It was my humble honor to give the Open Remark on “Cybersecurity Cambodia 2023” seminar to over 200 participants.
I have shared both personal and corporate case studies on cyberattacks which were described in the following:
1. Personal Case:
In 2021, my personal laptop had a problem and was brought to the IT shop. After returning from the IT shop, a hacker controlled my laptop and used my Facebook to boost over $500.
I believed there would be unlicensed software or crack installed in my laptop. For the immediate solutions, I reseted the Microsoft Windows and tried to set up the softwares with licenses for the majority of the programs such as Antivirus, Microsoft Office 365, etc.
For some hackers, they are silent hackers in your laptop/smartphone. Of course, for their activities we do not know. You must review and monitor your devices which were connected with the Internet carefully. Otherise, whatever information is inside your laptop/smartphone would be sent to the hackers quietly.
Therefore, I believe that "Cybersecurity is not a technology problem, it's a people problem."
2. Corporate Cases:
Not only our personal, but even if a big company like Facebook is attacked by the cyber.
In 2018, Facebook security breach: Up to 50 million accounts attacked based on BBC.
Facebook's "View As" function is a privacy feature that allows people to see what their own profile looks to other users, making it clear what information is viewable to their friends, friends of friends, or the public.
Attackers found multiple bugs in this feature that "allowed them to steal Facebook access tokens, which they could then use to take over people's accounts", Mr Rosen explained.
"Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app," he added. (Source: https://www.bbc.co.uk/news/technology-45686890 )
Another case happened to Capital One Bank. Based on the Washington Post, in 2019 Capital One Bank, a major credit card issuer in the United States, experienced a data breach that exposed the personal information of over 100 million customers and got the fine of $80 million US. The breach was caused by a misconfiguration in Capital One's cloud computing environment, which allowed an unauthorized individual to access sensitive data. (source: https://www.washingtonpost.com/national-security/capital-one-fined-2019-hack/2020/08/06/90c2c836-d7f3-11ea-aff6-220dd3a14741_story.html )
What did we learn from these cases?
The importance of having a strong security culture.
The need to continuously monitor and update security systems.
The importance of employee training on cybersecurity best practices.
In short, Cybersecurity is a critical issue for all organizations, regardless of size or industry.