My HMO Journey: No rest for the wicked as we approach...
Rarely does a day go by without an article in the press relating to another cyber attack. Unfortunately, nobody is immune to cyber crime and we all need to be aware of how we can protect our online presence.
One of the biggest issues is the shift from offline to online business. The explosive growth in the online market through smartphones and tablets has further heightened the problem and with continuing technology advances for businesses and individuals alike, the security situation is worsening and falling more and more behind.
It’s amazing to think that cutting-edge free hacking tools are widely available anywhere on the web these days which come with complete free how-to training videos on Youtube!
Martin Voelk of Cyber 51 comments that “most attacks nowadays are not targeted at actual networking components any longer, but make use of vulnerabilities in the sheer endless list of ever emerging new web applications. Social Engineering (tricking the human user) has risen to new threatening levels, where the best IT Security systems can’t provide adequate protection because of the lack of user education. Governments and law enforcement often have their hands tied up, because attackers may sit in countries with weak or non-existing IT legislation or attacks are being sponsored by rogue foreign governments”
The cyber criminals motivation include denial of Service (bringing someone else’s systems down), theft of financial or competitive information, theft of customer information, publishing sensitive information (Leaks), reputational damage, identity theft and the list goes on and on. Worst of all, an awful lot of all attacks and thefts go undetected and therefore aren’t reported!
Blackmailing attempts have also risen dramatically. Criminal organizations are threatening to bring systems of online vendors down, if a ransom demand isn’t met. Martin Voelk mentions that “such DDoS (Distributed Denial of Service) attacks can be purchased for as little as £1000 at certain underground websites and require little to no knowledge. Exploits to overcome common security measures are being traded in underground communities long before hardware and software vendors know about them or before they can release updates and patches. End-user IT security awareness in most parts simply doesn’t exist. As part of client authorized Penetration Tests and Security Audits, our team is frequently able to ethically hack into most sensitive information of individuals, SMB and large enterprises alike. Our success rate of successful hacks currently stands at more than 95% and it typically takes less than a week to breach security.”
Unfortunately, most simple user friendly education to mitigate the all-round threat is neglected with most individuals and organization’s falling victim before they react. The government have recently announced their plans to invest £650m in their National Cyber Security Strategy, however the question is, will the strategy be for reactive purposes or will they be proactively go after the end criminals.
Countermeasures which should be considered by individuals and businesses include: Ethical Hacking, Penetration Testing, Social Engineering and Assessments of current infrastructures by certified white hat specialists, monitoring and mitigating internet threats on a 24/7 basis and seeking advice from specialists on forensic investigations to track down attackers to potentially prosecute malicious hackers. You can also buy insurance policies that can be either stand alone or part of an existing professional indemnity policy. The cover provides an indemnity in the event you should unintentionally transmit a virus to an independent third party or if a malicious attack is made by a hacker whereby unauthorised access is gained and subsequently modifies the computer system. Depending on the cover, it may also provide an element of cover for reputational management cost. Reputational Management means a PR company would offer you support in the event you suffer adverse publicity as a consequence.
Cyber crime elements are clearly miles ahead of individuals, businesses and law enforcement, and the gap is getting wider!