Together with Artificial Intelligence, Machine Learning, Edge Computing, 5G, Virtual Reality and Augmented Reality, the Internet of Behaviour is one of the top tech trends of 2021.
Africa has more than 500 million Internet users, placing the region ahead of other regions such as North America, South America, and the Middle East. The leading countries are Kenya with 83% of its population being online, Nigeria with 60% and South Africa with 56%.
This is a fertile ground for various cybercrime attacks so no wonder that cybercriminals are increasingly targeting South Africa. The country now has the third-highest number of cybercrime victims in the world incurring losses of about R2.2-billion annually. From January 2020 to February 2021, South Africa had 230 million threat detections in total, recorded by Trend Micro.
The most prevalent and pressing cyber threat is online scams. Digital extortion, business email compromise and ransomware are also topping the list of cyberattacks in Africa and South Africa.
All of these cyberattacks are linked by a common thread: the human factor. Often unaware and untrained employees fall victim to these cyberattacks.
For example, cybercriminals usually target high-level executives working in finance or involved with wire transfer payments. They compromise the email accounts of such employees using methods such as phishing attacks, or simply spoofing their emails to appear as though it is sent from a legitimate email account. Fraudulent emails are then sent from these email accounts with an established level of trust to other employees or related individuals, asking them to transfer funds or data to a specific bank account.
But how do cybercriminals know who to target?
We are frequently leaving a wealth of our private data on various social networks or similar platforms. Our private data are mined and used by cybercriminals to still our identities or credit cards, which usually end up on the Dark web illegal market.
Cybercriminals simple use these “data commodities” for their nefarious purposes. But before attacking, they do their reconnaissance homework by analysing the target’s behaviour. One of the useful “tools” in that regard is called the “Internet of Behaviour” (IoB).
What is the Internet of Behaviour?
Ever heard about the Internet of Behaviour? But you have surely have heard or already know something about the Internet of Things (IoT). These two concepts and practices are tightly linked. In fact, the IoB can be considered as an extension of IoT.
The number of “smart” devices that we use every day is steadily increasing. Internet doorbells, surveillance cameras, smart speaker devices, security systems and fitness trackers are a few examples of IoT devices that are now considered mainstream and used regularly in our everyday lives.
The IoT devices generate lots of data. The development of data analytics in conjunction with data collected via IoT shows that there is now more opportunity than ever before to understand why and how people make certain decisions. In this process, the Internet of Behaviour comes quite handy.
Professor Göte Nyman of the University of Helsinki has credited the concept of the Internet of Behaviour. This concept focuses on human activity through a behavioural psychology lens. The use of big data (such are those generated through IoT) to understand how humans will behave in certain situations is extremely useful to enterprises and governments across the globe.
IoB can be also considered as a mixture of three disciplines: technology, data analytics, and the psychology branch that study human behaviour. Emotions, choices, augmentations, and companionship are the four areas of behavioural science that examine the utilisation of technology.
Gartner links IoB to a concept of “hyperpersonalization” which will be enabled by the continued harvesting of data to detect consumer emotions and the use of this knowledge to ultimately increase sales. Gartner predicts that by 2023, individual activities will be tracked digitally by IoB to influence benefit and service eligibility for 40% of people worldwide.
The concept of IoB can be thought of in two high-level stages. The first stage is the continued use of big data from multiple sources (including, but not limited to IoT) to measure and understand individuals’ collective behaviour in certain situations. The second phase includes honing the obtained insight from the first phase. The purpose of this phase is to drive people’s behaviour in certain situations.
For example, IoB may be pretty beneficial in the insurance industry. Driver tracking tools are already used by insurance to track and secure a driver’s conduct. With the help of IoB, they may evaluate the behaviour and perhaps determine if a certain occurrence was an accident or a misjudged assumption on the part of the insured.
IoB is frequently used by commercial organisations but also by governments. The most obvious example is China’s multiple “Social Credit” systems which have been well reported. Moreover, some analysts believe that this is where we are all heading.
However, more importantly in the context of this article, the Internet of Behaviour is also used by cybercriminals, hence provoking both privacy and security concerns.
Privacy and security concerns of IoB
Issues regarding privacy, ethics and trust frequently emerge in any discussion about data harvesting and insight generation. One of the most exemplary cases is the data used nefariously to manipulate attitudes and beliefs on a large scale by companies like Cambridge Analytica.
Why should we then trust those organisations and governments using IoB? Large-scale cyberattacks and data breaches are common occurrences nowadays. Hence, there is a risk of our personal and behavioural data getting into the wrong hands. Will our crucial data, such as credit cards details, emerge on the Dark Web? These are questions that still have to be answered.
There is, though, technology that can be used for analysing encrypted data. There is, actually, a computational process known as homomorphic encryption, which provides for performing calculations on encrypted data without first decrypting it. In other words, this technology enables organisations to relatively securely outsource data to third parties while leaving it in an encrypted state.
However, this homomorphic encryption is still a slow process, hence still not practically useful for many applications having huge datasets. Will organisations opt for this method or will they sell our unencrypted data? We do not know it as issues surrounding privacy, ethics and trust often occur when data harvesting and insight generation are in question.
Google, Facebook and Amazon, for example, continue to attain software that potentially brings the user from a single app to the company’s entire online ecosystem – and without users’ permission. This presents significant legal and security risks to privacy rights.
From the cybersecurity side, behavioural data can allow cybercriminals to access sensitive data that reveals customer patterns, collect and sell property access codes, delivery routes and even banking codes. These cybercriminals could take phishing to another level by generating more advanced scams, tailored to the habits of individual users, and thus maximising the likelihood that users will be scammed.
The leaked information makes the user more vulnerable to cybercriminals activity such as ransomware, fraud and money laundering, identity theft and many more. Hence, it is important for organisations using IoB to have a secure platform, storage and execution of data that use tools such as Confidential Computing, End-to-end encryption or the Software-defined perimeter tools to control access to resources based on identity.
As a general approach, any organisation that uses an IoB strategic approach should ensure that they have a full-bodied cybersecurity strategy to secure all sensitive data. Since IoB is still in its early days, a strong data security posture, followed by best practices in data governance, the introduction of cybersecurity training and awareness programs would help businesses go ahead.