Those responsible for cyber security must be having a difficult time right now as well as some sleepness nights, Jim Gannon thinks.
Just not knowing where those alleged teenage cyber hackers are going to strike next in the wake of the recent cyber-security breach experienced by the telecoms giant Talk Talk will provoke hours of discussion. The fact that Talk Talk joins companies like Sony, Carphone Warehouse, Apple and Experian, one of the largest data brokers around, must have resulted in another sinking feeling in the hearts and minds of thousands of consumers throughout the UK when they learned that potentially four million Talk Talk customers had been exposed to a breach in data security. While some in the cyber security world estimate there are around 2000 cyber attacks every day, costing consumers and businesses in the region of £350 billion pounds a year, is it any wonder that the latest revelation has caused another customer backlash.
Too much complacency
The significance of another serious breach involving telecommunications data in October was not helped by the media reports at the end of the month concerning the fact that around 1900 Vodafone customers were left vulnerable to fraud after criminals had accessed their personal details having obtained passwords and user-names via the so called ‘dark web’. This is a criminal network process operated to scam consumers and businesses via established phishing techniques being used by criminal organisations engaged in worldwide fraud. The list of cyber breaches that we actually know about has exposed two issues which should concern not only consumers but those engaged in data security. One: there is too much complacency over the strength of cyber security if what we are being told is true: and second, security is only as good as its weakest link and this factor applies to physical security as well.
No longer just trust
Online transactions require an enormous amount of trust and it has been stated in a number of media reports that if consumers did not believe that, online transactions would simply grind to a halt. The fact that in September consumers spent around £847m in online transactions and this is set to rise as we approach the Christmas and New Year spending spree, you can start to get the bigger picture about what is at stake, especially for online businesses. The fact is however that when we as consumers give out our bank or credit card details to any business providing us with a product or service we do so on trust. Whilst I like most choose to do this I must admit that I have not yet taken that last leap of faith into internet banking and probably never will unless forced to. Pressure will mount on firms like Talk Talk if it is found they did not protect customers data adequately following an inquiry by the Information Commissioner’s Office into whether they breached the Data Protection Act. They have the power to impose fines of up to £500,000.
A growing threat
Attacks mainly use a standard strategy favoured by cybercriminals who focus on and target financial institutions and websites that collect customers’ payment details, which normally also requires a credit card security code to process a payment. The process involves the planting of malware, malicious software, usually by means of a phishing email, a fraudulent email designed to gather data. These emails carry an attachment that, once opened allows a bug to enter into the targeted site lying dormant until activated. According to some in the cyber field a growing threat of a new malware called ‘Dridex’ instigated warnings from Europol early in October but the basic attacking strategy is not believed to be new. Criminals have for years seen cyber crime as relatively low risk and highly lucrative especially as they often use what are known as mule techies to do their dirty work while they sit back and reap the rewards through money laundering. Organised crime syndicates are now so sophisticated that it is alleged they fund students studying computer science subjects through university so that once qualified they enter the fraud business. The boiler room syndrome previously used by fraudsters looking for the quick win unsuspecting cash investor is now being speedily overtaken by a more sophisticated faceless cybercriminal.
Self protection
Remember just one simple rule, neither banks or the police will ever contact you by phone or email asking you to reveal your bank card pin code, your online banking password or to transfer your or your company’s money to a new account for any reason. Be alert for any suspicious phone calls, texts or emails from anyone claiming to be from your bank, your telephone company or from the police. If you experience anything suspicious or unusual especially out of normal business hours or at weekends contact your own bank and Action Fraud (0300 123 2040) or via actionfraudpolice.uk the UK national fraud and internet crime reporting centre.
If you want to check if your personal data is being used fraudulently you can check your own credit reference file. These files are used by banks, building societies and financial organisations to assess you as a risk usually before issuing a loan or a credit card. They also record each time a search is made which will indicate whether someone is trying to use your personal data.
