It is, unfortunately, a great time to be a cyber criminal. New phishing and ransomware scams allow hackers to get paid well, and, importantly, quickly.
It was very different a few years back. Most hackers’ modus operandi was to steal credit data and then try to sell it, per record, on the dark web. It was not exactly an easy pursuit.
“Those strategies are hard, time consuming and do not even guarantee big money anymore because there is so much data out there for sale,” said Jeremy Barnett, senior vice president of marketing at NAS Insurance. “Right now, it’s the financial fraud aspect of cyber crime that is easy pickings. It is not traceable and criminals are able to be really effective in getting paid quickly. They hack a system or network today, get paid and move on.”
The reality is that every phishing scam relies on the target making a ‘mistake’: falling for the ruse constructed by the hacker and executing their instructions to send funds via a transfer for check. Without that human error, the hackers would be much less successful. One place is to start in mitigating phishing and ransomware is what Barnett calls “credentials, or security, hygiene.”
“Your credentials have to be temporary these days,” he said. “We live in a world right now where people have the same credentials for months or even years. So, if something was compromised months ago and it wasn’t changed, and you are not forced to change, you have a greater exposure. We have to come up with ways to force credentials to be refreshed more frequently so that anything that is stolen or compromised isn’t going to be effective 90 days later.”
Two factor authentication systems could also play an important part in preventing hacker’s attempts. Barnett sees systems that allow the user to log on but require another level of security before a transaction can be executed as becoming a common safeguard.
Awareness of cyber perils is, of course, also key.
“We are at a stage where this stuff is relatively new. Most people are unsuspecting and naïve, they think that when they receive an email, it is from who it says it’s from,” Barnett says. “When we get a request to do something, we want to do it, but there has to be procedures in place that prevent any single person from making a single expensive mistake.”