The Malta Independent 22 July 2019, Monday

FIRST: Sleeping with the enemy - How cyber criminals are the new monsters under our beds

First Magazine Monday, 17 July 2017, 10:30 Last update: about 3 years ago

Words: Julian Cardona

"Hey @CloudPets, someone named S. Atan keeps sending messages to my kids' cloud pets and the app won't let me block him. Please help."

This chilling tweet was posted by a father complaining that his child's smart toy had been hacked by a stranger who was posting unwanted messages to his child. We need to stop for a minute and take this in. We may tend to associate hacking with data breaches by big companies such as Sony, but the thought that this could happen to your own child through a soft toy should make us seriously re-think the structure of our modern lives. 

ADVERTISEMENT

Another Australian mother put it more concisely: "I think the thing that we are all most concerned about is that these toys recorded children's voices. This is behind the entire design of the toy: as a child, you leave a message for your father or mother and they then leave a message for you on their phone and send it back to you. So, who is listening to it? I think that this scares all of us with kids."

Cybercrime is starting to affect ordinary people who, over the years, have created multiple unsecured accounts with important profile and financial data. Who amongst us is not guilty of having run-of-the-mill passwords or even good passwords that are used for more than one purpose or seldom changed? The UK newspaper The Sun reported this year that over 30 per cent of the British people do not know how to protect their smartphones and fail to change their passwords regularly.

BullGuard CEO Paul Lipman said: "Many smart-connected devices have little or no security protection. We've already seen how one attack, using thousands of hacked smart devices, took down leading internet services in the US - including Netflix and Twitter. Hacks on the smart home could have much more damaging consequences." Just consider what would happen if someone hacked your smart camera, for instance? The hacker would instantly have important information about the most intimate details of your life and this could make you an easy target for stalking or cyber-bullying.

So, what do these cyber criminals want? Well, this varies: it could be something as serious as revenge or something as ridiculous as a challenge or even "for kicks". Money, as always, remains the grandfather of all motives. Small companies have become an easy target due to the limited amount of resources they devoted to high-tech security.

One small US company knows this more than anyone. On a normal day, a small online retailer in the Midwest ended up having its entire business threatened with one simple click of an email link. One employee received an email with a link to what seemed an innocent catalogue. As soon as the link was clicked, the entire business system was infected and all the accounting software and customer account files - including credit card and social security numbers, along with their names and addresses, were frozen. A ransom demand followed, requesting $50,000 in exchange for a decryption key. 

Unfortunately, due to the fact that the company was ill-prepared, it had no choice but to pay up. The key they were given, however, did not work and, sadly, the company ended up closing its doors just six months later.

Research shows that 60 per cent of small companies attacked in this way shut down within six months of the attack. The average cost for small businesses in the US to return to normal after being hacked stands at $690,000; for businesses that are slightly larger (but still small by many standards), it's over $1 million. This means that the ransom is only the start and it is the resultant costs that end up destroying the business.

So what can we do about it? Education is key. Starting with small businesses, research carried out by the US National Cyber Security Alliance showed that basic training to employees could prevent the large majority of cyber threats because in most cases it is that one mistake on the part of one employee that lands the company in hot water.

On its own, however, this is not enough. Small business owners have to ramp up their security investment as hackers are becoming increasingly sophisticated. Data security policies must be drawn up and be mandatory reading - and be contributed to - by every employee. These policies must be followed by actions and thorough internal auditing. Once such a system is in place, an Incident Response Plan should also be established so that, in the event of a security breach, the damage done is minimised.

What about the ordinary Jack and Jill? Updating your password regularly (once a month being the usual suggestion) is the most obvious first step, but there is much more that we should do. Make sure that, once you have deleted something on your PC or smartphone, it is also deleted on your cloud backups. Research shows that most people have little idea of what bits and pieces of their lives are 'out there' due to decisions they took years ago and had then forgotten about.

Another good practice is that, if you are using a public WIFI - such as in a café or restaurant - then you should refrain from sharing. Buying stuff on an Amazon account (which has access to your VISA details) inside a cafeteria is maybe not such a good idea.  

Finally, but perhaps most importantly, we must be very careful about with whom we hang out, both in the real and in the virtual world. Talking to strangers is not just bad for kids; the funny thing about the internet is that in an age where cynicism and distrust are at an all-time high, research shows that never before have we trusted others so blindly.

We sleep at other people's houses using Airbnb, we buy from unknown retailers who demand deposits and VISA details, we send our profile details so that we can get free stuff or discounts in return for tonnes of promotional material - and the list goes on and on, making us increasingly vulnerable at every turn.

I guess the lesson to be learnt here is that we should only give our details to verified websites with a certain clout and reputation. These will be the ones who have adequate security policies that will protect the details we give them.

In the end, however, the rule of thumb should always be this: if you don't want your data to be accessed, then don't share it. It's as simple as that. No matter how good a cloud system promises to be, nothing is 100 per cent airtight. And even if it is today, then tomorrow it can, and will, quickly change.

  • don't miss