10 Nov 2020
What you need to know about cybersecurity now
Cybercrime has increased since Covid changed our lifestyles and led to increased digital activity. Here, Lyndon Subroyen – global head of digital and technology at Investec – discusses latest developments and tips for protection with an expert panel.
Organised crime activities like drug smuggling and human trafficking have been thwarted by Covid-19 border closures. To keep the money coming in, these syndicates have branched out into cybercrime.
This is according to Misha Glenny, an award-winning British journalist and an organised crime and cybersecurity specialist who shared his views during a recent webcast hosted by Lyndon Subroyen, global head of digital and technology at Investec.
In addition to organised crime going digital, there are now more opportunities to hack information, according to our panellists. When people are working from home their networks are generally more porous than those found in the office so the threat surface has increased. What makes home networks particularly vulnerable is that just one device with poor security can render all others ‘at risk’. Together, these forces mean that we’re now more likely to become a victim of cybercrime.
Watch the discussion:
How worried should you be?
Just hearing the word ‘cybersecurity’ puts many of us into a state of anxiety; we simply don’t know where to begin. And because most of us haven’t yet fallen foul to cybercrime, we easily convince ourselves that it’s a threat reserved for someone else.
The truth is that cybercrime is going to intensify in the years to come as our digital footprints enlarge, giving cybercriminals more avenues and more opportunity through which to attack.
That said, data sharing is not always high risk.
Where to focus your energy
When Subroyen asked his other panellist on the webcast, Dominic White – CEO and CTO of SensePost, an information security consultancy based in SA and the UK – about the growing perception that citizens shouldn’t share data through the likes of the Covid-19 tracing app, he had the following to say:
“In most cases of government tracing apps, there is no collection of your personal data, it doesn’t track your location, nor who you interact with. But there’s this massive misinformation campaign that now puts forward the idea that government has access to new private data that they didn’t have beforehand.”
White likens our paranoia around such topics to worrying about a spider in the room instead of making sure the windows and doors are closed. He stresses the importance of understanding that cybercriminals are usually after your money and responding to that threat by correctly managing your digital assets.
However, it’s a myth that you need to be technologically inclined to protect yourself from digital criminals. The fact is that nearly all victims are duped on social, rather than technical grounds.
Think before you speak – and act
Rather than breaking into your bank account and siphoning off your money without your knowledge, most cybercrime requires your involvement. The criminals achieve this through social engineering where they create circumstances that convince you to do something online to your own detriment.
Glenny touches on an increasingly popular and successful cybercrime of this nature. “One of the most lucrative attacks at the moment is called business email compromise. Here, you’re emailed a fictitious invoice, from a name you recognise, but that’s not actually them, asking for the transfer of funds to their account.”
Our vulnerability to these kind of scams stems from something known as social disinhibition. Basically, we’re far less sceptical of people in the digital world and how they’ll use our information, than we are in person – we assume, incorrectly, that what we see on our computer screens isn’t subject to human manipulation.
Do cybercriminals use targeted attacks?
There are two levels of social engineering that cybercriminals use to extract wealth from us. The first aims to exploit common human character flaws. Most cybercrime falls into this category.
Just by making sure you have strong passwords, that your anti-virus software is updated and scrutinising all online payment requests, you’ll drastically reduce the likelihood of becoming a victim of opportunistic cybercrime.
The second, more sophisticated and sinister approach is where digital perpetrators identify people or businesses that hold something of value, gather extensive data about that entity and then uses that information as an access key. If you hold anything of substantial value, then this is the type of attack you need to be conscious of.
As an example, they could leverage your social media profiles to unearth the people in your business network or family. Then they’d intricately profile those in your circle, looking for potential weaknesses they could exploit to gain access to whatever information you’re trying to protect.
These kinds of attacks are not straightforward to deal with. In the case of a business, putting the necessary protection in place to ward off targeted attacks requires the help of cybersecurity professionals who can fully integrate with your finance, communications, and risk management departments, as well as with your board.
