Thirty-nine seconds may seem insignificant at first, but that’s how frequently a computer is targeted by cybercrime in the US. Once you factor in the roll-on effect, this could potentially have, and you’re left with the possibility of millions of users being compromised within a few hours. This was never more apparent than the notorious SamSam ransomware attack in the city of Atlanta. For five days, a major US city was effectively paralyzed and offline, ultimately having to pay $51,000 ransom. The roll-on effect? It ended up costing the city a total of $17 million.
This is just one case, but there are multiple other cases where cybercriminals were successful in causing significant damage. Iran lost a fifth of all its nuclear centrifuges in hours because of the Stuxnet computer worm. This should illustrate just how severe and potentially damaging lapses in cybersecurity can be.
How do you avoid having to go through similar hellish experiences? Well, you start by listening to the experts. Fortunately, we have one such distinguished expert with us today in Javvad Malik. Javvad has a long list of ventures that have served him well in establishing his name as a leading cybersecurity expert of our age. As a security advocate, he’s been associated with AlienVault, also authoring several books while being the co-founder of the famed Security B-sides London conference.
Among his other credentials are professional certifications that include being a Certified Information Security Systems Professional. He’s won several awards that have billed him as a trustworthy source of information in the cybersecurity world and doing it with both style and panache.
We’re joined today by Javvad as he gives us some keen insight into the future of cybersecurity, important lessons he’s learned over his long career, and perhaps most importantly, how the average user can improve their cybersecurity practices.
Question 1: First things first, could you give us a brief insight into what got you into cybersecurity?
Javvad: I was at university doing a sandwich degree in business information systems. A sandwich degree is where you study for 2 years, then do a work placement for 1 year, then come back and finish your last year. During that work placement I found a position at a bank in their IT Security department.
I had no idea what they did, I was just in need of a placement. Once I joined I learnt about the job and what it entails and enjoyed it thoroughly. They seemed to like me too and they offered me a job to come back to once I finished my degree. I’ve been in security ever since.
Question 2: You’ve been fairly active on this subject, with almost 80 blogs, 54 videos, 48 podcasts, and just as many webinars that we know about, just in 2020. What are some crucial messages and concepts that you’ve tried to emphasize through all of these?
Javvad: 2020 was a difficult year for many, so, whatever topic I was tackling, I tried to keep it lighthearted and to look on the bright side. It can be easy to get frustrated when another breach happens, or someone makes a mistake. But with so much negativity out there, I tried to take a more positive approach, even throwing in some humorous content to lighten the mood. I think the last thing people want to be seeing is doom and gloom… at least I don’t.
Question 3: How would you describe the effect of the COVID pandemic on cybersecurity? What were some of the new challenges that we faced, and were we successful?
Javvad: That’s a great question, and one which we will probably be answering for years to come as we see how the pandemic has impacted the office environment, travelling to conferences or events, and working from home.
In many ways, it’s been a good opportunity to revisit and remap the security landscape within organisations. It’s also been great in accelerating some projects which have been put on hold for a while. For many organisations it’s forced them to support remote working, adopte the cloud, and cut down on inefficiencies that exist in the office.
However, it does open the door to different kinds of threats, so where we’ve potentially made progress in one area, we need to still keep our eye on emerging threats.
Question 4: What are some misconceptions that you believe corporations and ordinary people have about cybersecurity?
Javvad: I believe that complexity is one of the biggest issues and challenges which make cybersecurity more confusing to the average person. Many people think of hackers as extremely skilled, hoodie-wearing, criminals. The actual fact, when you look at most breaches, whether that be in organisations or at the personal level, they occur due to simple things like reusing or having a weak password.
If we can help make it more accessible for the masses, they will be better placed to understand that it’s not some kind of dark art, rather more a case of us needing to be better organised and simplified in the digital world.
Question 5: With multiple scandals about Facebook and other tech giants coming to the forte, do you think most users are destined to abandon these apps ultimately? If so, can these companies do anything to avoid such an eventuality?
Javvad: Historically we’ve seen the convenience of these apps far outweigh any negative press these companies receive. I think the thing we’ve created for ourselves is an internet where people pay for apps and services not with money, but with their personal details.
Even if people leave established players like Facebook, they’ll simply move to another platform built on the same economic model.
What we need to do as a tech industry, and arguably as society at large, is find a better model whereby people can get access to services without compromising or giving up their privacy and which allows the service providers to remain profitable.
I don’t know what that actually looks like, but unless that root cause is addressed, we won’t see much change.
Question 6: We’ve heard so much about governments scaling up their cybersecurity efforts; GDPR is probably the most obvious example of it. What are your thoughts about it?
Javvad: Information is highly valuable and even dangerous. We saw with the likes of Cambridge Analytica how it could even be used to potentially undermine democratic elections. In light of this, some protections need to be provided to individuals, so efforts like GDPR are welcome because it looks to protect the human right to privacy.
Question 7: What skills and knowledge do you think an average employee must have about cybersecurity, even if their job isn’t directly related to cybersecurity?
Javvad: Understanding of how to protect their credentials, setting up MFA, and awareness of scams and fraud that come in the form of phishing emails, fake offers online, and even phone calls or SMS.
Question 8: Are there any books, blogs, or any other resources that you regularly recommend?
Javvad: There are so many to choose from. A book I recently read and thoroughly enjoyed was Crime Dot Com by Geoff White. In terms of blogs, Rowenna Fielding has a great blog on privacy, https://missinfogeek.net/
I also recommend security professionals read outside of security, particularly in creative hobbies to learn skills and viewpoints they can bring to their day job.
Question 9: With more users becoming aware of digital privacy, do you think VPNs have a renewed purpose and relevance in today’s world?
Javvad: Some people are becoming more aware of digital privacy, although, I think a whole lot more needs to be done in this regard. Using a tool like a VPN can help people with a specific goal, but we need to realise that privacy isn’t something we can get with one or even a number of tools, it’s a mindset for both the user and the service providers to adopt.
Question 10: If you had to summarize your cybersecurity-related advice for the masses in one sentence, what would it be?
Javvad: Be mindful of what you share, don’t believe everything you read or is sent to you, and those likes are not worth all your privacy!
Thank you so much Javvad for the interview. Our readers will benefit from your knowledge and insights. As for our readers, you can follow Javvad Malik on https://javvadmalik.com/, on Twitter @J4vv4D, or follow his YouTube channel https://www.youtube.com/c/InfosecCynic/ where he often shares his views.
Keep following our blog for all the latest updates related to cybersecurity. Stay safe and take care, everyone!