![[Nile TV] Cybersecurity Threats, What you need to know](https://abdomagdy.com/wp-content/uploads/2024/04/16-750x350.jpg)
[Nile TV] Cybersecurity Threats, What you need to know
In this interview on Nile TV, Mr. Abdo Magdy, a technology executive, joins the host to discuss cybersecurity threats and how individuals and organizations can protect themselves from the downsides of technology. The conversation explores key topics such as ransomware, phishing, cloud security, social engineering, and the future of cybersecurity, offering practical insights and expert perspectives.
What are the top threats when it comes to individual or organizational use of the internet?
Yeah, first, good morning, and thanks for having me, and happy—thank you—and to our viewers. Okay, and yeah, I think like we all love technology. I mean, like, all technology advanced, the advancements, all the social networks, all the different tools and apps that we use, we love that, and that’s forever expanding. But it comes a downside that we hear a lot about: lots of issues that has to do with security and privacy. So, people getting in trouble, losing their data, and even like getting into some like almost close to like threats to their own safety. So, like, cybersecurity is the term that has to do, is like moving security into the virtual world. But with everything that has to do with technology, if we look at what had been going on in the past like decades and in the past year, we’re going to see that there are different patterns of the different types of threats. One of the top threats these days is what we call ransomware, which I think we heard a lot about that in the past year. And I think, like, if we look at it statistically, recently, in like this year, there’s over 14 billion dollars of losses as a result of ransomware. So, this is a huge loss. What is ransomware? Ransomware is like when hackers access your device and lock it by scrambling data. So, you have your PC, or the company has its own server, and there’s a lot of files that we’re working on. So, if hackers could access that system, they’re going to scramble data, so you cannot see these data, and then they’re going to give you a screen telling you that your data is locked; pay me like a thousand dollars in order for me to give you access to this data. So, this is, this is ransomware. That’s a huge number, 14 billion dollars. That’s a huge number, yeah, that’s a huge number. It’s like, uh, like, it’s the biggest threat for cybersecurity these days, and, uh, and also the 14 billion is almost in the U.S. alone. So, this is, wow, this is a massive threat. So, if you look at cybersecurity, is taken very, very seriously on a global scale and even the governmental or international levels. So, ransomware is a big threat, and I think by then it’s, it’s, uh, it validates the need for us to be like safe online and also to be cautious in terms of the different types of attacks. Besides ransomware, there is lots of phishing attempts, which is like much more like simpler, in which that someone is sending us an email with a link, and, but the email is coming from someone else other than the person that we know. So, we think this is an email from a co-worker or a friend, and then we open it, and it’s actually coming from someone else who’s like using the same name, and then there’s a link through which they can like access our system or hack us in different way. So, these are some of the samples, some of the top threats. Also, if we look right now, like in businesses and even individuals, lots of us really update our data or upload our data into the cloud. So, we use like cloud providers, like big companies; we put our data online because we might lose our phone or change our phone, and like, some of the standard features when we have a new device or a laptop is that we kind of upload our data on the cloud. So, all these data are in the cloud. So, if there is any threat that goes into some of these cloud providers, these are like the biggest providers, so they are the techno, the biggest technology providers, which has an upside in which the dr, they have the most advanced protection, but also any, any issue that happens with them, that’s gonna also affect us. Like, other things like using different software, that’s especially in companies; if I use a third-party software that I give it access to my system, if anything happened to this software, it’s most likely to affect my system as well because hackers can use it as, as backdoor. So, these are all different types of threats, and I think it’s, um, so we can say that cybersecurity is getting more advanced than just having an antivirus. Like, an antivirus is something that’s, that’s important to have to lock our security, but also there is a component of being aware of how to protect yourself, things like phishing attempts. There’s a, there’s always what they call it, hackers call it social engineering. Social engineering is it when you organize your thoughts in which that I know that I want to access your system, and I say she’s your friend, so I’m gonna use her system to access your system, and I’m gonna organize an interaction of you. Like, if I know what you’re gonna be preparing tomorrow, I’m gonna send you an email relevant to what’s gonna happen tomorrow at the right time, and then you’re gonna click the link because you’re in a rush, and by then I’m gonna access your system through her. So, there’s a lot of tricky and very deceptive techniques that’s used by hackers, and by then, part of this is about understanding that, also being cautious and verifying like that we are on the safe side.
As a technology user, how can I protect myself from these attacks?
