Susana Alwasity

Black Friday, celebrated this year on Friday, November 24th, is an American tradition that marks the beginning of the holiday shopping season. It offers consumers numerous discounts and promotions. Nowadays, many of these purchases are made online, and cybercriminals take advantage of the frenzy for exceptional deals to exploit this phenomenon for malicious purposes. Therefore, it is essential to take precautions to prevent fraud and ensure a secure shopping experience. Here are some recommendations and guidelines for security practices. Be wary of overly good deals Online shopping and internet browsing require common sense. Cybercriminals will lure users with incredible Black Friday offers, gifts and additional discounts. This is to get them to make purchases or enter their data. If you come across a promotion that seems too good to be true, there's likely a chance it's potential fraud. Stay informed about common fraud tactics It's essential to keep informed about the most commonly used tactics by cybercriminals, such as malicious emails or phishing, vishing, fake websites, fraudulent ads, social engineering, or identity theft. Information is readily available to everyone, and it's crucial to be aware and stay updated as a protective measure. Be careful with the emails and websites you visit To avoid falling victim to phishing or having cybercriminals steal your data, it's essential to always verify the authenticity of emails by checking both the sender's address and legitimacy. Additionally, verify websites before clicking on links. During these days, be especially cautious about typosquatting, where malicious websites may appear legitimate. It's recommended to enter the URL directly or use the official mobile app of the platform or retailer. Ensure you are on a secure website When shopping online, it's vital to check if the website has an SSL/TLS certificate. Look for a padlock icon in the address bar and ensure that the site's URL begins with "https://". This indicates a secure connection and that the website has the right to use the domain name. This certificate protects data during transactions and encrypts information, including credit card numbers. However, it's worth noting that many phishing pages also have security certificates, so always verify and browse trusted websites. Use e-cash or prepaid cards In the event of falling victim to fraud or making a purchase on a malicious website, it's essential to use cards not linked to your entire bank account. This way, in case of fraud, the only money at risk will be the amount allocated for that specific online purchase. This reduces the damage and limits the loss. Monitor and review your bank accounts Regularly checking your bank account statements and card transactions used for online shopping is critical. This helps identify suspicious activity or unauthorized transactions. If you detect anything unusual, report it immediately to your financial institution and consider blocking the card. Use strong and distinct passwords, and enable two-factor authentication It's always essential to use strong and unique passwords for different online accounts. Combine letters, numbers, and symbols to enhance security. Additionally, whenever possible, enable two-factor authentication (2FA) to add an extra layer of protection. This makes it harder for cybercriminals to access your accounts if they compromise your login credentials. Avoid shopping on public or open WiFi networks When connecting to open WiFi networks, information is often not encrypted, making these networks susceptible to exploitation by cybercriminals who can intercept the data you enter. Whenever possible, avoid making purchases, logging in, or accessing sensitive information like email or banking while connected to public or open WiFi networks. If in doubt, use your mobile data connection. Keep your devices updated and protected To prevent your devices from being vulnerable to vulnerabilities that cybercriminals can exploit, ensure that your devices have the latest security updates. Additionally, have antivirus software installed to protect your devices and maintain recent data backups. Check seller and store reviews When chasing a deal, you may end up on less-known platforms or with unfamiliar sellers. In such cases, it's essential to look for reviews and ratings from other customers on various sources like Google, Trustpilot, or social media. This helps gauge the seller's credibility and trustworthiness. However, be aware that fake reviews also exist, so exercise caution and (again) use common sense. ✅ Adopting these proactive measures significantly reduces the risk of falling victim to fraud during Black Friday and any other online transaction. ✅ It's essential to stay vigilant, shop securely, and hunt for deals without compromising your personal data and bank accounts. Cyber Security Technology and social psychology applied to internet consumption: The Black Friday case November 25, 2021 Image from Freepik.

There are probably few internet users who have not heard of ChatGPT, or the new Artificial Intelligence (AI) tools. The interest in AI is attracting more and more users, as it has revolutionised many aspects of society and technology. It provides multiple benefits, even though with every step forward, new challenges in terms of security arise. One of the emerging dangers lurking in AI systems is what is known as 'prompt injection', a technique used by malicious actors to manipulate the input or instructions provided to an artificial intelligence system. In this regard, the UK's National Cyber Security Centre (NCSC) has warned about the growing danger of prompt injection attacks targeting applications built with AI. While the warning is aimed at cyber security professionals who build large language models (LLMs) and other AI tools, it is crucial to be aware of this type of attack if you are a user of any of these tools. What is a prompt? First of all, let's familiarise ourselves with the term "prompt" and its importance within the field of artificial intelligence. A prompt is a request or instruction given to the AI model to generate a response. It is commonly used in computer science and programming to refer to that request we make to a program or system, with the objective of obtaining a response or an action. A prompt can be a sentence, a question or even a whole paragraph. Let's imagine that we are going on a trip to Paris, and we would like to organise an itinerary, but we don't know where to start. Depending on the days we are there, we can ask Open AI's ChatGPT, Google's Bard, Microsoft Bing Chat, or the tool of our choice, using a prompt that is as precise as possible. 👩 Write a detailed 3-day travel itinerary to Paris. 🤖 Day 1: Discovering Paris Icons Morning: Eiffel Tower Start your day early by visiting the Eiffel Tower. Avoid the crowds by arriving before opening hours. Enjoy panoramic views from the top. Afternoon: Louvre Museum ... In the example above, we can see how, by requesting this phrase (a prompt), ChatGPT returns a proposed 3-day route to visit Paris, as we have guided the AI in its text generation process. The prompts guide the AI software or chatbots to generate these responses, which is why the term "Prompt Engineering" is becoming popular, to more accurately use the large language models (LLM). Prompt injection alert As anticipated, the UK's cyber security agency (NCSC) warned about this potential attack, stating that malicious actors can abuse large language models by injecting malicious or biased instructions into the request process, forcing AI to perform arbitrary actions. This could compromise data integrity, erase data, or allow illegal financial transactions to be executed. A chatbot or other artificial intelligence tool can be tricked into answering yes to any query through this attack, allowing the developer's original guidelines to be overridden. Through this, if an AI is asked how to commit a certain attack or crime, instead of answering that it cannot, it would allow it to end up providing detailed instructions in response to the request. A chatbot or other artificial intelligence tool can be tricked by this attack into answering to any query. On the other hand, the NCSC warns that these LLM-powered chatbots, if incorporated into a company's processes, could expose vulnerabilities and put organisations that employ them for sales and customer service purposes at risk. A cybercriminal could, for example, design a query that tricks a banking chatbot into performing an illegal transaction. Therefore, the prompt injection attacks that the NCSC warns about constitute a risk to be taken into account in terms of Cybersecurity due to their capability to manipulate certain aspects of the operation and responses of Artificial Intelligence language models. Cyber Security IA & Data Cyber Security Evolution: AI as a Tool for Attack and Defence June 28, 2023 Cyber Security AI of Things Things you shouldn't share with ChatGPT July 4, 2023 Image from Wirestock on Freepik.

