Computer criminals look like everyone else. There could even be a cyber criminal in your business. There will certainly be many cyber victims. In the early days cyber criminals used spam. Our IT specialists quickly put in place spam filters to minimise this potentially harmful, but largely annoying phenomenon.
The trends are:
*Remember the biggest US military security leak (reported) in history was committed by ‘one of their own team’. They clearly lacked adequate out-bound protection of data.
Today cyber criminals are far more sophisticated and using low volume targeted approaches designed to get you, or any of your team or family to respond or click on some action.
Typical Cyber Criminal Process
- Reconnaissance – Find out about you eg Facebook, LinkedIn, Google.
- Lure – Send a personal communication to you that is plausible.
- Redirect – Divert response to any site/server eg false or shortened web links. When not paying attention shortened links look correct.
- Exploit Kit – Install malicious code deep in your system.
- Dropper File – Collect desired information in file in your system.
- Call Home – System connects to criminal’s server.
- Data Theft – Transfer your data to criminals.
Case Study of a Cyber Attack
A Melbourne based website hosting company was the victim of a cyber attack in June 2011. The host servers were hacked and all the data destroyed, including the company’s and client’s information.
Even the back-ups were destroyed by the malicious attack. The company was forced into receivership after it was unable to recover vital information. It had all the usual anti-virus software and rudimentary disaster recovery plans, but none were adequate for the circumstances they found themselves in.
Mobiles and “apps”
Even legitimate apps can be a concern if they lack security features. A recent study by IT specialists, Websence, reported 8 percent of free apps are vulnerable to “man in the middle” attack, and 40 percent of apps allowed researchers to access transaction details. Suspicious apps typically ask for permission to; send, receive or write an SMS, install packages or receive “WAP push”. Eighty-two (82) percent of malicious apps involve SMS messages
Lesson for Safety Professionals
Most organisations are developing ever increasing reliance on computer systems to collect data, analyse it and provide timely reports.
Unless you are a deep specialist in computer systems, you and I can’t possibly anticipate every clever cyber attack.
However, we can insist on the governance and risk programs to include “information security management”, and periodic audits by IT security specialists.
Safety Action are specialists in workplace safety, not IT, but we thought our readers might find this article of interest.