When you consider that it’s only been approximately 25 years since both the internet and mobile phones were fully commercialised (even the first iPhone was only released in 2007), it’s really quite astounding how rapidly technology has now immersed itself into almost every aspect of our lives. Within a single device, most of us now manage our communications, schedules, work, address books, banking, wallet, social life, relationships, shopping and private photographs. If you then add the IoT (the internet of things), maybe you even control your car, your home and even your security systems on that same device, too. Like it or not, from the moment you wake you up in the morning, to the last thing you check before you go to sleep, you are likely chained to it. Brilliantly helpful it may be, doesn’t it make us especially vulnerable? I’m sure someone once said to me that putting ‘all your eggs in one basket’ wasn’t necessarily a good thing. The questions is, do we really have a choice? The online world shows no signs of abating in its takeover (read as ‘taking-over’) of our entire lives. We have little choice. We must evolve, adapt, and participate in the growing ecosystem that is the internet.
We are now co-habitants of two separate worlds – a ‘real’ one and an ‘online’ one. Both worlds can often represent different things. From groups of friends, colleagues and associates, to even our sentiments and the opinions which we form. Have you ever expressed something online, that you probably wouldn’t in the ‘real’ world? Saying things in the virtual world is somewhat easier; less shackled by the conventions and good-manners that we would be mindful of if saying out loud in the real world. Chipping in on a comments thread with opinions or remarks that could be deemed political, offensive or even antagonistic can also be, let’s face it, even amusing at times. It’s also not that surprising really that ‘trolling’ has also become an increasing issue, with 45% of UK adult internet users indicating that they have experienced some form of online harm1. People think and can often feel it’s easier to potentially express themselves online – without the filter or the risk that they would have, face-to-face, with their friends or colleagues, that would likely result in disdain, judgement, ridicule or even a good hiding. As some are discovering, the online world can sometimes bring out an entirely different persona in them. This is likely due to the anonymity offers to hide behind. And here lies the problem.
I’ve dealt with such a wide spectrum of cases over the years from extortionists through to direct threats. All have differed, other than the commonality that a large percentage of them (other than the evidently criminally motivated) the perpetrators have often turned out to be somewhat relatively ‘normal’ people. Corporate executives, housewives, academics, charity workers to IT specialists. Most of whom you would likely walk past on the street or sit next to on the train and not give a second glance. Some, in a ‘real world’ sense, you might even potentially admire for their success or achievements, and wouldn’t believe for a moment could perform or carry out the heinous things their online alter ego would.
Which is why we should never, ever take anything online at face value. I wouldn’t generally be so trite as to trot out the usual tropes of ‘if it seems too good to be true, it generally isn’t’ but this mantra is something we need to always apply with virtually anything online.
Hackers continue to target unsuspecting browsers (as in people, not web-browser) who use platforms on electronic devices to purchase items. 91% of cyber attacks start with a phishing email2, which cements the sentiment that one should only open attachments or follow links from a trusted email address.
Fake deals and bait are blistered into said emails, as well as dummy websites, auction listings; even ads that pepper the sides of our screens every day. Avoid clicking these links, for not only do victims never obtain the “great” deal being dangled in front of them, but they also open themselves up to becoming susceptible to identity theft and/or bank fraud.
I know this is obvious advice, but we also forget that as adults, our most effective defence mechanism is often the basic human instincts honed over many years and with the battle-scars we’ve acquired and earnt through our own ‘trial and error’.
However, let’s not be entirely negative. The online world provides us with amazing abilities (education, communication, international friendships, instant access to information otherwise unavailable), but equally it also comes with risks; big ones. Not just the obvious ‘headline-grabbing’ ones. Some of these risks we can control but there are many others we can’t. Therefore we need to ensure that we protect not only what we do online and offline, whether that be our privacy, our profile, the information we transmit and even receive and, especially, where we wish to protect our information. As security professionals you will understand that any affective security needs to be defence in depth. The more doors the intruder has to walk through, the slower and harder their access will be. The more locks you put on those doors, the more difficult it will be for them beyond that. And the one thing that’s pretty universal with most common criminals is that they will always seek the path of least resistance. They’re lazy. They want to get what they can get, as easily as they possibly can and with the least amount of difficulty. Don’t make it too easy for them.
One of the ways we can do this is to make our digital profile as confused as possible. What do I mean by this? Well, I always like to equate our online profile as akin to a tapestry or jigsaw puzzle. Remember that TV show called ‘CatchPhrase’? The one where a few blocks of a picture were removed piece by piece and the contestants had to guess what the picture was as it is incrementally revealed? Equally, jigsaw puzzles. Quite often you could probably fill in maybe two thirds or the pieces and you could then work out what the puzzle picture was likely going to be. The same is with our online, or digital, profile. If we put too many pieces of our life online, we’re giving the enemy enough to ‘guess’ the rest of our picture. That picture could and will likely be our likes, dislikes, political leanings, preferences for holidays, romantic/sexual partners, banking, favourite football team or sports to even our preferred cat or dog food. And when it comes to our passwords, there’s a good likelihood that many of you reading this might gulp when I would speculate that something in that list probably features somewhere within your password preferences too? So my best advice would be to limit how much you want to put out there (don’t overshare) and throw as many few literal and proverbial curve balls into the mix; different usernames, different passwords, different email names and addresses. Make them think the picture they’re building on you is going to be a donkey when really it’s a lion.
‘The real problem is not whether machines think but whether men do’ – B.F. Skinner
Managing Director of ICP Group and TacticsON, has over 25+years experience in specialist security advising corporate and private clients across the world. A regular commentator for international media on risk, security and terrorism matters for the BBC, ITN, Sky News, CNN, The Telegraph, Radio 4 Today (to name a few), Will is a regular keynote speaker, and author of best-seller: Parent Alert: How To Keep Your Kids Safe Online
1OfCom, Kantar Media. (2018). Internet users’ experience of harm online: summary of survey research
2Data Insider. (2017) Online Article: https://digitalguardian.com/blog/91-percent-cyber-attacks-start-phishing-email-heres-how-protect-against-phishing