Yeah, I think like there is, there are two components. There is like the, the hard part in which that I have to secure my software and hardware is that like, um, if I’m using, if it’s my PC, for example, some of the most obvious things is that I have the right antivirus software and the security updates. So, one big part is, right now, most operating system, they have their own like security built in. So, there’s a big part of security that’s kind of built in within like a Windows or Mac or whatever system that we’re using, and there is additional software to protect it from very specific like threats like viruses and malware, etc. So, I have to make sure that my system is up to date in terms of, um, like doing full protection and also understanding that there is like a quick update to smile because like as companies discover there are threats, they produce a new update, and sometimes you have to download this update like quite quickly to protect yourself because if there is like a window, three days, if you did not install the latest update within this period of time, it might be a window for hackers to use it because by then, once it’s announced, other hackers really know that it exists, and they can use it. And usually, we’re quite lazy, or we’re working on something, so we usually say later, later, tomorrow, remind me tomorrow. So, it’s, uh, it’s, um, it’s advised, it’s like late at night, as you’re done with your work, leave the system like updates at night and make sure that you’re protecting yourself from that like hard part. The soft part is also being cautious, is in being able to identify this is a possible threat, this is like a social engineering attack, and understanding also that this is, this has to do, is training. So, there’s a lot of intense training, especially at the corporate side. I mean, if you’re being on board, I had an experience in Washington, D.C., for three months, and the first task before I accessed their system was going through a two hours of cybersecurity training. So, the first thing, in order for, for us to give you access to our system, you have to get training, and when it comes to cybersecurity, you have to understand all these terms and how to deal with it. And also, as you go along, there is a lot of like drills, there’s a lot of training exercises. You might actually get an email from a colleague, and it’s not from a colleague; they want to see if you’re capable of protecting yourself this way. So, there is a component in which that taking care of my like software and also taking care of my focus while dealing with different like even like friend requests and lots of messaging and messengers and WhatsApp, so understanding who’s sending that and, uh, and how to deal with it if there is, there is a threat as well.
Can you talk about the phenomenon of kids wanting to be hackers rather than cybersecurity professionals?
Yeah, it is phenomenal, yeah, yeah, it is, and I think also it’s like part of us, especially like when you’re younger, is that we want to do like adventure stuff, yeah. So, hacking is like a beautiful world of being able to do something you’re not supposed to do. So, I actually got into hacking as a teenager. So, I was online, and I had a coach, yeah, and then he said that he’s gonna start like teach us a hacking, and then he was teaching us hacking by recommending books that we read, and then we have a discussion around it, and, um, like, the author of these books was Kevin Mitnick; he’s like one of the biggest names when it comes to cybersecurity. He was actually a hacker. So, what usually happens with these is that there’s always, well, the reason, the last cybersecurity engineer, I guess, who must know a lot about hacking, exactly, a forward, an ex-hacker would be the best, exactly, because these hackers, like, they get, like, when they are caught, and they are offered either would you like to spend your life in jail, or do you like to work for us? So, this is, this is usually part of it, is there is a lot of transitioning hackers who get into the like in supporting the, uh, the security efforts. So, definitely, during these years, if you’re like teenage years, you get really interested in these things, and by then, there is, there is an ethical burden in terms of understanding that you’re going to use that knowledge in kind of in doing right, like good things, not doing bad thing, which is also like, it’s part of the training. So, whenever you go into the cybersecurity training or like hacking training, and most people like to use the word hacking training because it’s like, it’s much more entertaining and much more active, yeah. So, once you go into that, some of the first things that even your coach tell you is that you have to promise first that you’re not going to be using this knowledge and doing anything illegal because also it’s his responsibility to, to do that. So, yeah, definitely, it’s a very like flourishing space professionally, and also it’s a very, um, important aspect because by then, the police forces are moving online, and also it has huge impact. We talked about like one type of hacking is 14 billion dollars, so this is huge money, like, and also it becomes really sophisticated with a lot of emerging technologies like machine learning and artificial intelligence. So, this space is pretty much emerging, and, um, and I think you’re like, you brought up like some people have it within them, is that they want to be stopping the bad guys, so, but then these actually make the best type of what they call it, white hat hackers.
How do you see the future of technology with all these cybersecurity challenges?
Yeah, I think like once some, once like something is growing, there has to be like that the safety and security and privacy has to be growing with it, which we see that there’s a lot of effort in that space, and also there’s a lot of promotion for cybersecurity with like the attacks. So, one thing is that there is an effort to respond to some of these attacks. So, we hear about all that data, data linkage from Facebook, we hear about the, uh, like, the influence on the U.S. elections using different hacking techniques. So, I think there’s a lot of learning that goes into the industry as we see different types of implementations for these like hacking or manipulation techniques. So, there’s a lot of learning that goes on from the industry itself, and I see as you cannot stop, and you should not be stopping technology innovation, but rather you have to understand how it works, and also you grow with it. So, there’s a lot of research and a lot of efforts, a lot of corporates that really work on the security front, and also there is a lot of recruitments that happen on from the side of the bad guys and understanding how they work, engineering their methodology, and also having them also included in the discussion when it comes to cybersecurity. I think if you look at different parts of the world, there’s like big security conferences, which is like hacker conferences, so you go, you go there to get hacked, and I think like there are a lot of interesting reports on the media in which the journalist goes into this conference for, and they are preparing a report, and by then, the objective is for a hacker to penetrate his phone and to do something with it, and actually they demonstrate in camera how does this work. So, this actually adds a lot of visibility to the topic to the viewers, and also it shows to the community of how these things work and how to stop it. So, definitely, in terms of like visibility, that’s going to be like spreading awareness and having people aware that this is how it works, and this is how to stop it. These are vital points to like make sure that we’re growing our safety and security while technology is growing.
