Given the number of media reports on high-profile cyber-attacks involving well-known brand names, organizations, or celebrities, you might be forgiven for assuming that only huge corporations or the rich and famous are targeted for cyber-crime attacks. But this is a dangerous assumption to make – one that can lead “ordinary” citizens to become dismissive or complacent, when it comes to cyber-crime.
According to the UK consumer rights watchdog Which?, a private individual is eleven times more likely to become the victim of an online scam, than of a physical robbery. The 2015 Norton Cybersecurity Insights Report identified 594 million people around the world who became victims of cyber-crime in 2015. 21% of these were Americans who had their email accounts hacked, while 12% of those affected had their financial data stolen after shopping online.
As we’ll see, there are several ways in which private citizens individually, and the public at large, may be exposed to cyber threats in the current environment.
Cyber Threats and the Risk of Fraud
The digital economy was founded on the flow of information – and just as data from numerous sources has the potential to make online traders very rich, so too does information from the internet and other avenues represent a potential treasure trove for cyber-criminals.
One of their most lucrative avenues is fraud, which may be perpetrated in any number of ways. Personal and financial information extracted from personal and company websites, social media account profiles, eCommerce transaction records and the like may be used in gaining access to personal and corporate accounts at banks or finance houses, or for committing acts of theft through credit card fraud and scams.
For the victims, gaining compensation for losses suffered from these crimes is often difficult. A 2018 report issued by the UK’s Minister for Security and Economic Crime suggests that up to September 2017, around one in eight victims of bank account and credit card fraud were not fully reimbursed, while only 4,000 of the 232,000 people who suffered financial losses due to malware received full compensation.
Cyber Threats and the Risks from Email and Messaging Services
Cyber-criminals have been using email as a medium for attracting and defrauding or sabotaging potential victims for some years now, and more recent times have seen SMS text, web page or in-app advertising, and other messaging channels gaining in popularity as lures for unwitting targets.
Though users are advised never to click on links or open attachments associated with unsolicited communications of any kind, cyber-criminals have developed increasingly sophisticated techniques to induce people to ignore common sense and respond to their more basic instincts such as fear, greed, or simple curiosity.
Careless habits like using weak passwords, sharing personal and financial details on social media, or revealing sensitive information over unsecured public Wi-Fi all help to fuel new cyber-crime strategies.
Techniques like spear phishing – where information gathered from various sources enables criminals to draft highly convincing fake messages and emails targeting specific individuals or organizations – are on the rise, precisely because internet and mobile phone users aren’t being careful enough.
Cyber Threats and the Risks to Public Services from Legacy Systems
Across the globe, public sector agencies and institutions have a reputation for being under-funded and poorly resourced. As a result, many organizations are still using legacy computer equipment, operating systems, and application software.
In addition to creating problems integrating with more modern systems and networks, these legacy systems also typically have major vulnerabilities to exploits and malware, both old and new. And getting security fixes or patches installed on these systems may be problematic, as the manufacturers may have discontinued their support for these older products.
The 2017 outbreak of WannaCry ransomware which disrupted the workings of around 40 hospitals and trusts in the UK’s National Health Service (NHS) is just one example of how vulnerable older systems can adversely affect the public sector.
Breaches and leaks of sensitive consumer information – such as the 2015 incident at the US Office of Personnel Management, which resulted in the theft of over 18 million social security numbers and other personally identifiable information (PII) – represent another danger.
Cyber Threats and the Wider Scale Risks of the IoT
The co-opting of tens of thousands of cameras, baby monitors, and other devices fitted with so-called “smart” sensors created a huge Distributed Denial of Service (DDoS) attack in 2016, which targeted the Domain Name System (DNS) provider Dyn, and for a while actually took down major platforms such as Twitter. This was an example of how the public could be directly affected by attacks using the connected hardware of the IoT, or Internet of Things.
A design flaw associated with Cloudflare (a company which offers performance and security services to around six million consumer websites, including Fitbit and OKCupid) in 2017 caused the random leakage of potentially sensitive customer data and some of the company’s own internal cryptography keys.
Security experts continue to worry about the poor design of IoT devices, sensors, and software, the lack of co-ordination between device manufacturers and infrastructure providers, and the poor provisions being made for product updates and security patching.
Both incidents demonstrate the potential dangers to customer convenience, public health and safety, if cyber-criminals or terrorists should ever conduct orchestrated campaigns against the hardware and infrastructure of the IoT.
Risking Your Identity
There’s still a tendency for both private citizens and business users to jump at the opportunity of free public Wi-Fi – despite continued warnings about the dangers of using unsecured wireless networks, where data interception, eavesdropping, and the distribution of malicious software are fairly easy tasks for hackers and cyber-criminals.
Disclosure of intimate personal data and sensitive business information on social media platforms, dating apps and the like also continues unchecked, as users caught up in the culture of Comment, Share, and Like lose their sense of discretion and broadcast anything and everything in their lives, to the world at large.
Information extracted from open sources like social media and company profiles, together with data acquired by other means such as eavesdropping and interception provides cyber-criminals with the resources they need to perpetrate fraud, steal identities, and stage targeted attacks against individuals or institutions.
Against this kind of exposure, your best defense is to use a Virtual Private Network (VPN). If you choose VitalSecurity from Finjan Mobile, you’ll have the dual protection of a fully-fledged VPN service offering a choice of servers located in dozens of countries across the globe, combined with a fully-featured web browser incorporating a real-time privacy scanner and tracking alert system.
Share this Post