Why Information Security is a Hush Hush topic

Author: Gary Hibberd

Date: 28th July 2020

I’ll be honest, when someone tells me they think Cybersecurity is dull or boring, I’m a little confused. To me, it’s one of the most fascinating and interesting topics there is. Not just in a business context, but generally. I am extremely passionate about the topic, because I see how it fits into everyday life, and understand the relevance and impact it has on all of us.

Sadly though, some Cybersecurity professionals seem to lack this same drive and desire, and I believe it’s one of the reasons training and awareness in organisations is so poor, and possibly one of the reasons people think it’s a boring topic.

Why we need to improve our approach

If you’re looking to improve Cybersecurity practices in your organisation, focus on the message you’re giving and understand what desired behaviours you’re trying to encourage. The way I try and do this is to make Cybersecurity interesting and relatable. Does your security programme do that? Or do you talk about ‘Compliance with Policies’? If you do, then you’re probably boring people to death, and killing any chance of collaboration and support.

Making it interesting

When talking about Cybersecurity, I try and relate it to real life, and issues people are facing in everyday life. I look for stories and interesting facts that people will remember and find relatable and interesting. If you think that’s difficult to achieve, I would urge you to rethink your approach (or get in touch and I’ll show you how).

I often say to people that you only have to watch the news to get inspiration for ways to bring Cybersecurity to life. Almost daily, there is a story which is aired on the Ten O’clock News, that speaks directly to the audience we’re trying to engage on the topic of improving security.  Everything from phone hacking and tampering through to US elections and stories of Russia’s involvement with hacking Hilary Clinton’s emails. There are countless stories that can be used to illustrate why Cybersecurity and Data Protection are important.

Two stories in the last few weeks illustrate this perfectly.

Cybercrime = Crime 2.0

On the 2nd July we heard of the sting operation focused on the Encrochat devices, where the NCA hacked into servers of Encrochat and were able to decrypt secure messages and communications of drug dealers, and other criminal gangs. The story sounds like a plot line out of a James Bond movie, and I wrote a blog on this (click here if you’d like to take a look).

Every Police force in the UK was involved in the operation, which saw the dawn raid on over 740 suspects, two tonnes of drugs, worth £28 Million seized and £54 million in cash recovered.

While that may sound like a lot of money, the FBI just moved into the Premier League, with their arrest of a man who is said to be in charge of a Cybercrime gang which netted around £352 Million.

Lets go Fox Hunting

The FBI operation, codenamed “Fox Hunt 2”, followed months of investigation by the law enforcement agencies from around the world. The anti-cybercrime task force was able to track down gang members through false accounts they had created on social media, which the criminals used to industrial levels of fraud and scams.

The focus of the arrests and the key figure is Raymond Abbas, from Nigeria. Raymond is an Instagram influencer, known as ‘Hushpuppi’, by his 2.4 million Instagram followers. His account describes him as a Real Estate Developer and sees him posing next to luxury cars and shows him in videos where he’s seen throwing $100 bills as confetti at a wedding.

The sting operation was a truly international operation, which saw Cybercrime Police from Interpol, Dubai and the USA coordinating to arrest eleven people (including Hushpuppi), and seize over £30million in cash, and more than a dozen luxury cars.

In the operation, they also seized a list of over two million emails and contact details, of past victims and potential future targets. A large proportion of the alleged victims reside in the US, but Hushpuppi is also accused of committing fraud in Europe, America and Nigeria.

The scammers, led by Hushpuppi would pose as wealthy business men and would lure their victims into transferring large quantities of money to them, in the hope that they too could live the lifestyle which Hushpuppi and his cohorts lived.

Of course, as the saying goes, if it’s too good to be true, it probably is.

Conclusion

We live in an increasingly data-driven world, but we are also increasingly living in a highly complex and technological driven universe.  Technology and software is everywhere. It sits in our hands, on our desks. It drives our cars, flies our planes and runs our businesses and our lives. Our use of technology and our reliance upon it has meant that we are more susceptible to becoming victims of crime than we ever were.

Criminals, like any sector in society, have seen the advantages and opportunities that are made available through the use of technology, and they’re weaponising the technology, and using it against us.

Cybercriminals are more than happy to exploit our ignorance, or apathy towards Cybersecurity because it means that we are more likely to have our guards down. That’s why your Information Security and Data Protection training is so important. But don’t make it dull and boring.

Use stories like the one’s in this blog to get people involved and get them talking. Almost everyone now has a story of how technology has impacted their lives, both positively and negatively. Social media is a treasure trove of stories related to Cybercrime. These stores illustrate why it’s so important to have good Cyber hygiene and follow good practices that help protect people.

Speak to people about what matters to them. This normally doesn’t mean the profits or reputation of the business. It means their families and their loved ones. Make your training relevant and bring it to life!

Your training and awareness should be;

– Relevant – to the needs of your audience

– Engaging – to hold their attention. Make it fun, interesting, different.

– Appropriate – to your audience’s level of understanding and profession

The two stories I used here illustrate the impact that technology has and how easy it is for fraudsters to steal money from us.  Law enforcement agencies around the world are doing a great job to catch these people, but we are the first responders. Cybersecurity starts with us. It’s our job to help others see the importance of this topic, and recruit them to our cause.

If you’re inspired to make a difference and try and increase people’s understanding of this topic, then may I respectfully suggest that you get in touch with me and let me see how the team at Cyberfort and I can do this for you.

As the saying goes; Every great journey starts with a single step. But in truth, it starts before that. It starts by knowing you need to go on the journey in the first place. It starts with awareness.