Cybercrime can and probably will be used as a tool to compromise the financial infrastructure of entire countries, says cyber-security specialist Phil Cracknell in collaboration with Hiscox, the business insurers.
From business protection to cyber wars, Phil gave Hiscox eight points about the future of hacking and how we’re all more at risk than we realise:
- It’s time to look at the bigger picture with cyber security
“When it comes to what’s motivating hackers, it’s not all about money – although it can often be traced back to that.
Cyber wars are taking place every day. People are hacking governments to steal information and secrets in the same way we have spies and double agents.
I just came from a ten-month assignment at a train company in the UK, who are going ahead with plans to move all of their signalling to the train cabins instead of a central signalling centre. Bring a cybercriminal with a vicious motive and the ability to hack these trains into the equation, and you’ve got a very dangerous situation.”
- It will take a catastrophic event to lead to reform
“My prediction for the future of hacking is that there’ll be a massive event that’ll lead to loss of life. Several terrorist plots involving cybercrime have already undoubtedly been foiled, and it’s only a matter of time before one takes hold.
There’s still a widespread disregard for cyber security because it’s not in people’s faces yet. But an event like this would lead to major reform.”
- There’s an ecosystem of hackers and we need to be wary of them all
“There are many ‘smaller time’ hackers that do it more for the kudos it gives them in their network rather than aiming to carry out organised crime. But they’re still dangerous.
These opportunistic hackers are often groomed by other, more serious hackers who’ll tell them to attack a certain IP address. And the smaller-time hackers will do it because they believe they’re doing a valuable job in taking down a bad organisation or similar.”
- Small businesses aren’t immune to cyber threats
“SMEs need to remember that even though they’re small in size, if they’re part of a larger supply chain, they’re still vulnerable. Anyone that supplies to trains, buses, planes, energy companies or any other organisation considered critical to the national infrastructure could provide a way for hackers to get into where they want to be. The last four biggest hacks in the world – Sony, AT&T, eBay and Target – were able to happen because of a third party supplier being compromised. And if enough small businesses were attacked it could threaten our country’s entire financial infrastructure.”
- Seek external help to keep your business secure
“If you own a small business you probably don’t need to employ a security expert full time, but it’s wise to seek external help to guide you and check that you’re secure on a regular basis. It’s a good idea to seek specialist help and contract a Chief Information Security Officer (CISO).
It’s also important to get the culture within your business right. While anti-virus and firewall programs can detect viruses and system vulnerabilities, you can’t rely on them to protect you against cyber-criminals actually tricking you in person, otherwise known as ‘social engineering’. Getting a professional in to deliver a training session for your staff is a good way to make sure they’re clued up on this.”
- Social engineering is a very common method of getting credentials
“Imagine the scenario. A British Telecoms (BT) engineer turns up in full uniform at your business premises. They claim that your main phone line is down due to a problem in the area. You check the line – it’s dead. Your customers can’t get through to you and you’re losing money by the minute. How likely are you to let the engineers get on with their job and fix things?
Hackers have been known to create crises for businesses, only to turn up and ‘save the day’ a few minutes later. What they’re really doing is getting potentially unlimited access to the business’s network. This is a classic example of social engineering.
In most of the major hacking scandals to have taken place, there will have been an element of social engineering to obtain information. Sometimes this takes place electronically, known as phishing. So a hacker will create a fake web page that looks like it’s legitimate, which will ask a user to change their password.”
- Always be vigilant when giving out your details
“To avoid being socially engineered, always be wary of who you’re giving details to, whether it’s on the phone, in person or online. If you receive an email with a link in it asking you to change your password for something like Facebook, don’t follow it. Instead, manually type the Facebook URL address into your browser and see if the website asks you to change your password that way.”
- Cyber insurance is going to change the world
“Hacking activity is spread far and wide, and is being used for multiple different purposes across the globe, some of them very sinister. But it’s not all doom and gloom. This is why I think cyber insurance is going to change the world. I genuinely believe that if you’re a small business owner, cyber security should be up there at the top of your list of priorities. It’s not an optional extra, just like business insurance isn’t. And when you look at the bigger picture, you can see why.”
Find out more about Phil Cracknell at Club Ciso.
In addition, Hiscox have produced a password checker with a difference for small businesses, which makes very particular points about cyber security.