How Businesses and Consumers Can Achieve Online Safety
- By Reuben Koh, Akamai
- March 04, 2024
The world has become more connected than ever before. With global mobile and broadband penetration at an all-time high worldwide and the internet used in our daily lives for both work and play, cyber threats are on the rise. Both businesses and consumers are vulnerable, with dangers ranging from social engineering attacks to scams.
Consumers must be aware that the internet has become more dangerous than ever. There are over a million phishing websites with over a billion malware programs. Attacks have become so sophisticated that even tech-proficient users can fall victim to them since the attacks constantly evolve.
For businesses, delivering digital services and products over the internet and having to transact with sensitive financial information, protecting websites and applications is paramount. Malicious bots are constantly targeting customer accounts, non-stop social engineering attacks and a rise in AI-driven scams. We've also seen how deploying AI-powered malware and ransomware is possible, supported by malicious Generative AIs like FraudGPT and WormGPT.
While all businesses are at risk, some sectors are particularly vulnerable. Research has found that the financial services sector is the biggest target for web app and API attacks in Asia, attracting nearly half (49%) of attacks. The region is also second only to North America for malicious bot activity.
Three areas for cyber vigilance
When it comes to spotting internet scams, there are three areas where businesses and consumers need to be vigilant:
1. Unsolicited messages that either come from a stranger out of the blue or from someone you know, such as a friend or colleague. It's essential to stop and think about the intention and why they might suddenly need personal or confidential information or money. Messages often play on emotions and sympathy, for example, claiming an urgent disaster or medical emergency to get the recipient to transfer funds to the requestor.
2. Requests to download mobile or computer apps to "facilitate a transaction" or a business agreement. This could be malware that enables remote computer control and keylogging so that attackers can harvest login details the next time someone uses online banking and drains their bank accounts. Criminals can even bypass multi-factor authentication and One-Time Passwords (OTPs) if devices are compromised.
3. Brand communications, whether by email, SMS, or phone, should be verified before you act on them. Use the contact information from the organization's main website, as they should have channels for you to cross-check. Many businesses have adopted a Zero Trust approach in defending against cyber threats, and consumers can also do likewise to better protect against scams. For example, we should never blindly trust anything or anyone in the digital world, always be guarded against random requests, and always check and verify the request and its requestor.
How consumers can stay protected
The most important action to protect personal data is to turn on multi-factor authentication (MFA) if available. Most service providers already provide MFA options as part of their account security settings, including on social media apps such as Facebook, LinkedIn and TikTok.
Always check the data privacy settings on your accounts regarding who can see that information, particularly on social media sites.
It is also recommended not to reuse passwords across multiple websites, as attacks such as credential stuffing are becoming very common. This is where hackers use stolen account credentials to conduct large-scale automated login attempts on various websites.
Ensure you stay informed about local law enforcement agencies' latest and common scams. Many banks also have dedicated pages with the latest alerts and advice, as these do update frequently.
Lastly, consumers must be vigilant and monitor suspicious logins and financial transactions on their credit cards. These might indicate their account has already been compromised. While banks use increasingly sophisticated algorithms to block suspicious transactions and may alert customers for extra verification, there will still be chances for fraud to happen.
Business strategies for data protection
First of all, businesses need to implement a very rigorous Vulnerability Management Program to ensure that any internet-facing and public-facing systems, applications and APIs are free of vulnerabilities. An essential part of this is to ensure that their systems are always up to date with the latest patches and hotfixes.
Secondly, organizations must implement a strong data protection strategy as they will store customers' personal and financial information when they transact with the business. There is a legal and ethical duty to safeguard this from unintended or unauthorized data exposure and to ensure that the privacy of customer data is kept intact.
Thirdly, businesses must ensure that their employees and customers are continually aware of the latest threats and scam techniques and how to identify and mitigate them. More importantly, companies should provide a channel for consumers to verify authenticity and report scams. There are also many instances where customers would like to report being victimized by a scam but don’t know how to best contact the business.
Start cyber safety education early
Parents and guardians have a responsibility to educate children about safe internet use. Simply putting on parental locks isn't enough. Children must know how to protect themselves and distrust any requests or gifts from strangers in online games and chats.
Parents should also be aware that cybercriminals may impersonate their children's friends on social media and in games. Many children use multiplayer games where threats and predators lurk, and it's vital that parents educate them, as well as have cyber safety programs in schools.
Living in an increasingly digital and connected world, the collective effort of individuals, businesses and educational institutions to promote online safety is more important than ever. By understanding the threats, implementing robust security measures and fostering an environment of awareness and education, we can help to ensure that our online experiences will be more enriching and safer.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/Ominodicarta
Reuben Koh, Akamai
Reuben Koh is the director for security technology & strategy in APJ at Akamai.