What kind of knowledge and training is needed to tighten the grip on cybersecurity within organizations?
Yeah, I think like different organizations had like, they have different systems of how they approach cybersecurity. Like, everyone agrees on the importance of cybersecurity, especially with more critical organizations like banks and institutions like that, even like usual businesses. So, like, the standard procedure right now is to have an onboarding training in which that once you’re like becoming an employee of this organization, you have to make sure that your knowledge of cybersecurity is up to a specific standard. Sometimes also, organizations use different tools, so you have to be trained on a specific like, um, like exercises and behaviors working with these different tools of how to protect the cloud application, et cetera. There are usually different notifications that really pop up, so paying attention to that, understanding that this is not something to say I agree or I dismiss, you have to really pay attention to what’s on the screen, and, um, and by then, you have ongoing drills, like trainings, that you know that while working in something, there might be an attempt, like as part of the HR department or as part of like the cybersecurity team within the company, to discover, uh, threats. I think hackers say that, uh, humans are the weakest link. So, when you like in the hacking community say that humans are weakest link because like systems could be protected, but if there is specific users, you can actually use and manipulate these users to access the systems. So, that’s why it’s very crucial for lots of training and focus training activities to take place. Of course, for a larger organization, that becomes like much more possible because if you’re a smaller organization, like, um, employees probably do not stay that long, and most likely rely on third-party applications, so you don’t have big infrastructure to protect, but it’s, but also you can find like much, much more faster and cheaper options to, to get your employees and a staff, if you’re a small enterprise or, or like a growing business, on like using, uh, not necessarily very advanced, uh, very complicated, and very lengthy and costly systems of training, uh, but rather having things like on the spot that allow people to, to do that. Like, some of the interesting applications is something that called cybersecurity assistance, so it’s like an artificial intelligence assistant that once something is happening with your system, it tells you that this is a threat, take this really seriously.
What is the best university degree to prepare for a career in cybersecurity?
Well, I think from, from what I see, like, universities take different approaches to that, and depending on their computer science. So, I think like when it comes to computer science, you’re going to find specialities, it has to do with cybersecurity. I’m not sure if this is an undergrad degree, but definitely, there are post-grad degrees, there is very deep like specializations in that. But I think even cybersecurity is usually part of the curriculum anyway for things that I, I think, even has to do with business, not just like, not, not just engineering or, or software engineering. So, I think also we’re going to be start to see that even like, for example, yeah, I think actually some, some schools might be teaching basics of cybersecurity because like once you become a user as a child, it’s the best time for you to learn. We can safely say that this is an area, I guess, uh, that will expand in the, in the upcoming decades, can’t we? Definitely, that’s actually becoming because like we used to live just in the physical world, and now we’re partially also living in virtual world. So, like, the safety and security that we had there, there are another scope, so we have to expand that. So, when it comes to safety and security, uh, this is gonna be covering a bigger, uh, part of our perception when it comes to security, and definitely, like, in the physical world, we can see, and we can sense, but by then, in the virtual world, it’s much more subtle, and it could actually be very damaging. So, yes, definitely, they’re going to be a lot of expansion in the space in the future.
How can we protect ourselves from social engineering?
Yeah, from like social engineering, from all like cyber threats, it’s, it’s about first and not to freak out because I actually, this is like one of the things because lots of people when they actually hear about cybersecurity, they kind of say that okay, I’m not gonna use my phone, I’m going to downgrade to my old Nokia from 20 years ago. So, this is usually, it’s not a good idea because lots of these manufacturers, they have a lot of protection built in. But I think the best you can do is to keep yourself updated with what kind of threats are, are happening, and I think like, it’s the rule of the media as well, as that we’re talking about cybersecurity, we’re talking about there’s something called ransomware that people could lock your phone and then ask you to pay a ransom. So, understanding these terms and having the user always reminded by tools and by the media and by different training in their organizations that this is cybersecurity, and this is what you kind of need to be aware of, this is, this is the best approach. So, having consistent updates and a base of knowledge when it comes to cybersecurity, how to protect myself without freaking out, so I would be comfortable using technology while also I’m aware of when threats might arise and how to respond to them.
Also published on Medium.
