The hackability of your cyber security password: Great minds think alike, fools seldom differ
30 Sep 2019
Today, when browsing any website and filling in any online order or purchase, you are requested to enter some personal information, usually your name, email address and contact details. We seldom think much of it beyond having made up a password which we believe to offer the same level of security as Fort Knox. We marvel at our wit and intelligence in having invented an exceptional password consisting of our own or our child’s or pet’s birthday, and some inimitable lettering combination which only we would ever be able to understand. However, the truth of the matter is that most passwords are short, basic and super easy to crack.
People are predictable. We think along the same lines about the same obvious words or numbers and combine them in the same simple ways to create, what we trust to be an unguessable password (Hickey, 2015). However, as the saying goes: “Great minds think alike, but fools seldom differ.”
We seldom, if ever, give our password a second thought, forgetting the intrinsic value that it serves to protect, and often use the same password across various devices, websites, portals and logins. Recent research shows that the most used passwords are unsophisticated, straightforward combinations of numbers and letters such as “123456789” or “QWERTY”. Others include the very predictable “password”; “123”; “1q2w3e4r5t”; “00000” or “iloveyou”; and popular fictional characters such as Superman, Naruto, Tigger, Pokemon and Batman, acting as the cybersecurity heroes of the digital realm. Common names such Daniel, Ashely, Jessica and Charlie, and well-known football teams, are also quite typical. (O’Flaherty, 2019)
Today, our personal or company data is the currency of the Fourth Industrial Revolution, used as a medium of exchange for obtaining access to a certain site, for downloading a flyer or brochure, or to obtain recommendations, insights or opinions. (Ng, 2018) Our personal data has an economic value which can be stored, bought, exchanged and traded – an intrinsic value, making all things possible. (Eggers, Hamill, & Ali, 2013) This intrinsic value fosters a risk, a danger – a plausible threat of theft and unauthorised access, and the prohibited use of our data; the hacking of our personal information, tastes, preferences and history, with or without our knowledge – the true owners and creators of the valued data.
Although we believe that we are aware of the potential risk of cyber hacking, and that with our very unique passwords we have put sufficient cybersecurity measures in place, many of us are blind to the reality of cybersecurity breaches within South Africa. South Africa has on average over 13000 attempted cyber security attacks per day. This means that there are just under 577 attempted attacks every 60 minutes. (Smith, 2019) Mobile malware has increased by 17%, (Smith, 2019) with a 50% increase in cyberattacks on smartphones, with the android phone being ranked the second most targeted in South Africa in respect of banking malware. (Palmer, 2019)
South African companies that have fallen prey to cyberattacks and hacking in the last couple of years include: Liberty Life and ViewFines in 2018; the South African Deeds Office, Ster-Kinekor, Old Mutual, KFC, Buffalo City Municipality, and Eastern Cape Educational Department during 2017; University of Limpopo, SABC, Armscor, and Standard Bank during 2016; and many more. (Grove, 2018) (Niselow, 2018).
These are only the high-profile cybersecurity breaches that were reported in the media. There are numerous, less evident, more frequent, cybersecurity breaches and hacking occurring on a daily basis. These are normally only discovered when it’s already too late – sensitive data has already been compromised and millions of Rands lost. These attacks are not always reported on or made public given the fear of public outrage and the lackluster approach of regulators.
To illustrate the importance of Cybersecurity and the ease with which a system can be compromised, Futures Law Faculty, together with IEIT Holdings, Cyberlogic, Cog3nt and Nuventiv, have invited a Cybersecurity Expert, Prof Cobus Jooste, and 16 year old international ethical hacker, Marcus Weinberger, to discuss cybersecurity and demonstrate how you can ensure the cybersafety and security of your and your company’s personal data on 24 October 2019, 5PM at Inner City Ideas Cartel.
For more information see – www.futureslawfaculty.co.za or to buy tickets – https://www.quicket.co.za/events/77143-hacking-cybersecurity/#/