I am astonished at how some companies in South Africa operate. A few days ago, a friend asked me to log into their computer system to see what's wrong with it. Well, they have a bad month laying ahead.
The particular family business is - here in 2023 - still using Windows 7. That operating system is way outdated and Microsoft is not supporting it anymore, for three years now, I think. It is very vulnerable to hackers at this stage, and shouldn't be connected to the internet at all. And... you guessed it... they got hacked.
Hackers run port scans across the internet every second of the day, specifically to first try and find systems with outdated software. And if you come across a Windows 7 computer connected to the internet, it's a given it's outdated, and most likely many of the software running on it too. Then a vulnerability scan follows to determine how it can be exploited, with the actual exploit thereafter executed in seconds. It can be done almost on auto-pilot while the hacker sleeps.
The client in question runs 15 computers on Windows 7, and allows his staff to connect their personal phones to the WiFi as well. The staff do emails and internet surfing all day long.
I checked the log files, and several entries are deleted. That's usually a tell-tale sign that a hacker got in, and to mask what he did he deleted those entries. Found malware on the system as I expected, and indications that the hacker(s) tried planting a ransomware tool after establish a RAT (remote access tool, a backdoor.) Any password-protection and virus scans are now useless on that system.
Basically, all customer data on the whole computer system is now compromised, some of it definitely got dumped onto servers controlled by the hackers.
South Africa's POPI act makes it compulsory for companies to use up to date software as part of a comprehensive policy that must be in place to safeguard customers' personal data. Using an outdated distro like Windows 7 is in clear violation of that. Similar laws are in place in most countries.
I disconnected their whole system, and told the owner he better get a whole computer shop's staff at his premises to fix the issues there tomorrow. Going to take such a team several days to sort out the mess, even longer.
It's not even an isolated case, the ignorance of 9 out of ten South Africans regarding cyber security is alarming. No wonder the USA, Russia, and South Africa are the three most hacked countries in the world.
A study shows that 4 out of 10 staff members at companies already entered confidential data into ChatGPT to find shortcuts to problems, without understanding that OpenAI uses that data for its software to learn from. It means anyone in the world asking ChatGPT something, may get an answer that includes that confidential data. 😁 What questions are your children typing in, what prompts to they provide to get a more accurate answer?
"Dear AI, my daddy uses Bank A but my mommy says Bank B offer better rates. Which one is the best when our family has three children and also Bank A financed our electronic gate that keeps on jamming. And why is Crypto Exchange So-and-So logging out my MetaMask wallet." Pure gold for any hacker and even for burglars having you in their sights.
It is imperative that all companies, even small businesses, even families, have a clear policy on what can be entered in search engines (remember, Google will be using their Bard AI soon, and Microsoft Bing its own advanced version), and to understand the risks of using the new generation of search engines.
