Technology will be vital. As will collaboration between the public and private sectors. But to truly beat cyber crime, we’re going to need to check every single box…
“Every cyber attack is a warning. Now’s the time to react, before it’s too late.”
So ended my opinion piece earlier this year on the proliferation of noise amongst the cyber-security industry.
Last year when Tesco Bank was hit by what some are calling a ‘hack’ attack, the accounts of some 9,000 customers were compromised. And the attack cost Tesco £2.5m in reimbursement fees alone. But the sheer scale of the attack isn’t the most worrying thing.
What’s really concerning – more so than £2.5m being stolen from one of the UK’s largest companies – is the fact I could have published the above statement at more or less any time over the past year and magically ‘predicted’ any number of high-profile attacks.
Cyber crime is on the rise. So it’s just as well the UK government is doing something about it.
Biometrics, regeneration and a not-so-secret weapon
Earlier this year, Philip Hammond unveiled a new 78-page National Cyber Security Strategy that makes for promising reading – especially if what’s documented goes on to fruition.
The strategy talks of a determination to promote cyber security science and technology. It also suggests the government will work to ensure “human and behavioural aspects of cyber are given sufficient attention”.
This means a more focused and intelligent approach to countering cyber security threats, such as the increased use of behavioural biometrics and of intelligent whitelisting.
Computers could begin to harmlessly monitor individual human behaviour and pick out anomalies. In order to avoid detection, hackers would need to mimic individual nuances such as typing speed and mouse movement; an almost impossible feat for most criminal hackers.
And there are some more ‘pure tech’ developments such as advanced file regeneration; technology that breaks down and scrutinises file bytes in a split second. Clean versions of the file are then rebuilt and passed on to users, with no discernible disruption in the normal working day.
Technological developments such as these nest neatly into the new strategy. But technology will only get us so far. What we must also do is make greater efforts to address the human factor.
Up to 75% reduction in cyber crime – no new technology needed
As much as three quarters of all cyber crime involves some aspect of human error. For the most part, we’re kind, helpful, curious and obedient – and that makes us vulnerable to cyber attacks.
It’s incredible how deep these human traits really run. To hammer the point home, consider Connecticut, 1961.
A lab somewhere in Connecticut, 1961…
Professor Stanley Milgram has enlisted research participants in his study of obedience and – by extension – trust.
Each participant is to send voltages of current through the body of an unseen but audible fellow human being. The voltages won’t actually be administered – but shockers don’t know this.
Initial voltages are bearable. They’re little more than static.
But the voltages rise quickly. Eventually, they’re lethal.
Milgram’s fellow researchers predict less than 3% of participants will administer a final 450-volt mega-shock to a traumatised human being lying metres away – trusting that because the person telling them to do so is a ‘scientist’, everything will be okay. Incredibly, 65% go through with it – despite showing overt signs of distress themselves.
All because, as humans, we like to trust and we often like to do as we’re told.
What we must do when fighting cyber crime
It’s not hard to see how cyber criminals might exploit our tendencies to trust and obey.
When you throw helpfulness, hope, laziness, myopia, and a whole host of other human vulnerabilities into the mix, you might wonder why the situation is not much worse than this.
You might also start to see how important changing behaviour is when addressing cyber security. And to be fair, the government’s new strategy does indeed touch on behavioural change.
But as with everything, the devil will be in the detail.
Get things right and we’ll flourish. Get them wrong and we can’t.
Keeping up with the criminals
Technologically, the future looks bright.
If we can pair incoming innovations with behaviour change, we may well finally begin to take the higher ground.
And let’s hope we can – sooner rather than later.
Cybercrime is advancing. We need to keep up.