What do we learn and what can we teach from the cyber attacks happening all around us? Or do we just sit back and say, “there’s another one”? If among us we include the trainers and training designers, evangelists, and business leaders of this world, is it not our role to try to educate our staff (and potentially our future staff) in how to be more web savvy?
Every single day we see something in the papers or on the news about yet another attack. “The head of security at xxx has been hacked,” “GCHQ backdoor found,” “After Snowden, how vulnerable is…” We also see 300 thousand, 40 million, or 60 million credit cards or personal accounts or bank details hacked, stolen, accessed.
In the next breath the media publishes the top 20 most-used passwords in the world today. Top of the list is “123456”—seriously? Or how about “starwars”? Someone told me they could not remember their passwords, so they changed all their passwords to “incorrect.” When they typed any random set of letters or number into a password box, a pop up told them that their password was incorrect—ah, now they remembered it! Do you wonder we have some problems?
Thinking like a thief
To understand what we can learn and what to educate, we have to get inside the head of the cyber thief and understand a little of what they are doing. Sounds easy, but trying to explain what is really going on is an uphill struggle. Each time we get a handle on what is happening, the thieves do something different. I put together the following analogy to try to show the whole picture in the simplest terms. Once we have that picture we can move forwards.
Cast your mind back to the old Wild West where gun-slinging robbers, wearing leather chaps and a mask over their eyes, got off their horses and shot up the small town bank to steal the money. In those days there was a small room in the bank that held the cash. The thieves would walk in with guns blazing, fill a saddle bag with money, and ride off into the sunset with a posse on their tail. Come forward to today and the thief walks in and steals your data in broad daylight and has all the IT techies trying to work out where he went. Has anything changed?
So back to our story. To stop the gun-blazing attack, the banks realized they needed to build a vault for the money. These got more and more complicated as the decades went by with bigger locks, time locks, then bars at the windows, security devices, closed-circuit TV (CCTV), and now armed security personnel standing guard outside and inside when the bank is open.
The thieves got clever and stopped trying during the day with all this security. They started to work at night or weekends when the bank was closed, so they could not be seen. This is not too dissimilar to the cyber thief who comes in quietly and hides—not wanting to be found. To stop bank robbers attacking at night, bank owners put even stronger locks on the doors, followed by walls around the building (firewalls in the IT world). When thieves climbed over the walls or cut holes in them, owners made the walls taller and stronger. They added guards behind the walls 24/7 in the bank.
The walls however still don’t stop the occasional thieves. Over the Easter 2015 holiday, the biggest heist ever in UK history was attempted by a group of eight middle-aged and elderly men who cut through concrete walls and raided the most secure vault in London, only to be foiled by modern-day technology they did not understand: CCTV caught the leader parking his own white Mercedes convertible just around the corner, and the group called a cab for the getaway. They made a haul of jewels, cash, and other valuables worth millions of English pounds.