Cybercrime, Security Breaches and You – A Short(ish) Guide

There’s a common thread in the news recently of massive data breaches and leaks from equally massive companies. The giants of their relative industries, Rockstar Games, Uber, LastPass and even Cisco have all been hit with cyberattacks in the last month and had internal documents leaked onto the wider web.

So what is “hacking”, why are there more attacks now, how can we stop it and what does this mean for you?

What is hacking?

According to the Oxford Dictionary, “hacking” is defined as “the gaining of unauthorised access to data in a system or computer”. Put simply, hacking is the digital equivalent of breaking your neighbours window and stepping through the hole, but a bit more involved.

There’s a whole range of technical tools and techniques that hackers can use to find and exploit vulnerabilities to gain access. Many of these tools have actual, legitimate diagnostic use outside of hacking, such as network probes, port/IP scanners or packet sniffers. 

Hacking doesn’t have to be a technical endeavour, though. A new type of attack is on the rise in the form of “Social Engineering”. Using this method, hackers don’t need to be able to hack the system – they just hack you. By posing as a friend, colleague or even as an employee of your bank, a social engineering attack attempts to trick you into voluntarily giving up details such as login credentials or personal information.

Why are there more attacks now?

The Annual Cyber Threat Report 2020-21, released by the Australian Cyber Security Centre (ACSC) showed “over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year”, amounting to losses totaling “more than $33 billion AUD.”

Why might that be the case? It’s not a simple answer, instead being composed of a lot of little moving parts that worked together in just the right way to create these circumstances. 

But mainly COVID-19.

During the pandemic, mandatory lockdowns and “stay-at-home” orders were seen the world over, and the human race pivoted nearly overnight to a WFH model that saw the rapid adoption of IoT-enabled devices, remote learning, online shopping and cats continually interrupting Teams meetings. This caused three separate, yet interlinked issues (the lockdowns, not the cats).

Because of the haste with which lockdown orders occurred, quite a few businesses were caught off-guard and had to immediately implement new procedures, software and infrastructure to account for it. As with anything done quickly, there were bound to be certain things that were glossed over or missed entirely. This includes security concerns.

Concurrent with that, employees of these companies were faced with adopting new complicated policies and procedures, using potentially new hardware and software they haven’t been trained for, in an environment not usually conducive to vigilance for due process. In essence, people got lumped with a computer and a headset, given a manual on how to login to the new system and told to make it work.

As a result, you have relatively untrained employees using company services, accessing company data on company hardware that isn’t under internal company control, from external sources (not an internal network). Any system this complex will have bugs, issues and vulnerabilities, any number of which can be exploited and used to gain access.

The third issue stems from a universal human experience – boredom and curiosity. I’ll back up and explain.

What does boredom have to do with this?

While “hacking” in its purest form is illegal, there exists a subset of hackers that use their powers for good, not evil. These are called “white hats” (in contrast with “black hats”, but there’s an entire rainbow of hats that I won’t get into here), “ethical hackers” or “penetration testers”. They are hired by businesses and have been given the authority to use their skills to hack into systems for the purposes of auditing and evaluating security already in place, as well as consulting with internal teams to harden systems against future threats and attacks.

With the global penetration testing market having an estimated value of $1.4 billion USD in 2022 (according to MarketsandMarkets), and with that figure expected to double over the next five years, it’s no surprise that many people are interested in upskilling and vying for a piece of that pie. There are plenty of businesses offering training and education in the sector, with TryHackMe and HackTheBox leading the charge. Barring the paid options, the information is freely available online in the form of YouTube tutorials and white-paper writeups from security firms.

When you have a workforce that’s trained to do something and they have no work, the workforce will find other ways to stem the boredom.

Say you’ve signed up to one of these services and have learnt a couple of things. You’ve gone through all of the labs that are available to you and you’re up for a challenge. You also haven’t left the house in months thanks to lockdowns and there’s nothing else to do. You’ve already baked all your banana bread and your claymation project is on hold while you wait for more materials you ordered from Amazon. You need to find something to fill the time.

“Hey, this Netflix login page looks insecure, let me just…”

You, probably

And there you have it. The COVID-19 pandemic, consequent lockdowns and a group of bored individuals with a high level of technical ability created a perfect storm for cybercrime to breed, thus why we’re seeing a massive uptick in the last couple of years.

How can we stop it?

Plain and simple, we can’t. With state-sponsored hacking activities taking place across the globe and billions of dollars of potential profit up for grabs, there’s enough information and motivation out there in enough places that scrubbing the knowledge is all but impossible. But we can do some work to avoid or prevent getting hacked, and mitigate the damage if we do.

What does this mean for you?

Thankfully, there are ways to help protect your business, your family and yourself from cybercrime. The ACSC offers a list of steps you can take to secure your devices and accounts, which include:

  • Keep all internet-connected devices up to date with software/firmware updates
  • Use multi-factor authentication (MFA) for all accounts if possible
  • Keep regular backups of your data from all your devices
  • Use secure, different passwords for everything/use a password manager
  • Learn to identify a phishing or scam email

Other steps you can take are ensuring that your data is encrypted online (look for the padlock in the address bar), deleting old accounts for services you no longer use, clearing your browser data, not connecting to unsecured Wi-Fi networks and turning Bluetooth off when you’re out and about.

While I’ve mentioned in the past that if you’re an everyday user you probably don’t need a paid antivirus, there is no thing as too much security. That’s why we’re also offering 20% off of all Trend Micro Internet Security and Maximum Security licences purchased in-store within the next 30 days. Jump on that offer, it’s a pretty good one.

In conclusion, hackers and hacking is large, in charge and definitely here for the long haul, but by practising good digital hygiene and asking the question “should I?” before you click that link or give that password out to “Jeff from Accounting” over the phone, you’ll be better prepared than most.

About the author...
Picture of Ross Evans
Ross Evans

Put together from bits of scrap electronics sourced from various junk yards, Ross is the Tech House Business Consultant and blog post writer for all things regarding tech. Avid consumer of caffeine-based products. Hates trains. Is an actual wizard.