Precautions you can take
Once you’ve been hacked, it’s messy, time consuming, and costly to clean up. Glenny and White make the following recommendations to help you reduce your chances of becoming a cybercrime victim:
- Identify your key digital assets and explore who might want access to them and why
- Think about the profile of your likely attacker to put the appropriate digital defences in place
- Stay aware of current and emerging cyber threats
- Educate employees on their role in upholding company-wide cybersecurity
- Formulate a plan to deal with breaches
- Be sceptical about the authenticity of digital communications
- Read our latest fraud protection advice here
- Identify your valuable digital assets and put protection in place
- Only divulge information or opinions online that you’d be happy to put on a billboard
- Use password managers and multi-factor authentication systems
- If your mobile phone is stolen, don’t panic, de-link any sensitive apps (e.g. banking apps) and watch out for subsequent phishing activity.
- Consider adding anti-identity theft software to your personal cybersecurity mix
- Change the privacy settings on your old social media posts to private and don’t put your date of birth on your profile, as criminals can use that to access your credit information
- Check that emails are from a credible source, make sure the language and tone is consistent with the sender and always check invoice details by contacting the provider on the telephone using an independently sourced number
- Read our latest fraud protection advice here
Action, not panic, required
With cybercrime on the rise, be prepared to take action.
When you are putting cybersecurity measures in place, keep in mind what a potential hacker might be after and focus on protecting those assets. The more valuable those items, the more sophisticated a potential attack might be and the greater your need for professional cybersecurity services.
Arguably the most powerful defence you can put in place is to simply approach the digital world with a little more scepticism. This applies to the information you put online, the communications you receive and what you read about the field of cybersecurity. Glenny uses a succinct analogy during the webcast to drive home this point:
“You wouldn’t stop a stranger on the street and start telling them your address, your phone number, or what you drink in the afternoon. We must remember that our data is being monitored for vulnerabilities all the time.”
For more information on how to spot and report fraud visit the Investec fraud homepage or view our latest content with insights, tips and advice.
As the global head of Digital and Technology at Investec, Lyndon is responsible for the organisation’s technology teams and strategy. He joined Investec in January 2001 as a software engineer and in 2009 he was appointed the CIO of Investec Wealth & Investment.
In January 2013, Lyndon became the Global Head of Investec Digital focusing on the group channels, fintech partnerships, emerging company investments and new digital businesses. In May 2019, Lyndon expanded his current role and now looks after both digital and technology globally. which sees him focus on the digitalisation strategy for the group.
Misha Glenny is an award-winning journalist who made a name for himself as the BBC’s Central Europe Correspondent covering the 1989 revolutions and the wars in the former Yugoslavia.
His book McMafia: Seriously Organised Crime and DarkMarket: How Hackers Became the New Mafia were shortlisted for several prizes. He shares insights on how new technology is reshaping traditional organised crime in the narcotics, smuggling and sex trades.
Dominic is the ethical hacking director and managing director for Orange Cyberdefense, an information security consultancy based in the UK and South Africa. A recognised speaker for security skills for both private companies and governments, he is actively involved in the research community.
Dominic has published works at various prestigious international security conferences.
From private banking to wealth management and investment services, you can receive tailored financial solutions, whether you are aiming to actively grow your wealth or seek optimal returns on your capital. We can help fuel your success by building a relationship with you for the long term.
Access a comprehensive range of solutions spanning capital, advice and treasury risk management. As an international corporate and investment banking business, we work with growth-orientated companies, institutions and private equity funds.
Whatever your clients’ goals and ambitions, our flexible range of intuitive, market-leading products and services help you deliver on their needs, enhance your reputation and reduce your admin burden, freeing up more time for you to focus on financial planning.
Disclaimer
Focus and its related content is for informational purposes only. The opinions featured on the site are not to be considered as the opinions of Investec and do not constitute financial or other advice. The information presented is subject to completion, revision, verification and amendment.