Shitesh Sachan – Detox’s founder and CEO. Shitesh Sachan is a white hat hacker and a Certified Information Security Auditor (CISA) with over 20 years’ experience. Before founding Detox, Shitesh lead security at hCentive, a US healthtech company. In his wider remit as an ethical hacker, Shitesh has identified security vulnerabilities within some of the world’s largest platforms, including: Amazon, LinkedIn, WhatsApp, Shutterstock, Medlife, Dominos and Pizza hut. Shitesh is a published author and has recently been awarded ‘Hall of fame’ status by the World Security Council for identifying security flaws in their system.
Why is individual cyber security still such a low priority? What, according to you, are the best solutions?
Raising awareness. People remain unaware of the extent of their vulnerability to cyber-attacks, hacking, or phishing. Businesses have multiple priorities, and cyber security is low down that list. So, if a business does not have a cyber security specific department to raise awareness and bang that drum, individual cyber security is often forgotten about. It is only when a business or an individual suffers an attack that people pay attention. The biggest cyber-attacks in history have occurred because people have been exploited as loopholes. Employees are the weakest link in any organisation, but many organizations are still not investing in cyber security and do not seem to be concerned about training or raising awareness among their own employees.
That said, while cyber-attacks are becoming much more widespread, they are not assured, by any means. So, most organisations and individuals, within those organisations, still assume they will not be attacked. Cyber criminals work in the background, which does not make them an immediate threat. Therefore, the ‘potential’ threat of a cyber-attack does not seem that significant.
I believe we need to start talking about cyber security in the same way we talk about pollution and life-threatening diseases. We need to teach younger generations that these things can be controlled. Individuals should be trained to be aware of their own vulnerabilities and taught how to protect themselves from cyber-crime. To support this, I believe we should pre-install protective apps in smart devices to raise individual cyber security awareness and guide individuals towards protecting themselves.
How has the pandemic escalated the need to safeguard users and their data from malicious or over permissive apps, insecure WIFI connections, phishing, and identity theft?
There is no doubt that cybersecurity-threats have increased during the pandemic. All over the world, large numbers of people have joined the rush to work from home. With individuals often working from personal devices and using insecure or weak Wi-Fi connections. Many organizations were, and remain, unprepared for that change and cyber criminals are taking advantage.
Personal devices are often not maintained with proper security measures and have the potential to leave an organization open to various attacks. Wi-Fi networks should be encrypted, and password protected, to make it difficult for an attacker to access a device via the router.
Before lockdown average on-screen/internet time was minimal, but that has obviously increased, given kids are also attending online classes and our daily lives become more and more digital. Our homes are just not as secure as our businesses, and our systems are therefore more vulnerable. Cyber criminals are aware of these loopholes, so they are exploiting these weaknesses and are more active with phishing and Wi-Fi attacks. The need to safeguard users has become more urgent for many businesses
Out of the threats listed above, what concerns you the most?
Phishing remains the easiest type of attack to perform and it is one of the most concerning threats, as it continues to grow. The problem is that phishing does not require any specific skill set. Anyone with malicious intent can learn how to phish with very little effort and can try to trick an unsuspecting user. Most people are aware of phishing and know that they should be suspicious of fake-looking emails, but people are still falling for them. What businesses can do to combat the rise of phishing attacks and keep their data and systems safe is still a big question. The market is crying out for tools and applications that can identify with 100% accuracy which emails are phishing or not. Until that happens phishing will remain one of the biggest threats to both business and personal security.
Why is replacing the ‘install and forget’ approach, which consumers typically take after buying a security product or antivirus software subscription, so important? What would you suggest we replace it with?
“Install and forget” it is a marketing catchphrase used by tech providers to ensure that IT admin staff do not have to handle alerts and install changes continuously. The problem is that this mentality often mutates into a “trust and forget”.
Every day new variants of viruses, worms, malware, ransomware, and new threats are popping up and current security and antivirus software is unable to keep up. As technology evolves, so should cybersecurity. The tools we use for cybersecurity become obsolete in the same way as our mobile devices. Even if a user has the resources to manage and secure their information, a data breach could still affect them.
For hackers, it is common to ignore technology entirely and instead exploit individuals. Proper training is one of the most important things you can do to keep your data secure. We need to cultivate a security-first culture inside our businesses.
Enabling our teams with daily training sessions that address the fundamentals of safe data processing and maintaining an informed view of the shifting digital world in which your business operates. Best practices are evolving to accommodate the way the cyber world progresses. To observe and respond to these developments, every member of a team needs to be trained.