The social limitations posed by the COVID-19 crisis have made technology all the more vital in our daily lives. People have become dependent on technology in procuring basic needs and services with physical safety as first priority.
As such, we have witnessed an exponential increase in the number of retailers selling their products and services online. Even with slow internet speeds, retailers can resort to various digital platforms, which inevitably become exposed to cyber attack.
Buying from online sites gives customers a sense that their physical security needs are being met during the pandemic. But difficulties such as internet speed, security and privacy go hand-in-hand with the ease of online shopping. As we rely more on our devices for online sales of goods and services, cyber criminals have been taking advantage of software design flaws and glitches in sellers’ platforms.
As we take a closer look at the vulnerabilities, we can come up with strategies that will offer protection for online consumers. Yet we often see eyes rolling whenever the topic of online security and privacy comes up.
Online consumers have now grown fearful of falling prey to cybercrime, making them harbor a distrust in the use of technology and its associated platforms. This has inevitably brought forth consumer reluctance as regards the safety of online transactions.
It is time to change this experience.
TYPES OF CYBERCRIME
The number of online scams and fraudulent internet transactions continues to rise. Phishing, the most common type of attack, involves stealing user data such as passwords and credit card information.
Hackers con people by posing as trusted organizations, sending e-mails or text messages to potential victims. When a victim is successfully tricked into clicking a link in the message, the malware is installed in his computer or mobile phone. It freezes the system and sends data to a command-and-control site.
From there, hackers receive information that allows them to seize control of accounts and blackmail duped users.
Everyone can be a victim of ransomware. According to one report, half of the cyber attacks happening worldwide target small businesses. It also reveals that:
• Small businesses lack security resources to protect themselves from these attacks.
• Health service providers are concerned about security breaches that stop them from doing their jobs.
• Banks are worried that confidential information can be stolen.
• People who use their phones for bank transactions are the usual victims of phishing attacks. Malware can discreetly infiltrate their devices. Login credentials or information can be stolen when shared in fake banking applications. Once they type in their details on a fake login page, information theft happens without their knowledge.
THE CYBERCRIME PREVENTION ACT OF 2012
To address these modern offenses, the Philippine Cybercrime Prevention Act of 2012 was passed to focus on the pre-emption, prevention and prosecution of cybercrimes such as offenses against the confidentiality, integrity and availability of computer data and systems, computer-related offenses and content-related offenses.
The law punishes cybercriminals. These are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intent of stealing sensitive company information or personal data, and generating profit.
Certainly, while the law has been in place for almost a decade, the challenge of tracing the identity of cybercriminals remains. They often hide by masking their Internet Protocol Address, routing traffic through various servers worldwide.
ESTABLISH TRUST STRATEGY IN RELIABLE WAYS
Given the difficulty of catching and prosecuting cybercriminals, we need a cybersecurity plan that people can trust. People should feel safe about the information they share online. They ought to know that their private data will not be accessible to unauthorized parties from the devices they use.
Some of the ways to design safe systems are cryptography, digital certificates and encryption. Another way is to use secure network connection. Even if using a VPN or firewall helps protect a private connection, the user must consistently check and update software, apps and devices to minimize the risks of cyber attacks.
In addition, customers who frequently change passwords can minimize their risks. With proper and sufficient identity checks, they are also able to prove that they are the legitimate owners of their accounts.
On the other hand, cyber attackers leave some traces most of the time. The hints include the IP address, e-mail address, domain names and bits of text from the attacker.
Clearly, when you find out how hackers attack your system, you can avoid more attacks by putting new security controls in place.
Another way to accomplishing a reliable trust strategy is to have the right approach to protecting data. Here are some foolproof ways to achieve this:
• Back up your customers’ important personal information in systems that are not connected to the internet. Make sure that they are coded. If you lose their information and they lose their trust in you, they will move their business elsewhere.
• Assess the strength of your system and review your setup. Put programs in place that can detect weaknesses in your network early and respond to threats.
• After you’ve set up everything, test your system protection methods on both existing and new customers. This allows you to check if your setup is effective and if it meets your organization’s objectives.
• Talk to top management and get their feedback on your setup. That way, you can find out if your cybersecurity strategy can be trusted.
• Finally, review your cybersecurity strategy periodically to make sure that it remains effective.
Without trust in government and private online transaction systems, cybercriminals will continue to deceive customers. It is time to build a strategy where trust comes first.
The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd. The content is for general information purposes only, and should not be used as a substitute for specific advice.
Raquel Marasigan is a manager of the Cyber and Forensics practice of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd., a Philippine member firm of the PwC network.