In today's society, technology has transformed the way we live, work and interact. A greater risk of cyber threats has arisen with the increased use of internet-connected devices and networks. As a result, cyber security has become a concern across all sectors, especially for critical infrastructures, ranging from financial, energy, healthcare or government institutions. As the frequency of serious cyber-attacks against companies, governments, utilities and hospitals increases, as we have seen in recent months (even bringing operations to a halt and affecting business continuity), it is clear that organisations must have two effective action plans and strategies in place: First, one to deal with common and known cyber threats, such as phishing, malware, data theft or denial-of-service (DDoS) attacks, after, for example, Microsoft broke the record of stopping the largest DDoS attack in 2022. And second, prepare for other disasters or "black swan" events that can occur suddenly, dealing with serious cyber-attacks that can cripple not only their operations, but even spread to other industries. What is a "black swan" in Cyber Security? A "black swan" is an unpredictable and highly striking event or occurrence that can have significant and far-reaching consequences. It is used as a metaphor to describe events that cannot be predicted but may have consequences that can affect a wide range of people, industries, or countries The term has gained popularity since the publication in 2007 of the book The Black Swan: The Impact of the Highly Improbable, written by Nassim Taleb, a Lebanese mathematician and researcher. He argues that highly improbable and high-impact events, such as the 2008 financial crisis, are more common than is commonly thought and are often underestimated and misunderstood by most people. Examples of black swan events include the Spanish flu, the terrorist attack of 11 September 2001 in the United States, or even the recent COVID-19 pandemic worldwide from 2020. It is relevant to mention that the coronavirus pandemic, although it has had a major impact, is generally considered a foreseeable event. Cyber Security Where is your company on the cybersecurity journey? April 20, 2022 At the digital level, some examples considered as black swans are the following attacks: SolarWinds in 2020, where cybercriminals compromised the company's software and were able to access the systems of several US government agencies as well as private sector companies. The Log4Shell exploit in 2021, which affected millions of devices and servers and allowed attackers to take remote control. Massive data breaches, such as the one that affected Facebook in 2021, where the personal data of more than 533 million users was exposed. The attack by a ransomware group on the Colonial Pipeline in 2021, which brought oil supplies to a standstill and exposed the vulnerability of critical infrastructure, and led to the declaration of a state of emergency in the US. These events were not an isolated occurrence, as they highlighted how cyber-attacks can have a major impact on society and the economy, so it is important to be prepared to deal with and mitigate the effects of Cyber Security black swan events. Cyber-attacks can be sudden or spread slowly like a developing pandemic. It is worth noting that cyber-attacks can be sudden, like a natural disaster, or spread slowly like a developing pandemic, so businesses must be prepared to prevent and detect extreme and emerging threats. Cyber Security What is the Fifth Domain and what is its strategic importance? October 26, 2022 How to prevent a "black swan" event in Cyber Security In the digital realm, Cybersecurity attacks are evolving exponentially and highlighting the lack of preparedness on the part of organisations, where risks are unclear and there is no certainty that they have all been assessed. In the event of a cyber-attack, organisations must be prepared to meet the evolving challenges of cyberspace and take proactive measures to protect their critical assets. To mitigate these events, entities must adopt a proactive mindset and consider all possible scenarios in their Cyber Security action plans. In today's ever-changing world, it is not enough to analyse what is already known, but also to investigate risks in the digital realm. This means that companies need to spend time examining what types of cyber crises they might face, no matter how unlikely. Conclusion In conclusion, organisations need to be proactive: be prepared for any eventuality; continuously monitor their systems and networks for unusual activity; have a clearly defined incident response plan and test it regularly to ensure it is up-to-date and effective; invest in cyber intelligence and prevention, as well as train and raise awareness among employees in identifying and preventing cyber threats; analyse risks; have tools and technologies that enable them to quickly detect and respond to any security threats; and collaborate with other entities. Collaboration can help identify threats faster and take action to prevent them. By following these recommendations, organisations can be better prepared to deal with cybersecurity "black swan" events and minimise their impact, so that their business or service continuity is not compromised. CYBER SECURITY Artificial Intelligence, ChatGPT, and Cyber Security February 15, 2023 Featured photo: Holger Detje / Pixabay