Jaya Baloo, one of the world’s leading experts on cyber-security, gives us advice on how to protect our devices and personal data. She also explains the incentives hackers can have and the differences in cyber-attacks. Private citizens, large corporations or even governments can be victims.
CRISTINA: Jaya should we be concerned?
JAYA: Yes we should, but i supposed the extent to which we should be concerned depends on you. It depends on what it is that you have to protect and from whom. If you’re a person, an individual, or you’re a company or a government, those concerns can greatly vary. And it terms of who you have to protected it from, I like to say that there are three motivations of hackers: fun, profit and politics. And they usually go in that order. And we start with individual hacker who is kind curious and wants to do it for fun, to cybercriminals who do it for profit, and state-sponsored hackers, who do it for political motivation.
CRISTINA: What are three major hacks in each of these categories so people can understand the scope?
JAYA: Let me give you three type of hacks, when we talk about the individual hacker, what we see them do are kind of simple hacks, but they’re very effective. Things like a distributed denial of service attack, where services – usually online services – don’t became available because they’re getting flooded with traffic. That is one example of something that an individual hacker very easily can set up, but it’s not always easy to defend against.
CRISTINA: And you were saying you can hire someone do that for 40 euros and it mainly means that they’ll just deluge your webserver with information and it can’t handle it.
JAYA: No and it can’t handle any valid requests anymore, so we see this happening, but it’s not just a volume of type of attack, it’s also different types of application attacks. They’re difficult to defend against and they cost companies millions to arrange properly. So that’s individual hackers. If you look at the cybercriminal, we’ve seen the largest bank heist in history for over a billion dollars worth. We saw that disruption and you see ransomware affecting regular people, where their computer gets encrypted and they can only get it decrypted if they send a bitcoin payment to the criminal. And then when it comes to state-sponsored attacks, where should i start? We see it everywhere, we saw it with hacking of the US selection, we see influence in the European elections, you saw that the Italian navy was trying to be hacked. There are so many things happening in this space.
CRISTINA: Who is doing what in Italy that we should know about?
JAYA: If I had to pick one italian hero, it would probably be Paolo Villoresi. He is from the University of Padova and I actually think we should pay way more attention to people like him and give him lots more funding to keep continuing his research.
CRISTINA: Jaya what can we do on an individual level to protect ourselves?
JAYA: I think it starts with keeping it simple. Let’s first make sure all of our software and hardware is up to date. That means applying updates as soon as they become available. Don’t wait three weeks and then have thirty-five thousand updates still waiting for you.
The second really simple thing, which is not sexy, is backups. Just backup your data, both online and offline. Using an antivirus and two-factor authentication, really the majority of the low hanging fruit for a hacker is gone.
CRISTINA: So people think it’s so convenient, you know now, when they put search online then system figures out what they like and then they get more of what they like. That’s really a not good thing right?
JAYA: The most precious commodity we have to give is time, so if we can gain a bit of that, it would be great, but I think not at the expense of our security and privacy. We can only be free to use the fruits of our digital innovation if we don’t have to worry about if our data is being stolen, is it being shared with people that I never intended to? We need to take control of our data and really understand who we have to trust.
CRISTINA: And instead for organizations, corporations or governments?
JAYA: I am very worried about our national critical infrastructure, and I think governments can prioritize that. From drinkwater, energy, to telecommunications and in that order, that we actually have a program to look for vulnerabilities in those sectors and patch them. We have a responsibility as a country to the citizens and I feel that it’s just as valid in Italy as it is in the Netherlands that we really have to look at where our vulnerabilities are. Where would a hacker try to attack if they’re trying to attack national infrastructure and eliminate the possibility by focusing on our defense instead of offensive tactics to gather information from others.
CRISTINA: Such as eavesdropping on conversations?
JAYA: Eavesdropping, signals intelligence or hacking back to other countries. I’m absolutely against this hacking back because it means that we’re escalating the issue rather than de-escalating and negotiating and dialogue. I’d really like us to focus on cyber-peace and our own defenses.
CRISTINA: And what’s heartening is that there is a lot of talent in Italy from your perspective.
JAYA: There is tons of talent in Italy. I’m a big fan of the universities in Italy, I think there’s a lot on offer if we just visit the campus, I think we just need to encourage companies to work more closely with academia.