How to avoid becoming a victim of cyber crime?
Future and Emerging Technologies is a key research theme within the University of Portsmouth so we spoke with our alumni to hear their thoughts on advancements and potential challenges.
Jonathan graduated from the University of Portsmouth in 2004 after studying BSc (Hons) Business Information Systems. Since leaving the University, he has worked within Howard Kennedy and is now the Head of Technology and Security. His role focuses on developing the company’s technology systems and ensuring controls are in place to reduce potential cyber attacks.
The harsh reality is that future technology will require an ongoing and increasingly harder fight to tackle complex cybercrime. We spoke to Jonathan about how companies can best protect themselves online:
‘One of my primary responsibilities is managing the firm’s overall technology architecture. I like to think of this as a bit like city planning, with each piece of technology being an individual building in the city. IT architecture is all about making sure that all those pieces of technology are built to the same standards, can make use of each other and are all designed to be secure.
This joins together with the cyber security side of my role which is to work with colleagues across the business to ensure that cyber security/data privacy technologies, policies and procedures are in place across our existing systems and are designed into new systems.
Unfortunately, we face new and evolving threats from cyber criminals. The Covid-19 pandemic changed the way that companies operate, with many people working from home for the first time, away from the protection of their corporate security teams with very little preparation time. Across industries, we saw an increase in social engineering attacks such as phishing emails, phone calls (vishing), fake SMS messages (SMSishing) to steal credentials or other confidential information, and of course, the growing threat of ransomware.
Sometimes using simple measures, which are often easy to overlook, will make a difference to the ease of being compromised.
Examples of cyber crime ransomware
Over the coming years, we’ll all find it increasingly difficult to spot these. Deepfake attacks include audio recordings, photos or videos in which a person’s likeness and/or voice is artificially created by using a form of artificial intelligence called deep learning. These attacks make an individual appear to say or do things that they never did. A few examples which are currently on Youtube, include the ‘deepfake’ Obama insulting Donald Trump and a ‘deepfake’ Mark Zuckerburg bragging about controlling the world’s data. Unfortunately, there is however a more menacing side to this, from individuals being threatened with deepfake pornography, to attacks on businesses impersonating senior personnel with deepfake phone calls.
Unfortunately, this ransomware will expand to other channels too. Matthew Canham, a researcher from the University of Central Florida, spoke recently at the BlackHat security conference about his research. He suggested that soon we will see deepfake Som calls (an attack he called zishing), where the other person on a live video call may be a deepfake. This is a cat and mouse game, but researchers are developing new technology to spot them and others are creating more advance deep learning modules to create better deepfakes.
Ransomware subscription-based products
Another type of cyber crime ransomware is where attackers encrypt a company’s data and demand a ransom to release it. The increasing potential for these types of attacks can be seen by the creation of subscription-based ransomware-as-a-service (RaaS) products advertising on the dark web. RaaS enables people with very little technical knowledge to launch attacks just by paying a subscription fee starting as low as $40 per month and/or a percentage of ransoms paid. This service even offers 24/7 support, bundled offers and product reviews just like any consumer service.
As ransomware attacks continue to evolve, the latest trends are double or triple extortion tactics, where attacks steal data before encrypting it, then charge one ransom fee NOT to release the stolen data, another to decrypt the data, and even a third NOT to inform regulators, customers or shareholders.
The attacker has to get into the system first so if we can reduce the likelihood of that, we can reduce the likelihood of a successful attack.
How can you avoid the likelihood of becoming a cyber crime victim?
- Installing updates – by installing the latest security patches for your software, you remove vulnerabilities from your systems.
- Multi-factor authentication (2 factor authentication) – passwords alone are no longer enough, adding in multi-factor authentication, for example a mobile app, phone call or SMS message in addition to your password, reduces the chances of attackers breaching a system. As well as corporate systems, make sure you’re using this on all your personal accounts such as email, banking, PayPal, Amazon and social media.
- Password manager – make it easy to use different complex passwords on all your online accounts by using a password manager to generate and store long complex passwords for you. Systems like Bitwarden, LastPass and Dashlane will store your passwords securely and even generate long complex passwords for you.
Sometimes using simple measures, which are often easy to overlook, will make a difference to the ease of being compromised. The attacker has to get into the system first so if we can reduce the likelihood of that, we can reduce the likelihood of a successful attack.’