Published on 04/09/2015 in Tech, tips & tricks
Graham Cluley has been working in IT security for 20 years now. He watched cybercrime take flight from close up. “In the past, software suppliers sent their updates by post”, he says. “Every three months, the client received a floppy disk. Now we have to update all the time, because 300,000 new viruses appear every day!” At the same time, the nature of the beast has changed. Once viruses were no more than a form of electronic graffiti: sometimes funny, usually just annoying. “They mainly caused inconvenience and unnecessary work, just like traditional graffiti.” Later on, e-mail viruses appeared, and financial motivation reared its head. That led to an unceasing flow of spam and all sorts of unsavory ware: malware, ransomware and scareware, to name but a few.
Hackers at the office
“At least you could do something about malware”, Graham Cluley says. “These days, you often don’t even know you’ve been infected.” But however sophisticated IT security may have become today, the human factor still remains the greatest risk. “We know the phenomenon as social engineering: hackers who pretend to be someone from the company via e-mail, for instance, and manage to worm out passwords that way.” Sometimes hackers quite simply go along to the office themselves. “They say they’re from the IT department and they’ve come to take a look at the computers. Staff might find it odd, but they don’t dare ask too many difficult questions. No-one likes to come across as unpleasant. But in the meantime, the hacker may well have put a piece of malware on the computer using a USB stick.”
Hacking and malware now come up in espionage and armed conflicts, too. The NSA scandal revealed that virtually every country is involved in cyber espionage. “Even the Greeks used a Trojan horse”, Cluley jokes. “Spying via the internet is easy and cheap. Not only to watch the enemy, but also to keep an eye on your own people.” But aren’t these things that are far removed from the average Belgian SME? According to Graham Cluley, no. “Hackers often use small companies as a stepping stone to penetrate somewhere else. Ultimately, nothing is entirely safe, but you can try to control the risk.”