Everybody is a target and vulnerable in the digital world, the hackers will always find something interesting and worthy of the attack. Raising awareness of these issues should be one of the priorities in the media sector since the consequences could easily become a nightmare.
Author: Filip Mirilović / Photo: Vanja Čerimagić
The first day of the Conference “Solutions and Innovations in Media” ended up with a master class dedicated to security. Digital security advisor and consultant from North Macedonia, Robert Todoroski, spoke about the importance of journalists’ protection in the digital sphere, as well as some basic technical solutions for improving it.
Todoroski, who has been helping the media sector protect its digital systems for the last couple of years, explained that he alone suffered from a cyber attack once and lost data that belonged to somebody else. “That’s why I have started practicing how to protect it”, he stated.
He said that his talks about cyber security in a scary, harsh way often provokes criticism among his colleagues, but on the other hand explains that he continues doing it in order to raise awareness and show that “everybody is vulnerable” in the digital world.
Although digitalization is all around us, it seems that various cyber-sphere threats and attacks still remain under the radar. That’s why the lecturer informed participants of the master class about different cyber attackers. As he explained, the most dangerous are state-sponsored hackers, who have unlimited resources at their disposal. The second place is reserved for cybercriminals who often ask for some kind of ransom. “They are not attacking immediately after invading your computer”, Todorsoki said and added that they are looking for the most precious data.
There are also recreational cyber attackers who are aiming to achieve some fame, those who are still learning to do it, known as “script kiddies”, and finally, “hacktivists” who are promoting some political agenda using hacking.
Todoroski highlighted that people should ask themselves two critical things when it comes to malicious occurrences on the internet – firstly, what makes them a target, and what would cyber attackers gain if they attack them. “I believe we all have something which makes us a target”, noted the lecturer.
The most popular and the most successful threat attackers use is social engineering, while the so-called phishing is the most common technique. As the lecturer said, “it became so sophisticated and almost undetectable”. These concerns are briefly described in an experiment done by a well-known IT company F-secure which sent phishing emails to its employees to test them. The results were horrifying, almost one-quarter of them got caught. More than 10% of them were actually IT experts.
When it comes to solutions for improving the protection of journalists, Robert Todoroski explained that they should update the software regularly and require new passwords, encrypted devices, and multi-factor authentications. Also, the real importance lies in encrypting the files and making backup folders since there is always a possibility for the device to be infected with ransomware – malicious software that encrypts the files and asks for money to give you back your content. As he stated, one company from Macedonia paid at least 30 thousand euros to ransomware. It is nearly impossible to track it down, so people can pay and hope to receive it back or avoid paying and never see the data again.
Todoroski specifically pointed out one of the most common mistakes – using free wifi networks and open hot spots. In order to protect the device, “you should avoid it”, he said.
Journalists and activists should be at least prepared in case something happens. There is a way of preparing yourselves using the “threat modeling”, which the lecturer explained as a “global way of thinking through your IT security needs and building a plan that could reduce the attack surface in a specific (moving) context”.
The class concluded with two crucial tips which should always be kept in mind – there is no 100% secured system, and you can not defeat the motivated hacker who is desperately trying to compromise your device.