When people first started to hear the term hacker - or being hacked - as a common phrase it did not conjure an image of fear, panic or dread. The most likely image that was conjured up is that of an inconspicuous person (usually a youth) sitting behind a computer screen breaking things on the internet because they could. A digital hoodlum, a prankster, and nothing more. Now the term has taken on a different meaning.
We are afraid of these people. Companies invest millions of pounds in making sure their cyber-security is safe and that they don't get hacked. People are constantly warned about their computer security and their cybersecurity habits. Scandals and news of major hacks occurring to large brands that hold our data seem to happen every week. We now live in fear of the people we once dismissed. How? The simple answer is this: we let it happen.
We, us, humans, society, on the whole accepted and embraced technology. It has improved and enriched our lives; it has made the world more accessible, made our lives easier. However, as we saw the potential and the wonderful nature of these advancements, there were people who saw a way to get into our lives, our information, and our accounts. As a result, as we entrusted more of our personal information and data into technology and the internet and it gave the hackers more power, should they succeed.
According to statistics from 2014, 78% of the developed world (and 48% of the total global population) are active internet users and this is likely to have increased exponentially year on year. That means billions of people are now online, sharing data, sharing their information. But like so much of what happens with progress, where there is opportunity there is crime. Hacking is now a lucrative career for both criminals and security experts. Dedicated task forces and companies now exist with the sole purpose of trying to keep us safe online.
What should we be aware of?
Europol's "Internet Organised Crime Threat Assessment" for 2016 identified eight cybercrime trends that everyone should beware of:
The digital underground is underpinned by a growing Crime-as-a-Service model that interconnects specialist providers of cybercrime tools and services with an increasing number of organized crime groups. Terrorist actors clearly have the potential to access this sector in the future.
Ransomware and banking Trojans (a malicious program used to obtain confidential information about customers and clients using online banking and payment systems) remain the top malware threats, a trend unlikely to change for the foreseeable future.
3: The criminal use of data
Data remains a key commodity for cyber-criminals. It is procured for financial gain in many cases but it is increasingly being used to commit more complex fraud, encrypted for ransom, or used directly for extortion.
4: Payment fraud
EMV (chip and PIN), geo-blocking and other industry measures continue to erode card-related fraud within the EU, but malware attacks directly against ATMs continue to evolve and proliferate. Organised crime groups are starting to manipulate or compromise payments involving contactless (NFC) cards.
5: Online child sexual abuse
The use of end-to-end encrypted platforms for sharing media, coupled with the use of largely anonymous payment systems, has facilitated an escalation in the live streaming of child abuse.
6: Abuse of the Darknet
The Darknet continues to enable criminals involved in a range of illicit activities, such as the exchange of child sexual exploitation material. The extent to which extremist groups currently use cyber techniques to conduct attacks are limited, but the availability of cybercrime tools and services, and illicit commodities such as firearms on the Darknet, provides opportunity for this to change.
7: Social engineering
An increase of phishing aimed at high value targets has been registered by enforcement private sector authorities. CEO fraud, a refined variant of spear phishing, has become a key threat.
8: Virtual currencies
Bitcoin remains the currency of choice for the payment for criminal products and services in the digital underground economy and the Darknet. Bitcoin has also become the standard payment solution for extortion payments.
How can we remain safe?
As cyber-security expert Ralph Echmendia – AKA the ‘ethical hacker’ – stated
‘You cannot have 100% security. To identify a potential breach early enough for it not to affect your operations is or should be the focus. Focusing on preventing the breach is not the idea’
So the question remains, how do you stay safe? There are habits that help make sure that you and your data is safe.
The major habit; Use a strong password. We know that this sounds obvious but people are often still using one password for every application. This password is often weak and as a result presents a huge security risk, if someone finds out your password they would have access to everything. However to remember a different alphanumeric password of 8 characters or more for each account is impossible. Using a dedicated password manager such as Dashlane, 1Password or Lastpass will not only mean you can create and store extra strong passwords, but that you can keep them safe. Make sure that your passwords are a. 8 characters or more and b. a mixture of uppercase, lowercase, numbers and symbols, and that they do not specifically spell out an easily guessed word. Gone are the days of ‘Password1’ and welcome the likes of ‘Hk/78TTwbN&’.
For extra security on your major accounts, check to see if the provider has Two Step Authentication and activate it. This adds a second secure layer to your login as you will be required to input a randomly generated 6 digit number that you would usually receive on a different device to ensure that it is yourself logging in.
Another habit that has been around since the dawn of cyber-security is backing up your data, twice. What this means is that if you have any document, spreadsheet, or media you need to have at least 3 versions; for example 1 on your home computer, 1 on your cloud account, and 1 on an external hard drive. There is an old adage with computers that says if a file doesn’t exist in 3 places, it doesn’t exist at all. This means that if any of your data is broken into or stolen, you still have copies and you will also know what parts to change.
Another potential breach to fix is the internet. Or should I say more specifically your internet access. To fix this make sure that your router has and uses WPA2 encryption and a randomly generated login password that is at least 30 characters long. Remember to save this randomly generated password in your Password manager for safe keeping. You should also use a Virtual Private Network (VPN) at all times. These act as a ‘hidden passageway’ that stops any hackers looking at where you are going and what passwords you are using. There are lots of providers online so take your time and have a look but remember that a paid service like ‘Hide my Ass’ has greater security than a free service. Either option you choose, make sure you do choose one.
The last tip is this, use anti-virus and anti-malware software. This may be another obvious answer but make sure you are using up to date current software. AVG and Avast have free to use domestic versions and they are always on and scanning your files, however if you have particularly sensitive information (such as customers bank details) then you can use paid services that will add extra layers to your security.
All in all there are several steps and habits that you can use to ensure that you remain a step ahead. As previously quoted there is no such thing as 100% security, but aiming for this is an excellent start to keeping hackers and malware at bay.