Staying cyber secure requires a healthy dose of scepticism
Misha Glenny, one of the UK’s leading organised crime and cybersecurity experts joins “ethical hacker” Dominic White for a discussion on how the pandemic has increased the number of cyber breaches and what you can do about it.
We'd like to know what you thought of this series
Organised crime activities like drug smuggling and human trafficking have been thwarted by Covid-19 border closures. To keep the money coming in, these syndicates have branched out into cybercrime.
This is according to Misha Glenny, award-winning British journalist, and an organised crime and cybersecurity specialist, during a recent In conversation webcast hosted by Lyndon Subroyen, Global head of Digital and Technology at Investec.
In addition to organised crime going digital, the opportunities to hack are also more numerous. People are working from home where their networks are generally more porous than those found in the office. The threat surface has increased.
What makes home networks particularly vulnerable is that just one device with poor security can render all others ‘at risk’. Together, these forces mean that you’re now more likely to become a victim of cybercrime.
Listen to podcast
Listen to the full podcast discussion between Lyndon Subroyen, Misha Glenny and Dominic White.
How worried should you be?
Just hearing the word ‘cybersecurity’ puts many of us into a state of apathetic paralysis; we simply don’t know where to begin. And because most of us haven’t yet fallen foul to cybercrime, we easily convince ourselves that it’s a threat reserved for someone else.
The truth is that cybercrime is going to intensify in the years to come as our digital footprints enlarge, giving cybercriminals more avenues and more opportunity through which to attack.
However, it’s a myth that you need to be technologically inclined to protect yourself from digital criminals. The fact of the matter is that nearly all victims are duped on social, rather than technical grounds.
Don’t trust everything you read
Rather than breaking into your bank account and siphoning off your money without your knowledge, most cybercrime requires your involvement. The criminals achieve this through social engineering where they create circumstances that convince you to do something online to your own detriment.
Glenny touches on an increasingly popular and successful cybercrime of this nature. “One of the most lucrative attacks at the moment is called business email compromise. Here, you’re emailed a fictitious invoice, from a name you recognise, but that’s not actually them, asking for the transfer of funds to their account.”
Our vulnerability to these kind of scams stems from something known as social disinhibition. Basically, we’re far less sceptical of people in the digital world, and how they’ll use our information, than we are in person – we assume, incorrectly, that what we see on our computer screens isn’t subject to human manipulation.
Where to focus your energy
The scepticism we need to foster in the digital sphere in order to protect ourselves from cybercrime extends beyond scrutinising emails we receive asking for payment.
When Subroyen asked his other panellist on the webcast, Dominic White – ethical hacking director & managing director for Orange Cyberdefense, an information security consultancy based in SA and the UK – about the growing perception that the South African government is now snooping on citizens through the likes of the Covid-19 tracing app, he had the following to say:
“It’s quite incredible how they’ve put the app together. There is no collection of your personal data, it doesn’t track your location, nor who you interact with. But there’s this massive misinformation campaign that now puts forward the idea that government has access to new private data that they didn’t have beforehand.”
Subroyen likens our paranoia around such topics to worrying about a spider in the room instead of making sure the windows and doors are closed.
White stresses the importance of understanding that cybercriminals are usually after your money, or something they can use to extract a ransom. And that you should spend your time thinking about how they might gain access to your digital assets, rather than indulging in conspiracies about the emergence of a ‘Big Brother’.
Do cybercriminals use targeted attacks?
There are two levels of social engineering that cybercriminals use to extract wealth from us. The first permutation is opportunistic in nature where they cast a wide net, aiming to exploit common human character flaws. Most cybercrime falls into this category.
Just by making sure you have strong passwords, that your anti-virus software is updated and scrutinising all online payment requests, you’ll drastically reduce the likelihood of becoming a victim of opportunistic cybercrime.
