When falling victim to a cyber attack, it’s hard not to take it personally. Whether its ransomware lockingCOMPUTER FILES, falling for a phishing attack, or being blackmailed for stolen information, consumer cybercrime is rife and deeply upsetting to the victim.
This year, a trend has taken the personal cost of cybercrime to a whole new level. Whilst one in a long line of customer data hacks, the Ashley Madison breach this summer exposed how personal cybercrime can get when intimate customer information was revealed as part of a hacker group’s moral crusade against the adultery site.
Only a couple of months later, a further attack on consumers’ intimate lives culminated with a pornography app for Android, Adult Player, riddled with ransomware, demanding hundreds of pounds after secretly taking photos of the user from the front-facing camera.
This new form of ransomware moved away from the traditional encrypt and demand ransom, to exploiting smartphone capabilities to capture embarrassing photos of the user.
As more cybercrime cases threaten to expose the private behaviour of consumers, it’s clear that people’s online footprint is increasingly at risk. While naturally these threats have largely been discussed within the context of the user, this new trend also poses a significant risk to the companies’ information security.
Rise of the insider threat
The threat that employees bring to a company’s information security is a scary prospect to an IT director or CIO, whether it be deliberate or inadvertent. By and large, this threat is one of the hardest to mitigate with few solutions beyond cyber education for employees and monitoring online behaviour for signals of maliciousACTIVITY.
As consumers increasingly operate online, their private behaviour becomes easily exposable by malicious agents, and with this the threat of the insider enters a new realm.
Hackers targeting specific businesses now only need look as far as the online footprint of a single employee to manipulate into providing access to corporate networks.
Blackmail presents a significant threat to organisations, whose employees can be extorted into clicking onto malicious links or inserting a compromised USB stick into their computer. Once inside the network, maliciousACTIVITY is harder to identify and puts sensitive corporate data at risk of exfiltration.
Bring your ownVIRUS
The threat that bring your own device (BYOD) schemes pose to corporate data has long been explored within the cyberSECURITY industry. Vulnerable and malicious applications provide hackers an open door to create havoc in the networks.
Gartner predicted that as many as 75% of mobile apps would fail basicSECURITY tests in 2015. And while much of this is inadvertently built into apps through sloppy programming and/or the use of untested open-source and third-party libraries, cybercriminals are constantly seeking out methods to exploit these insecure apps.
Not only do exploited apps enable hackers to track high-profile individuals, steal corporate intellectual property and insert aggressiveADWARE for monetary gain, but they also provide another route for blackmail as they devour the contents of the individual’s phone. Among leading executives this could lead to significant reputational damage if any compromising content were found.
It’s not just through traditional cybercrime methods that attacks are getting more personal. As the number of connected devices in homes increases, hackers will potentially have access to the eyes and ears of houses to steal any personal orBUSINESS INFORMATION discussed.
When carrying out research into the security capacity of some Internet of Things (IoT) devices currently on the market, Veracode found thatSECURITY vulnerabilities within both the Wink Relay, a smart home controller, and the Ubi, a smart device enabler, could be exploited so that cybercriminals could turn the microphones on and listen to any conversations within earshot of the device.
It’s not just new smart home devices. Over the past couple of years, baby monitors, CCTV cameras and webcams have been hacked, frequently with the content available online. Content harnessed from hacking any of these devices could then also be used to support blackmail efforts or even capture business intelligence if located in a home office.
The consumer threat
Whether an internet-facing web application, a mobile application, or a connected device, those developing and producing this technology must uphold their responsibility toSECURING the consumer experience and information. Devices built with an unsatisfactory level of security may otherwise soon find themselves liable in the cases of personal or corporate loss.
Employing a comprehensive mobile device management (MDM) policy can help mitigate the threat of cyber threats introduced through BYOD and circumvent anyACTIVE threats that employees introduce through insecure apps.
However, a greater challenge lies in educating employees about the threat that their personal devices and their online behaviour pose to both their own privacy and that of company data.
Ensuring that employees understand not only the wider threats but also the personal consequences of cybercrime to the business, and their lives, will enable them to make smart choices regarding their online footprint.