There are some organisations for whom information security is paramount. Both public and private sectors spend billions protecting themselves and try to prevent digital fraud. Digital fraud effects everyone and it’s not all about gaining access to money. In the 21st Century information is as commoditised as any currency and suffers from similar fraudulent activity.
All sectors of business try to protect their commodities, having to follow and demonstrate their compliance to regulatory bodies. In addition to securing things they can control, it is important that they try to influence the things they can’t.
Digital Fraud & Human Nature
Human nature and human need defeats basic security controls. Trying to lock down every desktop in your organisation will always result in some exceptions. You can try to control these with a formal policy but you won’t be able to stop all the people who have a personal need. A framework to control what is exempt from policy to be exempt won’t stop ‘Dave’ plugging in malware infested device to get a recharge.
When you consider the prevalence of mobile malware, this becomes a problem as it provides entry points for the bad guys to get in.
In every development sprint or design phase you employ a security architect to harden the solution. But you must consider the way your user thinks. Organisations easily forget that users are more important part of a design than the security appliance that they’re purchasing.
Just like a server or an application, users have properties, behaviours and the ability to retain information. To an extent, you can programme them to behave in certain way when they come across a set of conditions. User behaviour and user programming can go a long way to preventing digital fraud.
Take Cash Machines for example (or ATMs for you Americanized people). We all know what they normally look like. Most of us also know not to use them if they don’t look like the bank intended. This is because we know about ‘card skimming’, where someone uses a legitimate transaction to steal card details. The fraudster fits a device to read the details off the inserted card and then something else captures the PIN as it is typed in.
Why do we still put our cards and details into machines that look dodgy?
My local banks cash machine is in the photo to the side and cross the banner of this page. Because it’s surrounded with hazard tape and the ‘out of service’ indicator is permanently red, you would presume it isn’t working. Yet is still used by hundreds of people every day because it still dispenses cash.
When you know that something is wrong with the security of a solution, why do we still allow it to be used? It is that we are lazy? Do we just not care? – or are we inadequately aware of the real dangers?
Secure the Human
People over the age of 55 are more to targeted by online fraudsters, which in turn cost the UK banking and insurance industry just over £1 billion in the year leading to June 2016.
The far uglier side of digital fraud is the nefariously pretending of being something online that you are not. Consequently, the commodity being stolen is innocence. 40% of children have chatted online with a stranger. Furthermore, each of these online chats have the potential to turn into far more dangerous situations.
I spend a considerable amount of time preaching the need to ‘Secure the Human’. I’m an advocate of any recognised cyber essentials education, recommending both West Yorkshire Polices Get Safe Online evenings and (ISC)2’ s Safe and Secure Online training.
This is why Unshakeable Salt is proudly sponsoring Catalan Under 9’s football team in 2016/17. Rather than running faceless awareness campaigns at work, we want to connect with people who are not digitally savvy.
By being the prime shirt sponsor and match day balls, Unshakeable Salt hopes to educate local families about staying safe and secure online. As an organisation we want people to be able to protect themselves from digital fraud. By teaching all ages groups across the family unit, everybody learns what they can do to protect their families online whilst becoming more responsible digital citizens. This not only helps prevent digital fraud at home, but with a greater awareness it increases security in public and ultimately at work.
Everyone connected to to Catalan can come along to our free courses. We strongly encourage all players, family members, coaches to come along, have fun and learn.
Perverse Patching Policy
There are some organisations for whom information security is paramount. Both public...