Surveillance is a passive cyber-threat. It does not block computers or alter the software. It is just lurking in the shadows, taking note of every single action cyber-users perform. According to a MonsterCloud report, mass surveillance is the public enemy number one in 2017. It managed to even surpass ransomware. But let’s see what does this mean.
Who placed mass surveillance on top of the threats pyramid
The aforementioned survey relies on the expert opinion of 50 ethical hackers. These professionals deal with studying IT systems and their vulnerabilities, assessing risks and flaws that might put companies at risk. Their services are in high demand, due to the high costs of damage control, once a cyber incident takes place. Businesses are determined to prevent instead of repair – and that’s where ethical hackers come in. They might be doubled by bug bounty hunters in the case where a service or a product is extremely important and the authors don’t want to take any risks before its rollout.
If in doubt about the critical role of ethical hackers in the cyber-security landscape, remember the recent legal exemption from the Digital Millenium copyright act. They are allowed to perform legal hacking actions (in good faith and in the name of security research) on various devices.
For more details on the respondents, here you may check MonsterCloud’s dedicated webpage.
How should we translate the study results?
It all has to do with cyber war and its affiliate notions. The first instance of mass surveillance concerns one nation state employing this digital weapon against another state. The incumbent governmental response (from the potential victim state) consists in mirroring the same surveillance-type digital presence.
Thus the citizens could be caught in the cross-fire. Firstly, foreign entities swipe the digital environment (including private data) in the eventuality of finding useful elements. Secondly, government agencies might do the same in their attempts to detect the potentially malicious nodes inside any digital system. In order to fall under the jurisdiction of a certain nation, malicious entities need to fulfill regulatory specifics. Nevertheless, law enforcement forces may be always on the lookout for such opportunities of catching the bad guys. International actions also use any piece of information on cyber criminals in order to build up a strong case.
The study results are comfortably included in infographics, which makes it all the more easier to get an image of how the 2017 cyber-risks look like. For example, the study authors split the most likely attackers into three categories: single individuals, groups and countries. Then, they matched the potential targets with the most likely cyber-attackers. Surveillance risks originate from a country, followed by a group of cyber criminals.
What is the defensive strategy?
The bad news is that the ethical hackers confirmed in proportion of 56 percent the fact that no virus protection program is completely effective. The nominated systems range from 10 percent (efficacy) downwards, which does not provide much hope for users.
In what the most exploitable operating systems are concerned, Windows is a definite leader. Sixty-eight percents of the respondents marked it as exploitable. It is followed by Android, with 20 percent, and iOS or OS X, with 6 percent.
Another particularity of the survey consists in splitting the respondents into two groups, on the basis of them being self-taught or formally trained. They juxtaposed the percentage results on this categorization, and underlined the differences. Apparently, the two ethical hacker types disagree in the case of the two threats, yet perfectly agree on the risks concerning health care.
Defensively, the survey leads to a couple of conclusions. The most security-concerned should avoid Windows and make sure they use intrusion-proof hardware, routers included.
Still not convinced about this cyber risks?
Being concerned about the digital risks of mass surveillance presumes caring about privacy protection, and taking this to a whole new level. Many feel there is no need for such concerns, as long as hackers do not take over their digital accounts or empty their bank accounts. When people mentally scan their digital activities and conclude they have almost nothing to hide, they feel like privacy value might be over-stressed.
When malicious entities scour the Internet in the wake of some cyber-war act, it is not necessarily the individual data per se they are looking for. They gather up batches of big data, and in this context personal information gets new meanings. It may be about somebody’s connections, job access, location or credentials. They can try to influence public actions or reactions. Cyber criminals may provoke havoc by leaking private data and forcing systems into a massive simultaneous change of login parameters for their users. The possibilities are endless.
As we mentioned in the beginning, mass surveillance is passive. It can easily take place unnoticed for months or even years, feeding big data into malicious computers somewhere across the globe. Well, the computers are not malicious by their own will. It was just a figure of speech… Nevertheless, the risks are plenty and their ambiguity amplifies the need to better control what happens to our data. Or at least to have this in mind whenever we put it into this digital (for now) lottery, known as the World Wide Web.