The Threat of Cybercrime
I recently read an article that stated “During the next five years, cybercrime might become the greatest threat to every person, place and thing in the world.” This got me thinking, is this a “Chicken Little” statement or a call to action for Cybersecurity professionals? I think we can all agree that anyone who is employed in IT needs to be involved with protecting and defending applications, data, devices, infrastructure and people.
As with other types of crime, we must be educating people about cybercrime. There are self-defense courses so people can protect themselves from attacks while out in public, so why aren’t we teaching the skills people need to protect themselves while on-line? People need to be taught virtual self-defense to protect themselves when they are on the Internet. Users need to be taught that there are bad places on the internet, places they have no business visiting. For instance, there is no reason for a novice user to be exploring the Dark Web. We teach people to watch for suspicious packages, they should also be taught how to identify a suspicious e-mail or web site. The biggest attack vector in my mind is people. People make mistakes, very few cyber-attacks happen without the attacker obtaining some information, such as a user name and password, from a user that responds to a phishing or SMiShing attack. SMiShing is a fairly new term, it is short for “SMS phishing.” It is an attack in which the user is tricked into downloading a Trojan horse, virus or malware onto their cellular phone or another mobile device. There are new threats that appear every day and we cannot expect people to watch out for dangers if they have no idea of the types of things they should be looking for. Educating users is the best protection we have from cybercriminals.
People must be taught that Internet connected devices are not to be taken out of the box, set up and forgotten about. Routers need firmware updates. Computers, tablets and cell phones need security updates. Internet-connected appliances and garage door openers need to be updated as well. We are bringing so many Internet of Things (IoT) devices into our homes that we need to be vigilant in making sure they do not open us to attack or help others with their attacks. Devices like smart TVs and other devices that take verbal commands from us make our lives easier, but realize that they are always listening, and recording everything we say and storing those voice files on a Cloud Server somewhere on the Internet. We have no control over this data. There are also internet-connected toys that we purchase for the children in our lives. This might be the worst idea ever! Children can have conversations with these toys and we will not always know what those conversations are. It is also possible to hack into these toys and turn them into a speaker phone, giving the hacker the ability to monitor or talk to your child.
Education is one of the best weapons we have to protect cyber systems. The days of users only knowing how to start and shutdown a computer, use e-mail and perhaps MS:Word and Excel are over. Cyber Security training must be put in place for everyone. We all need to be educated about the possible dangers of the internet-connected devices we are bringing into our homes and offices.
Playback: What do you think? Do you have a cybercrime strategy in place? Have you implemented a training program for your company? Share your thoughts and reach out to me if you would like to discuss further. At DNV GL, we have a global team of Cybersecurity experts and we have implemented cybersecurity processes, procedures and training programs for energy related companies all around the world. Fighting cybercrime is a dynamic endeavor. Building a solid strategy and developing a platform for your defense will go a long way in addressing a problem before it starts.