Why Information Security is Hard
The techniques that hackers now have to gain authorised access and harvest information means that it is becoming harder for people to know about and protect themselves from the cyber threats out there.
Our reliance on technology, as well as the fact that more criminals are joining the leagues of hackers to grab their share of money means that there are more dangers out there ready to attack our information systems. For example, there are now 230,000 forms of malware being created every day, leaving security software often one step behind when it comes to responding to new threats. We are vulnerable to information security threats both at work and at home, so it is important that all employees are offered information security awareness training as standard. I's important for us to learn and get comfortable with the steps we can take to protect ourselves and the information be store and process.
The Prevalence of Cyber Crime
The vision of a hacker is definitely not what the stereotypical ideas imply. Far from a lonely figure hunched over a computer in a dark room, cybercrime has become much more professional and organised. Around 80% of cybercrime is committed by sophisticated gangs of criminals engaged in highly organised operations. This number, teamed with the relative ease of committing crimes online, means that the types of crimes committed over the internet are growing in complexity and severity – all with the results of big sums of money.
Once information is harvested by hackers, it can be posted on illegal trading sites that can attract up to 80,000 users at one time and sold for large profits pretty quickly. By being able to turn data into money like this, it is no surprise that it has become the new crime trend. Additionally, a growing number of online "how-to" guides and DIY software means that it is easier for people to get involved in the theft, buying, and selling of stolen data, even if they lack technical know-how.
The Difficulty in Information Security
Remaining in control of your information is proving to be difficult due to issues such as social networking sites sharing information with third-party applications. Security threats come from unexpected sources too, e.g. untrained employees inadvertently creating security risks and breaches due to gaps in knowledge about information security best practice. As a result, many organisations don't know their information has been compromised until it is too late.
Emails were perhaps one of the earliest security threats, along with the commercialisation of the internet and personal email use in the 1990s. Whether it's pretending to be a reliable business such as your bank through a phishing email, or sending an attachment/link containing malware disguised as something else, hackers use emails to gain access to your information or hold it at ransom for a price.
The rise of social media introduced hackers to various platforms where people were creating personal profiles in order to share information with their friends; a perfect hunting ground for hackers to take advantage of. The threats could come in the form of malicious links being sent via direct message or posted on walls, or more sophisticated ploys, such as impersonating a help-desk employee and requesting account details.
USB sticks serve as a perfect way for information to be stolen through acting as a portable source of malware for hackers to infect devices with. Through stealing someone's USB stick, or loading one with harmful files ready for someone to pick up means that the accessibility and portability of the storage devices make them the perfect tool for hackers to use when stealing your information.
Pharming is perhaps the most invisible threat out there. Here, hackers take control of the domain name server and alter it so that it directs visitors to a malicious site. So, although users believe they are using a site they recognise, they are actually inputting information (bank details, payment card details, etc.) into a fake website. Cyber criminals can then use this information to access legitimate sites or purchase items and sell them for profit.
Pretexting isn't a well-known phrase, but readers may remember a recent advertising campaign by Barclays that aims to raise awareness of the phenomenon. One example shows a professionally dressed employee asking for the security information of a customer over the phone. This was enough information for the hacker to access the bank accounts of the individual and cause all sorts of security problems. It doesn't take many pieces of information for criminals to be able to access your accounts and take everything.
How Can You Protect Yourself?
Improving vigilance about information security inside any organisation means that staff can serve as a strong frontline of defence against hackers, but only if you actually put the work in to prepare them. All employees should be educated about information security risks and empowered to be able to spot and report them. By having a greater understanding of what they're looking out for, organisations can resolve an issue before it has chance to cause problems throughout the whole company, so reducing the likelihood of an information breaches happening in the first place.