The second, more sophisticated and sinister approach is where digital perpetrators identify people or businesses that hold something of value, gather extensive data that pertains to that entity, and then craft a con that uses that information as an access key. If you hold anything of substantial value, then this is the type of attack you need to be conscious of.
As an example, they could leverage Google and your social media profiles to unearth the people in your business network and/or family. Then they’d intricately profile those in your circle, looking for potential weaknesses they could exploit to gain access to whatever it is you’re trying to protect.
These kinds of attacks are not straight-forward to deal with. In the case of a business, putting the necessary protection in place to ward off targeted attacks requires the help of cybersecurity professionals who can fully integrate with your finance, communications, and risk management departments, as well as with your board.
Precautions you can take
Once you’ve been hacked, it’s messy, time consuming, and costly to clean up. Glenny and White make the following recommendations to help you reduce your chances of becoming a cybercrime victim:
- Identify your key digital assets and explore who might want access to them and why
- Use the profile of your likely attacker to put the appropriate digital defences in place
- Keep abreast of current and emerging cyber threats
- Educate employees on their role in upholding company-wide cybersecurity
- Formulate a plan to deal with breaches
- Cultivate scepticism toward the authenticity of digital communications
- For more about protecting your data, identity and money, visit Know Fraud
- Identify your valuable digital assets and put the requisite protection in place
- Divulge only information or opinions online that you’d be happy to put on a billboard
- Use password managers and multi-factor authentication systems
- If your mobile phone is stolen, don’t panic, delink any sensitive apps (eg, banking apps) and watch out for subsequent phishing activity.
- Consider adding anti-identity theft software to your personal cybersecurity mix
- Change the privacy settings on your old social media posts to private and don’t put your birthdate on your profile, as criminals can use that to access credit bureau information on you
- Check that emails are from a credible source, make sure the language and tone is consistent with the sender, and always check invoice details telephonically
- For more on how to protecting your data, identity and money, visit Know Fraud
Action, not panic, required
The issue of cybersecurity doesn’t warrant our panic or paralysis. But with cybercrime on the rise, you are required to take action.
When you are putting cybersecurity measures in place, keep in mind what a potential hacker might be after and focus on protecting those assets. The more valuable those items, the more sophisticated a potential attack might be, and the greater your need for professional cybersecurity services.
Arguably the most powerful defence you can put in place is to simply approach the digital world with a little more scepticism. This applies to the information you put online, the communications you receive, and what you read about the field of cybersecurity. Glenny uses a succinct analogy during the webcast to drive home this point:
“You wouldn’t stop a stranger on the street and start telling them your address, your phone number, or what you drink in the afternoon. We must remember that our data is being monitored for vulnerabilities all the time.”
As the global head of Digital and Technology, Lyndon is responsible for all of Investec’s technology teams and strategy across the organization. He joined Investec in January 2001 as a software engineer and in 2009 he was appointed the CIO of Investec Wealth & Investment.
In January 2013, Lyndon took on the challenge as the Global Head of Investec Digital focusing on the group channels, fintech partnerships, emerging company investments and new digital businesses. In May 2019, Lyndon accepted his current role, looking after all of Investec digital and technology globally, focused on the digitalisation strategy for the group.
Misha Glenny is an award-winning journalist who made a name for himself as the BBC’s Central Europe Correspondent covering the 1989 revolutions and the wars in the former Yugoslavia.
His books McMafia: Seriously Organised Crime and DarkMarket: How Hackers Became the New Mafia were shortlisted for several prizes. He has unique insights into how new technology is reshaping traditional organised crime in the narcotics, smuggling and sex trades.
Dominic is the ethical hacking director & managing director for Orange Cyberdefense, an information security consultancy based in South Africa and the UK.
A recognised speaker for security skills for both private companies and governments, he is actively involved in the South African research community.
Dominic has published works at various prestigious international security conferences.
For more Quick Update insights, click on the image below:
Get in touch
If you have any feedback or suggestions, please let us know
Get Focus insights straight to your inbox
You may also be interested in:
Browse further in