In recent years, we have witnessed a swift transformation as more of our finances have been brought online. Growth in digital banking accelerated during the COVID-19 lockdowns out of necessity, but this added convenience led to a new set of challenges related to cybersecurity risk. With more at stake, criminals became craftier in their approach to accessing our information.
The ongoing war being waged in Eastern Europe has also raised a new set of questions regarding the influence of state actors in cyberattacks, and whether we should be thinking about risk differently in these contexts.
The most important psychological principal of cybercrime is human engineering, or the idea that criminals prey on fear and basic human empathy to elicit an emotional response to get us to act. This is why many criminals impersonate charities requesting donations, or a boss requesting a favor — people are generally less skeptical of organizations claiming to do good, and more willing to go out of their way for a person of authority.
This background helps explain why phishing attacks are the most prevalent ransomware delivery method, since the risk is minimal and the reward can be immense if the right person clicks through to a malicious link, opens a corrupted file or discloses some key component of their personal information. A ransomware attack of this kind is particularly deadly because one employee could theoretically open up their entire corporate network to the attacker. This was the case when Colonial Pipeline fell victim to a ransomware attack last year, when the criminals were able to access their network by stealing one password. What this tells us is to always stop before clicking a link to ask yourself, “Is this request in line with what this person has asked of me in the past?”
Despite Russia’s invasion and the threats made against the West, data from February shows that nearly three quarters (73%) of current security events are related to cybercrime, compared to the 7% of events related to cyber warfare. During this period, there were 16 events targeting finance and insurance, and only one was an act of warfare. All this is to say that financially motivated crime is still the most prevalent driver of cyber-attacks and the steps needed to defend against them are consistent, irrespective of whether the attack is financially or politically motivated.
The uncertainty of the past few years has taught us the importance of taking precautions and prioritizing preparedness, and the same outlook should be applied to cybersecurity. The following steps can limit the likelihood of falling victim to an attack:
Strengthen passwords. It is obvious that using the same password across many accounts would create a major security risk if criminals were to get ahold of it. In addition to employing unique passwords, using longer passphrases is even better. Sequences longer than 15 characters, with very specific words, characters and spaces make it significantly more challenging for criminals to guess. For help managing different passwords/passphrases, you can use a password manager. They are designed to store credentials in a secure place. Then, when you visit a website or open an app where you need to log in, the password manager will automatically fill in your credentials for you, thus saving you from having to remember your various passwords.
Set up multifactor authentication. You’ve likely experienced using multifactor authentication to access your company’s network, but it is equally important for protecting your personal accounts. Setting it up requires you provide two or more verification factors to access an account. This includes something you know (i.e. password), things you have in your possession (i.e. smartphone), or a personal signifying feature (i.e. fingerprint biometrics). The latter two factors present a much greater challenge to criminals, even if they happen to have your password on hand.
Update your software. While it sounds simple, updating your computer software as security patches are rolled out is a very easy but important way to stave off cyber threats. When software updates are pushed through, the details about software vulnerabilities are typically disclosed and criminals can leverage these identified weaknesses to target victims that may not have updated their software yet.
Connect to the internet safely. While you shouldn’t second guess connecting to your home internet, accessing the web from public Wi-Fi networks in parks, airports and cafes can present a security risk, as it would be difficult to verify how secure the connection is. If possible, avoid using these networks, especially if what you need to do involves accessing sensitive information like checking a bank account.
Leverage security tools. Many tools have been developed in recent years to assist in prioritizing cybersecurity as more and more important information is held online. Browser reputation tools like Web of Trust, for example, are plug-ins that alert you to the anticipated safety of each website that populates in a browser search. Likewise, alternative browsers like Mozilla Firefox and Brave Browser have fewer exposed security vulnerabilities than more commonly used browsers like Google Chrome and are able to promote privacy by limiting data mining.
As digital finance continues to evolve and new technologies emerge to simplify our financial lives, practicing regular cybersecurity “hygiene” to protect our information and assets will ensure bad actors won’t succeed.