As we move deeper into the digital era at an ever-increasing pace, the importance of cybersecurity is also imprinting its footprints at nearly the same rate. Given the malicious nature of cyber threats in the modern digital era, protecting our digital devices has never been as important before as they are today.
In an exclusive interview with Asia Online Publishing Group, Kumar Ritesh, Chief Executive and Chairman of CYFIRMA, a cyber intelligence entity specialising in smartphone protection, shared valuable insights about cybersecurity.
Regarding IT security trends, Ritesh highlighted that CYFIRMA researchers are seeing rising cases of cybercriminals encrypting mobile phone data for ransom, targeting Mobile Device Management platforms and financial systems, and disrupting the supply chain, to name a few. He also anticipated that digital assaults on mobile-related equipment and operating systems, such as Android and iOS, are more likely to escalate as cybercriminals seek innovative ways to inject identical yet hostile applications to manipulate operating software.
Are Mobile Phones Easy Targets?
Responding to the concerns of growing cyber attacks on the general public, the CYFIRMA CEO mentioned that with the widespread use of smartphones, combined with the lack of cybersecurity awareness among users, it is not a big challenge for the cyber attackers to achieve their nefarious motives. Mobile phones can be ideal devices to be used for blackmailing, spying, spreading misinformation, and breaching valuable data. Also, the weak and vulnerable security system of smartphone applications often fails in containing cyber attacks, enabling them to be used to carry out theft, spamming, and phishing (fraudulent and persuasive messages), which further lures the mobile phone users into the web of this digital deception.
How do these cybercriminals operate? That is perhaps one of the most fundamental questions mobile phone users usually ask. According to Ritesh, since cyber villains are profoundly creative these days, they continue to enhance their strategies and leverage ransomware and malware tools to exploit phones and steal private audio and visual content for blackmailing purposes.
However, on a positive note, various methods can be adopted to curb the malicious intentions behind cyber attacks and their detrimental effects. Ritesh outlined four underlying elements, namely people, technology, process, and governance, that must work effectively and jointly to ensure an optimised and satisfying digital security apparatus.
While technological awareness regarding cybersecurity could teach and persuade people to secure their devices, advancements in the technology, such as VPN solutions and anti-viruses, can mitigate cyber risks. Moreover, content encryption, daily backups, threat scanning, and cyber intelligence programs can also play a significant part in dealing with digital threats. Likewise, to further augment and strengthen our digital shield against cybercriminals, he added there are several areas in which we can systematically improve, including:
Making incident reporting mandatory – this will create a body of research data which can provide insights on threats and inform the government on strategies it can undertake to strengthen the nation’s cyber posture.
Large businesses should have mandatory risk and vulnerability assessments at least biannually.
A data privacy and protection policy should be enacted and enforced.
Attack vector assessment needs to be conducted at least once a year.
Embrace a cyber reward culture where the discovery of bugs and vulnerabilities is rewarded.
Governments need to have a nationwide cyber strategy that covers policies and procedures.
Keeping Mobile Threats at Bay
Even though mobile phone devices are popular and their use within business organisations is common, they grab less attention in the security domain. Ritesh asserted that from companies’ perspectives, smartphones are often considered personal equipment, and therefore, some entities hardly focus on the security of such devices, though they often carry confidential information in the shape of email attachments, WhatsApp messages, and e-commerce activities. Using such gaps to their advantage, cybercriminals have devised creative techniques, such as malware, phishing, and other malevolent mechanisms, to access sensitive data. Ritesh also pointed out that an overly focused approach to IT structure alone will expose other vulnerable elements, such as smartphone devices, to the mercy of computer criminals.
Undoubtedly, smartphone devices have eased and expedited our lives. What used to take months in the old days now hardly takes seconds but “convenience comes with great risks” as mobile phones have exceptionally endangered us and our digital privacy, especially when it is evident that individuals are far more easy targets than corporations.
Whether it be a private or government organisation, no one is purely secure, as vigilant groups like Anonymous, which are well-known for preying on the unguarded data, are on the loose. Ritesh went on to say that data is equivalent to gold in the modern digital era. Using stolen data, not only can cybercriminals secretly withdraw money from banks without the victim's knowledge but also emotionally intimidate them for financial gains.
As far as the role of the CYFIRMA DeFNCE app is concerned, Ritesh emphasised the platform’s principal purpose is to assist public and private organisations to fortify their defences against cyber attacks. However, he envisions bringing the services into the domain of the general public too.
In regard to the availability of the app, it is worth noting that CYFIRMA DeFNCE can easily be accessed through both iOS and android platforms. Lastly, Ritesh revealed various ways through which the app keeps the threats at bay. The CYFIRMA DeFNCE app, for instance, notifies the user if there is a security breach and provides relevant solutions, systematically regulates the connections and permission settings, identifies disguised apps, and updates regularly to further enhance data security.