regulations norms varying from country to country, how should a company ensure that best practices are in place across their offices globally?
The COVID-19 pandemic has changed the way we work; the concept of “remote working” is gaining popularity. While people seek opportunities that allow remote work, they must also equip themselves with cyber safety and data protection tools. There are some basic measures you can adopt to avoid falling prey to cyberattacks:
- Speak to your employer to understand the policies that help keep you, your co-workers, and the business safe.
- Always use the company’s tech toolbox, as it likely includes firewall and antivirus protection and security features like VPN and two-factor authentication.
- Beware of coronavirus-themed phishing emails used by cybercriminals. Immediately report such phishing attempts to your employer.
- Keep your VPN turned on, as it provides a secure link between employees and businesses by encrypting data. A VPN helps keep information secure from cybercriminals and competitors.
- While working remotely, it is important to understand that online safety is a shared responsibility that begins at the individual level.
As far as PCs are concerned, people are increasingly using paid software. They are even adopting security products for ‘Mac’ machines. But the mobile side continues to present a challenge. We are seeing people adopt VPN and mobile security products; however, it still appears to be a bit further away from what we would want it to be.
India witnessed several state-sponsored attacks during vaccine development. Even the vaccine makers are being targeted in nation-state attacks. What can the country and its cybersecurity divisions do to combat these threat vectors?
Scammers and cybercriminals have been exploiting the COVID-19 pandemic and, more recently, the ongoing vaccination drive, to create new hooks to lure victims. Although the authorities have been warning people to watch out for scams on such themes, there has been a huge increase in the number of phishing scams since the pandemic began. Cybercriminals are sending emails that appear to be sent by government agencies, employers, and other global health organizations, inviting users to click on what, in reality, are malicious links.
Consumers can adopt some basic measures to falling prey to cyberattacks:
- Beware of online requests for personal information. A coronavirus-themed email that seeks your personal data is likely to be a phishing scam. Legitimate government agencies will not ask for such information. Do not respond to such emails.
- Check the email address or link. You can inspect a link by hovering the cursor over the URL to see where it leads. Sometimes, it is obvious the web address is not legitimate. Even otherwise, be careful, because phishers can create malicious links that closely resemble legitimate addresses.
- Phishing emails are unlikely to address you by your name. Greetings like “Dear Sir or Madam” is an indication that email might not be legitimate.
- Avoid emails that urge you to take immediate action. Phishing emails often try to create a false sense of urgency. The goal is to get the user to click on a link and divulge personal information. If you receive a suspicious-looking email of this type, delete it.
Millennials top the charts in online transactions as compared to women and Gen X who are most complacent about security, yet trends indicate Gen X to be more susceptible to cyberattacks than millennials. Do you think it is completely around digital literacy, or there is more to this trend?
The lines between the virtual and the real world have blurred today. Individuals, irrespective of their age or generation, are vulnerable to cyberattacks when they use public or private networks if they do not have any cyber safety solutions installed on their systems. Individuals often neglect to log out of their social media accounts and apps. This habit needs to change. We must bring some good practices from the real world into the virtual one. Just like how we lock the main door before going to sleep, we should log out of emails and social media accounts, and online banking sessions, once we are done using them.
We often download free apps and, often, without thinking, permit them to access different features and data on our device. If something like a weather app asks us to grant access to our contact list, it should give us pause for thought. We need to read the terms and conditions a careful read too, rather than accepting them blindly. It is advisable to install an application scanner to check for security vulnerabilities and a VPN to mask our identity.
Data from our Digital Wellness Report reveals some interesting facts:
- 81% of the respondents in the survey were using parental control mechanisms on their devices, while 70% knew that connecting with strangers while playing online games could lead to problems like cyberbullying.
- The report found that female respondents (84%) were more aware than men (74%) about security threats and that they had security software installed on their smartphones.
- 71% of female respondents (versus 63% of male respondents) concerned themselves with app privacy and permissions on their phones.
- Gen Z users (95%) were found to be more proactive than millennials (94%) and Gen X users (90%) in adjusting the privacy permissions on their phones.
According to our 2019 NortonLifelock Cyber Insight Report:
- 40% of millennials reported having experienced cybercrime in the past year.
- Nearly 3 in 10 people said they cannot detect a phishing attack. Another 13% said they have to guess between a real message and a phishing email. Thus, 4 in every 10 people were vulnerable to phishing.
- 86% of respondents said they may have experienced a phishing incident.
- 7 in 10 respondents wished they could make their home Wi-Fi network more secure.
- 27% of respondents believed it was likely their home Wi-Fi network could be compromised.
At present, fintech is one of the most regulated industries in the world. But the key challenge is the presence of too many governing bodies but no universal standards – a singular regulatory policy or framework for the industry is lacking. Do you feel there is a need for a standard set of compliance and regulation for fintech and cryptocurrency?
You’ve probably heard of Bitcoin. But what about Ethereum? Or Tether and Polkadot? What are these? They’re all examples of cryptocurrency – a digital currency that you can buy with real money and then spend in online transactions. It’s true that you probably can’t buy a meal at your favorite restaurant with Bitcoin or rely on Ethereum to fill your car’s gas tank. But cryptocurrency is becoming increasingly more popular and valuable. Coindesk.com, which covers cryptocurrency, reported that, as of January 2021, the total value of all cryptocurrencies topped $1 trillion for the first time.
New cryptocurrencies emerge frequently. Coinmarketcap.com listed more than 4,100 types of them in an early 2021 price index published on its site. But what do these digital currencies mean to you? Do you need to learn how to purchase them and spend them? Probably not. But while digital money isn’t a necessity, it does have its uses. Users of cryptocurrency say that digital transactions closed with cryptocurrency are more secure than those using credit cards.
As cryptocurrencies become more popular, so do the scams associated with them. Some scammers set up fake cryptocurrency exchanges. You might send real money to buy Bitcoins that don’t exist. Once you send your funds, they are gone, and your crypto wallet remains empty. To avoid such scams, only buy cryptocurrency from reputed exchanges. Don’t do business with exchanges that seemingly pop up out of nowhere.
What kinds of changes should be made during vendor sourcing and onboarding processes? And how much of the responsibility must fall on the CISO?
Data beaches have a direct negative impact on at least three very important aspects of a brand: presence, affinity, and trust. In the age of social media, negative news can affect not only people’s perceptions about the company but also the company’s financial prospects. Customers might stop engaging with the brand completely or engage at a significantly lower level than before.
Data security has, for long, been viewed as a “hygiene” factor by many businesses and consumers. However, in today’s interconnected world, where data is more valuable than ever and a company’s reputation is based on its ability to protect customer data and establish digital trust, cyber safety and data security are no longer a mere hygiene exercise, but a business differentiator.
There are no set rules for building a security framework, and no system can guarantee 100% protection against all threats. However, imbibing a culture of security within the organization and ensuring the independence and empowerment of the CISO indicates that the organization is serious about cyber safety and data security. It also ensures that critical security-related changes within the organization can be effectively taken care of by the CISO.
About the Interviewer
Augustin Kurian the Assistant Editor of CISO MAG. He writes interviews and features.