Internet crime is big business
First Cybersafety Summit stresses online diligence
It’s a growing threat that has evolved from solitary hackers hiding in basements to highly organized criminal networks spread around the world. Victims range from home computer and cellphone users to large institutions (like universities) squarely in their sights.
Cybercrime is on the rise, but so are efforts in cybersecurity and education at Mount Royal University for students, faculty and staff to put into practice at the University and at home.
“The number of cybersecurity incidents in Canadian higher education institutions have increased substantially over the last couple years,” says Michael Barr, chief information officer at Mount Royal.
“As you might expect, phishing, user account compromise and ransomware are our biggest concerns. Bad actors have figured out that breaking the security barriers of a person is a lot easier than breaking into the well-established technical defences of an enterprise environment. For that reason we have created an extensive cybersecurity awareness program that we constantly keep updating to stay relevant.”
Giving intruders ‘an entrance’
On Oct. 17, the Cybersafety Summit held at Mount Royal brought together a number of experts on online security.
Mount Royal business professor and entrepreneur Kris Hans spoke on the Internet of Things and asked, “Just because we can, does that mean we should?”
Internet-connected gadgets, devices and appliances ranging from thermostats to smart-phone garage door openers to smart TVs and fridges are “cool” and in some cases offer great benefits to homeowners and to society, Hans acknowledged. In one case, smart doorbells even reduced crime in a problem neighbourhood. But these innovations also open pathways into an owner’s home and information.
“By having a bunch of things attached to the Internet, you are giving intruders an entrance to your home.”
Protecting the homefront
Mount Royal IT training analyst Bernadette Pasteris strongly suggests securing home routers and all attached devices by remembering such simple measures as changing default passwords and user names. She also emphasizes countering what she calls “insider threats.”
“Who are insider threats? Grandma who comes to visit; your kids, your teenagers and their friends. Anybody who walks into your house is considered to be an insider threat.”
To do that she suggests each child have their own machine so they don’t touch their parents’.
“Kids have a habit of being curious; going places they shouldn’t and clicking on things they shouldn’t. So if you set up a machine just for them that is contained and will not mess with anything else, it keeps your entire network safer.”
Visitors should use guest access points that reach the Internet and nothing more.
“I think people think it’s important but don’t realize how at risk they are,” Pasteris says of cybersafety in an interview prior to the Summit. “I think there’s a huge underestimation of how easy it is if you don’t have the proper security set up for someone to get access to your stuff, really important stuff like your banking information; like your personal information, stuff that you can’t recover and it makes it easier for them to steal your identity.
“What I really want is for people to trust less; be a little more paranoid and a whole lot more aware.”
Kelly Sundberg, PhD and professor in the Department of Economics, Justice and Policy Studies, offered a fascinating window into “social engineering” informed by his previous career as a federal investigator. Many of the same deceptions used by law enforcement to elicit information from criminals are used for nefarious purposes by cybercriminals to convince their victims to divulge personal information that can be used for fraudulent purposes.
Most such schemes prey on factors like surprise, fear, guilt, complacency, arrogance, ignorance and curiosity.
“It’s the human element. As soon as you get human contact and they think you are a person of authority, they start to talk,” Sundberg says. “I can totally see why people fall for this.”
Be careful what you share
Staff Sgt. Corey Dayley of the Cyber/Forensics Unit at the Calgary Police Service wrapped up the day-long summit by urging attendees to help prevent cybercrime by educating themselves and their coworkers, limiting what personal information and ID they carry, and being careful not to share personal information with anyone unless there is a legal reason to do so and even then not without due diligence.
He stressed that we are only as secure as our social media circle and urged victims of cybercrime to report it. All agreed the need for education is growing as official IT security measures can only go so far with a system like Mount Royal’s that has upwards of 20,000 users.
“It’s getting worse, not better,” said Pasteris. “It used to be cybersecurity was something you only worried about because there was some dude in his parents’ basement eating pizza, drinking soda because he was bored and trying to wreak havoc and take down the world. Now it’s turned into big business.
“The Russian mafia has figured out they can make more money from cybercrime than they can from drugs and prostitution. And it’s less hassle.”
Oct. 26, 2017 — Peter Glenn