The cyber crime heatwave demands a security rethink
A new rash of cyberattacks has hit the headlines this month. While we baked ourselves leathery in the sun, critical systems were breached, user data exposed and money lost.
Some of the attacks show signs of being geo-political in nature. Following the visit of US politician Nancy Pelosi, attacks on systems in Taiwan increased, while in Europe a Luxembourg-based gas pipeline company fell victim to ransomware.
‘Normal’ attacks are also occurring: Twilio has said its customer data was exposed in a hack, and if there is a cryptocurrency website that hasn’t been breached then it surely would be more newsworthy than those that have.
Lower down the food chain, but no less devastating for those on the receiving end, business accounts on Facebook have been hijacked.
In fact, low tech approaches to fraud are perhaps the most significant risk.
Figures released by FraudSmart, an initiative of the Banking and Payments Federation Ireland (BPFI) say that Irish consumers are being fleeced in so-called ‘smishing’ scams, essentially fake SMS text messages. Those who got hit were tricked out of an average of €1,700 during the first half of 2022, while over the same period businesses were conned out of an average of €14,000 due to invoice fraud.
According to Niamh Davenport, head of financial at the BPFI and FraudSmart lead (pictured), the increase in attacks is opportunistic.
“Fraudsters are experts at taking advantage of changing situations to commit fraud and with two retail banks leaving the Irish market and hundreds of thousands of personal and businesses customers moving bank accounts FraudSMART members are anticipating we may see a rise in impersonation fraud attempts which will be based around the process of verifying and updating bank account details,” she said.
Cyber security experts are quick to say that breaches and other attacks are a case of ‘when, not if’. All of the evidence suggests they are right, but there is something deeply unsatisfying about this. As society hurtles down the ‘cashless’ road and being online becomes not only the cost of doing business but also an essential part of simply existing, the risk of loss of data, money and more becomes ever greater.
Crime is not a technical problem, it is a social one, and so a technical solution cannot be conjured up to make it disappear. Nonetheless, technical vulnerabilities increase the likelihood of falling victim to opportunistic attacks.
Many of the tools we use to handle transactions were never designed to do so. Certainly, the Internet was built with connectivity and resilience in mind, not security. Great leaps forward have, of course, been made, but our networks were simply not designed with shunting money around in mind.
On top of that, so-called ‘user error’, which strikes me as a euphemism for poorly thought out user experience (UX) design and a general lack of education around core computing concepts, is not going to go away.
It really is time for a deep security rethink.
Subscribers 0
Fans 0
Followers 0
Followers