There are two aspects of our business that are both sustaining us and causing us untold grief and there are so many aspects to both. Cyber Security and Privacy. I guess you can say they are related, but actually, they are not.
Cyber Security is hitting the headlines these days because of the rise in hacking and what appear to be attacks on our ‘western’ infrastructure and it systems. But let’s be clear, a lot of the recent ‘outages’ have been simple man-made problems, where local real people have done something wrong and it’s taken half the Internet offline. One has to separate the issues.
More worrying are the likes of Marks and Spencers last spring and Jaguar LandRover more recently, both these companies were recipients of Ransomware, which is software that encrypts all your computers until you pay someone to unscramble everything. The biggest risk is that if you pay the culprit, they are just likely to ask for more money. Equally, issues like the malicious software can be backed up to your backups, so really, you’re not all that safe even if you think you are.
Due to these examples, we were recently invited by one of our long-time suppliers, Fasthosts, to a Cyber Security Talk, we almost knew what they were going to say, and then they more or less said it. Humans.
Passwords
Most true Cyber Security issues are also caused by Humans… so now we have it, Humans uploading badly coded updates to online services can potentially take out large chunks of the Internet, but equally, humans inadvertently clicking a link can give away their password and the Criminal is in. This is almost definitely what happened at Marks and Spencers. Their IT network was compromised, the malicious party was able to install the Ransomware software and the rest was a nightmare.
The Louvre in Paris was hit as well and millions of irreplaceable and priceless jewellery was taken. The password was set to ‘Louvre’. The head of security at the Louvre set the password to their security systems himself.
We don’t know yet what happened at Jaguar LandRover, but it is likely the same sort of thing. The Hacker got in, wreaked his havoc and hopefully left empty-handed.
But, invariably, it was Humans and their reliance on Passwords.
Links
Links are another real issue for Cyber Security, i am sure there are IT professionals who wish the concept of links had never been invented. But let’s just look at it in the most basic way.
A million emails are sent… 98% are binned through Spam detection or other means, but that leaves 20,000 emails that are read. 98% of readers are wise enough to know better, but that leaves 400 people who read the email properly or who may be taken in. 98% do nothing, but that leaves 8 people who clicked the link.
If that original email was written just 10% better, the numbers could be very different. 8 people is still eight people that are then scammed in some manner or other. And it does not mean the other 999,992 people that the original email was sent to got off lightly, because these days scammers aren’t sending to just 1 million emails, they are sending to hundreds of milllions of email addresses, daily, just on the off chance of one getting through.
Reply to the email or click and link and you’re done. We had a client the other day, the only difference in the email was that the scammer had used .org instead of .com… but the receiver did not notice, everything about the email was correct. Just not the recipient of his bank details.
Our advice, never to click a link in an email; always go to the website concerned and sign in correctly.
AI
A nod to the future, before I round up. Malicious characters are well aware of the power of AI, and after all, why not use it, and they are. More than anyone else. Now the emails are generated by AI, the requests for your passwords aren’t written by some computer techie in Nigeria; they are written by AI and if you will admit to anything about AI, it rarely makes spelling mistakes.
Our vigilance is only going to have to increase as time goes on. Our exposure to Hackers is only growing; it’s a war out there between the forces trying to protect you and those simply trying to steal your money. How long will it be before some hacker works out how to take an entire bank’s money and do something with it.
As the good guys create ever better ways to protect you, so the bad guys are devising ever more clever ways to get through. The weakest in the chain, always and every single time, is the Human.
I hope this post makes you think twice about reusing the same old password again, or even writing the password down somewhere. Never tell your friends or family what your password is and all the rest of the good advice you know you have heard, but rarely do anything with.
We’re living in strange times, a sort of complacency exists at the moment that means actually changing our habit of the last 20 years (of passwords) is proving difficult and we’re learning that lesson right now, each time we hear about a friend’s bank being accessed or some company being hacked. Think of the human who let them in.
Comments
comments