Cybercrime is an illicit criminal activity conducted over the Internet or another computer network. The fact is that all individuals and organisations connected to the internet are vulnerable to cyber attack. The number, type and sophistication of attacks continues to grow. It isn’t only large organisations that are under threat. Even Individuals or organisations that don’t believe they have much to offer hackers can be targeted. So even if you think you can’t be a target, chances are high that you might still be at risk.Malicious individuals and groups thrive on gathering information that can be used to enhance their attack strategies. Hackers are becoming more focused on spear-phishing attacks, which are tailored to individual people, and any bit of information about you can be of help.Key to the hacker is the issue of trust. The information gathered is used to build a profile of the target with the aim to have enough data that allows the hacker to appear trustworthy to you.In most studies conducted, they show the hacker will attempt to impersonate an entity that is trusted by you. The more information the hacker has on you, the more likely they will be able to maintain the illusion long enough to achieve their aims.The effects of a successful attack vary significantly, largely depending on the motivation of the hacker.
For most individuals, identity theft is likely to cause the most damage because it badly impacts on our ability to go about our normal daily life. Our online credibility and even credit rating could be severely compromised. To make matters worse, the process of addressing the damage of an attack can be costly, time consuming and emotionally exhausting.In other cases, the damage could be in the form of confidential information, such as medical history records, ending up in the hands of malicious parties, and thus make the you susceptible to different kinds of blackmail.Identity theft could lead to serious repercussions both on and offline.For example, if an individual steals your identity and uses the same to defraud people, then you can assured of catastrophic future where your online and offline reputation is wiped overnight.In my view, specific personal information is not the only driving factor behind cyber attacks. Often, the resources or the access you have to other systems is the overall goal. A common misconception held by many individuals and organisations is that if they do not have anything of value on their systems, they are not likely to be attacked. Or the hackers have nothing to gain from copying all their information.But that is not the case. I recently told of one case where hackers used the shopping habits of the staff of a private organisation that was obtained from credit charges to launch an attack. The hackers were able to easily compromise the server hosting the website of the fashion retailer frequented by the employees and replaced the original PDF menus with a new set that had malware embedded in them.
Thus, when the organisations employees were viewing the latest designer cloths from their secure machines, they were downloading the malware as well.These are just some of the ways hackers can take advantage of the information gathered from attacks. Unfortunately, the only limiting factor is the creativity of the malicious party.But in this case, hackers were very creative.The attitude of individuals and organisations needs to change in order to prevent cyber attacks. There has to be a fundamental understanding that, when online, everyone is a target and that none of us are too small or unimportant.It is also important to change the attitude to incident detection and handling. We can only get better at the defence part if we learn from previous experience, painful and costly as that may be. The reason we know about some of the attacks mentioned above is because they were detected and investigated.Most organisations do not consider incident handling as a core component of cyber defence. And as long as that continues, the improvement in the cyber security will be slow.Concerted effort to treat cyber security seriously is more ideal than an expensive auditing exercise.Majority of organisations are looking at cyber security as a compliance task and thus do the minimum possible to achieve that.However,my view is that using the cyber security requirements as a way to improve overall security will help avoid costly and damaging incidents for individuals or organisations.