It’s time to revisit that old favourite, cybercrime. Well, not exactly a ‘favourite’ to ‘like’, but one that nobody can relax about.
If you want to see how serious, how devastating and how vital it is, look at a mini-movie created by Deloitte. ‘In less than 300 seconds experience the speed and intensity of a cyber attack.’
We’re taking just one publication, Business Technology, the April 2013 issue of which was devoted to cybercrime. We’re pinpointing 15 items from it, to demonstrate the scale of the war that is being waged. The battleground is worth £27bn so far. That’s what cybercrime has cost the UK.
Dave Baxter told of how the war is brewing, with ‘technology the weapon of choice.’ He said that between 2011 and 2015, the UK will have poured out £650 ‘to promote and protect cyber security.’
Laws are being laid down, such as the recent one restricting the US government’s purchase of Chinese IT imports, designed to curb cyber-espionage. At the same time, he thought that ‘cybercrime has become almost glamorous.’ Hackers targeting major organisations are portrayed in some media as celebrities.
New attacks are increasing, and it is the multiplication of data breaches which is harder to quantify and what they actually cost. Hard data, intellectual property rights, trading figures are all meat and drink to cybercriminals looking to bleed commerce dry.
Bring Your Own Is Not Helping
Increasingly companies develop Bring Your Own Device (BYOD) protocols, for staff at work. A YouGov survey has found that 47% of all UK adults now use a personal laptop, smartphone or tablet for their work, yet fewer than a third receive security advice/training.
Using your own devices saves time and money, with fewer problem accessing secure networks remotely. You can see the appeal for workers and bosses. Companies often refund phone costs up to a cap. BYOD enables you to keep working productively on the move and at home, of course. But the risks are thereby magnified. If you are hacked, or lose your device, the company is hit too.
The merging of work and private lives is set to go on unabated. So how can it be handled safely?
Education, Education, Education
Most security experts argue that businesses need to ‘bulk up their defensive layers’. One likened it to a 14th or 15th century castle mentality with an outer moat, outer wall, inner walls. But alerting staff to the dangers and how to handle risk is becoming part of the battle now.
Staff need to realise the consequences of losing devices, of answering phishing emails, of not updating security regularly. This, by the same token, needs to apply to domestic use of the net, too.
Others believe that collaboration is as important as education. Terry Greer-King, managing director of CheckPoint, likened the growth of sophisticated botnets and malware outbreaks that target companies stealthily to the flu pandemic of 2009.
He said that then global collaboration contained the epidemic, so now similar tactics are needed in cyber attack. Businesses should collaborate to share data on new threats as they emerge.
Greer-King said: ‘This may involve closing a firewall port, updating intrusion prevention systems or applying a software patch – but it enables organisations to pre-emptively protect themselves, benefitting the wider business community.’
Denial of Service
The paper reported on the biggest DDoS attack in history’, so far. This was the anti-spam group Spamhaus being hit in March 2013 by a wave of cyber attacks after trying to block internet traffic from CyberBunker, which offers ‘everything except child porn and terrorism.’
This particular case was described by CloudFlare, brought in to deal with the Spamhaus attack as ‘the DDoS that almost broke the internet.’
Various people, lots of organisations and security services are poring over the details of what happened, but the potential for the method to be replicated or to go hybrid with a huge variety of attack variations is concerning most experts right now.
Phishing has moved on. Now they target individuals more carefully. There are reports of trying to find staff in companies with extensive security privileges. Facebook users are warned about fake websites they are directed to by ‘claiming to be part of the social network’s security checks.’
Once on it, users are asked for personal details including bank information. The danger of revealing that ought to be obvious, but scammers and fraudsters have always played on people’s unquestioning belief that what they see must be right.
A credit card containing malware can be inserted into a chip and pin device at a shop checkout. All subsequent data is harvested, and all it needs is another doctored card to be inserted after a while to retrieve the already stolen pin numbers and card details.
Simple. Combatting it is rarely as easy. But we have no choice but to try. We didn’t ask for this war, but we have to win it.
Other scam and related stories:
Cyber Attack in the UK Set to Be the Biggest Growth Industry, 21 January 2013
Another Week, Another Systems Malfunction, 3 July 2012
Scams Are Out to Get You, Online and Off, 21 May 2012
Intellectual Property Rights Are Web’s Grey Area, 21 March 2012
Pirates of the Internet: Neither Jolly Nor Romantic, 3 January 2012
Just How Valuable Is Your Web Data? 14 December 2011
Cyber-Weapons Are the Real Warfare Game, 6 December 2011
11 Worst Computer Viruses, Worms and Trojans (So Far), 21 November 2011
Cyber-Crime High on People’s Fear Lists, 8 September 2011
Good at Codes? Want a Job? Try GCHQ! 5 December 2011
Image: US Navy