It wasn’t until we decided to expand Industry Update’s coverage of security matters, and in particular cybersecurity, I didn’t realise quite how scary this business is. And I’ve come to the conclusion that the only hope is to close down the Internet altogether and go back to pen and paper.
Seriously, though, I don’t know why anyone would be surprised that there are some particularly unpleasant scams going on out there – after all, cyberspace is nothing more than a digital image of the real world.
I must admit though that I am intrigued by some of the terminology involved.
Take phishing, for example. We’ve all experienced the random emails trying to elicit enough of anyone’s personal details to be able to take financial advantage. Fortunately, today’s email clients are pretty good at spotting the bogus Nigerian princes and sentencing them to spam.
However, cleverly targeted scams – or “spear-phishing” – are still responsible for the majority of commercial security breaches, and it only takes one lapse by one member of staff for a company’s entire operations to be compromised.
The people perpetrating cybercrime are changing, and there is much talk of “foreign actors”. This is a term that strictly refers to overseas government-sponsored organisations, with accusing fingers pointed in the directions of Moscow and Pyongyang. But it should be noted that Gérard Depardieu is now registered as a Russian resident to reduce his tax liabilities (I kid you not).
Unfortunately there is now a new threat of which we need to be aware, and that is the practice of “island hopping”. And this no holiday – nor is it another tax-saving scheme dreamt up by Sir Richard Branson.
In its simplest form, island hopping involves attacking one organisation in order to gain access to all the organisations in its supply chain – potentially then expanding to another set of organisations, and so on.
But the practice has now evolved into other forms, including one in which a company’s website is hijacked and turned into a so-called “watering hole”, which becomes a tool used to ensnare the victim’s customers and partners. And this particularly insidious practice is on the increase.
So do try to stay cyber-safe. It’s a jungle out there.