For me, the highlight of this year’s “Fraud & Cyber-Crime Symposium” was high-fiving former FBI agent Gregory Coleman, the man who took down The Wolf of Wallstreet. It seemed like a cool thing to do, so I did it! 😉
Whilst having fun and networking with fraud and security professionals is a welcome bonus of this great event, the main focus is on educating the high level managers and executives, sharing knowledge, learning about new and emerging threats, breaking down recent take-downs, and working out what “We” can do to help better protect our businesses, our clients and our friends and family from the ever advancing threat of fraud and cyber-crime.
According to ScamWatch, Australians reported over $80 million lost to scams in 2014! What’s horrifying about this is that most victims of a scam are repeat victims!
Intel (the guys who make the microchips that power most of our business computers) sent 19,000 people a range of phishing email attacks. Only 3% of the group could identify 100% of the emails as fraudulent. A scary 80% fell for 100% of the phishing emails!
The general consensus I got from everyone I met was that no matter how big or small you are, no one has a big enough budget to fight the problem.
Identify theft is a primary target for cyber-criminals, with 80% of fraudulently produced identities now being based on real information, whereas up until recently 80% of the details on a fake ID were made up. The availability of central databases that can be used to verify the credentials on an ID have meant the fake ID’s need to pass basic checks. Name. Address. Date of Birth.
What are they using these fake ID’s for? How about walking into Harvey Norman and buying a new TV or couch on 60 months interest free? Or renting a nice Range Rover for the weekend and never returning it? Suddenly you get a call from GE finance asking for their money and you’re sitting there wondering what the hell just happened!
Medical data is now the #1 target for cyber-criminals. It is rich with personal information which will enable them to create fake ID’s, open bank accounts, buy things they can sell off, and move people around who otherwise shouldn’t be moving – terrorists, people smugglers, you name it!
But don’t think you’re out of the firing line if you’re not in the medical industry. They will happily correlate the data you store on your customers and with the data they’ve gotten from someone else’s database and put the details together. Heck, why not steal a childcare centres database and just put those records on hold for 15-20 years? Anything is possible.
These people are SMART. They are constantly testing new techniques. They are constantly evolving their processes. And no matter what you think, they don’t think like us. It’s not even a matter of them not having a moral compass. It’s just a different world where they see ‘us’ (our identities and our money) as a resource in the same way you or I see widgets as something we can buy and sell to learn a living.
But despite all this you don’t need to rush off and delete your Facebook account and disconnect from the Internet in an attempt to protect yourself. For starters, it probably won’t help much anyway!
The answer to the emerging threat of fraud and cyber-crime is simple. Education.
We really can’t hope to be ahead of the next wave of threats thrown at us, carefully engineered to pull at our heart strings or evoke some emotional response that inadvertently results in us falling for their trickery.
But we can pull our heads out of the sand and accept that the threat is real and it’s not going away. We can educate ourselves on the types of attacks they have been using. We can learn from the way in which certain criminal groups have been caught and the discoveries made as a result of those arrests.
The answer isn’t a technology solution. There is no “bulletproof” strategy. It doesn’t exist. It never will. But by accepting the threat is real, and encouraging discussions that start with security as a primary focus, we can better protect ourselves, our businesses, our friends and most importantly our families from becoming a victim.
This is a genuine, community service announcement. If you’re a Gold Coast business with 10 or more computers and would like your team to be better educated on the types of cyber-threats that they could be faced with, give me a call or shoot me an email and we will schedule a free 30-45 minute presentation to educate your staff on the emerging cyber-threats to watch out for.
I’m serious. Give me a call and we’ll tee something up. I’ll gladly come out and scare the pants off your team. But in the process, we’ll be educating them against the sort of threats which could land you in hot water – whether it’s a $1.7million dollar fine for breaching the Australian Privacy Act, or getting your data locked up by ransom-ware. It’s a worthwhile investment in everyone’s time.