Cybercrime
Establishing ‘community of partners’ to combat internet crime Continued from p16
There was some positive news, he felt, given that the hackers behind WannaCry [thought to be from North Korea] “may have killed the golden egg; because of the global attention everyone is well aware of it”, so there was more focus by businesses and organisations to ensure software update patching was done and files backed-up and kept off-line to help recover from an attack.
He revealed that most people who paid a total of an estimated US$1bn “didn’t get their data back and so bizarrely broke the trust model that ransomware relies on – honest criminals”.
Disgruntled employees
Disgruntled or uninformed employees represented a particularly vulnerable area for companies as research indicates that more than 70% of security breaches are by staff.
Anthony Smith, responsible for Northumberland Water internet security, maintained: “It’s not stupid people; it’s normally very switched-on people doing
stupid things, and we need to educate them.” It was important to engage with staff, who frequently were bored by ‘information’- type training session. He suggested: “Focus on the folks at home and the things that matter to them – operating bank, eBay and PayPal accounts, Amazon and Netflix applications, social networks – and encourage
changes to the way they behave!” Smith offered small incentives or prizes
for employees to attend awareness sessions that “encourage them to be more cyber savvy”, presenting small, fun competitions to make the underlying security message more interesting. Most were unaware of ‘HaveIBeenPwned?’ – a UK government supported free website that indicates if an email address has ever been hacked for personal details stored on-line and that can also keep people informed in case of future malicious attempts. “There were stacks and stacks listed!”, Smith noted, as surprised staff entered both work and home email address.
He strongly advised against using the same password to log into multiple sites, but “if you insist on having one password or very few a good way to reduce the threat of
Governor Davis at cyber security - Autumn 17
accounts being compromised” he suggested is to add a prefix and final letter to the existing password that corresponds to the account – a ‘p’ and ‘l’ for a PayPal account, for example.
Richard De Vere, director of ethical social engineering consultancy at The AntiSocial Engineer, also advocated making internet security relevant to individuals in their workplace and personal lives.	”A short password takes a hacker seven minutes to crack – a long one of say, 20 characters, takes many years, so use a combination of letters, characters and numbers.”
And drawing attention to general apathy
24
Gibraltar International
www.gibraltarinternational.com