Today’s threat landscape is very complex. Cybercriminals use a wide
range of threats to hijack people’s computers and to make money
illegally. These threats include Trojans of many different kinds,
worms, viruses and exploit code which is designed to enable malware to
make use of vulnerabilities in the operating system or applications.
Cybercriminals also employ a range of sophisticated techniques to hide
malware activity or to make it difficult for anti-virus researchers to
find, analyse and detect malicious code.
So it’s easy to see the problem of cybercrime, and solutions to it,
purely in technical terms. But I believe it’s also essential to deal
with the human aspects of cybercrime.
Humans: The weakest link in the security chain
Notwithstanding the technical sophistication of today’s malware,
cybercriminals often try to exploit human weaknesses as a way of
spreading their programs. This should come as no surprise. Humans are
typically the weakest link in any security system. Securing a house is
one example: you can have the finest burglar alarm in the world, but if
you don’t set it, then it offers no protection at all. The same is true
for online security. Cybercriminals continue to make extensive use of
social engineering, i.e. they try and trick people into doing something
that undermines their online security.
We see this in the continued success of phishing scams, designed to
lure people to a fake web site to disclose their personal information,
such as usernames, passwords, PINs and any other information that
cybercriminals can use. The classic phishing scam takes the form of a
speculative email which is spammed to millions of addresses in the hope
that enough people will fall for the scam and click on the link in the
email. Such attacks are still conducted on a frequent basis.