The average Internet user goes into panic mode because of a privacy breach or data loss once their social media accounts have been targeted. The panic goes a notch higher when they can no longer access their personal accounts, Twitter or WhatsApp for instance, because they have been hijacked.
This reaction is mirrored, albeit to a greater degree, by companies whenever their websites are hacked.
Earlier in the year, Google released a security alert that billions of website passwords, log-in details, and usernames had been compromised. But the tech giant was able to manage the situation by requesting users to change their details to reduce their risk.
It will not be strange to find some unbothered users who probably aren’t aware of the implication of hackers taking an interest in their details.
A recent article revealed that the student data of some Nigerian universities had been compromised, but respondents weren’t bothered about what their data could be used for.
Ironically, there are thousands of breaches daily, most of which go unnoticed by the targets.
Annual global statistics clearly show that the volume of compromised data is on the rise, no thanks to the ingenuity of hackers who consistently devise ways to breach websites, accounts, and corporate infrastructure systems.
In fact, a report affirms that cybercrime will cost the world $6 trillion by 2021.
But then, the pressure of protecting data from cyberattackers is mostly on companies as they have to install security measures while convincing their users that their information is safe. However, this is supposed to be everyone’s worry.
A hacker’s motivation
It is important to know that many things motivate hackers to act; sometimes, they are driven by something as trivial as leisure.
A professional hacker reveals that 98% of hack cases are bad news. What this means is that the hacker’s plans for the data are not well-intentioned.
Touseef Gul, a Pakistani Penetration Tester, is one of the 2% that hack for the fun of it. He discovers a way to bypass a company’s security measures and then reports to the owners.
Though done not for any gain, hackers like Gul are sometimes appreciated.
“It’s a very simple logic. Everyone needs money to survive. The one who reports also thinks maybe the owner will be happy to know about it as he saved his/her reputation and other losses, so he may get rewards,” Gul says.
Then, there are others who do so to steal another person’s identity for monetary gains or gain free access to a paid system.
Why should you be bothered?
For instance, in the case of the university students whose data got leaked, the information Gul was able to access contained email addresses, passwords, official names, and phone numbers.
And all this data is a goldmine for a hacker with ulterior motives.
Say one of the affected students used the same password across other accounts, it means they have been inadvertently exposed to infiltration and thus, risk losing other personal information.
For Ridwan Oloyede, a privacy and data protection lawyer, identity theft can have both legal and personal consequences on an individual.
If someone takes on your identity to defraud another without your knowledge, you become liable unless a proper investigation is carried out. But even when pardoned, what becomes of your reputation?
Financial data theft
Depending on how accurate the information is, your credit/debit card can be hacked using your email address and password, giving way to unauthorised transactions.
“For example, you purchased a VPN service or any educational course on Lynda, Udemy, as they have your email and other email associated with you, they can hack those accounts too,” Gul explains.
According to Oloyede, likely fraud from cases like this would soon be criminalised in Nigeria. And if properly enforced, one can get justice.
“The Electronic Transaction Bill currently before the Senate, when passed into law, will strengthen the existing body of law,” he says.
But it seems eventually, the cost of recovery will probably surpass that of protecting the data.
Blackmail and social engineering
For persons with more valuable information, hackers can extract and encrypt — thereby making it inaccessible to the owner — and request for payment before it can be restored to the owner.
Also, upon threatening to share such data with persons of interest, the owner can be blackmailed into making a payment. Gul mentioned how these hackers will do everything to get money if that’s what they are out for.
Conversely, for someone with sufficient details about you, hackers can use them to manipulate and defraud you.
If there seems to be no particular assurance about what happens to our data, it is important to be aware of the risks of being online, including our rights, while also taking necessary precautions.
“Even if it’s not perfect, we have a law in place that criminalises a good number of online crimes. The challenge is the effective enforcement of the law from evidence gathering, to investigation, and securing a conviction,” Oloyede adds.
Subscribe to the Techpoint Africa weekly newsletter here.
Techpoint Build 2020 is holding virtually in August. Register free now to attend.
Nigerian startups raised $55.4m in Q1 2020; over 99% of which came from foreign sources. Find out more when you download the full report.