The February 2022 arrest of a married couple accused of trying to launder $3.6 billion worth of stolen Bitcoin highlights the novel threats new technologies – and new currencies – pose to digital security. As these threats increase, they complicate legacy cybersecurity efforts. The impact can be astonishing!

The increased use of social media, online networking, telecommuting, and mobile devices inadvertently gives cybercriminals ammunition for more successful attacks. How are organizations meant to defend their intellectual and financial property? Understanding the trends in technology use that make your organization susceptible to cybercrime threats is the first step in securing your data. Deterrence, detection, and mitigation programs to those threats are critical for safeguarding proprietary information from exploitation, compromise, and unauthorized disclosure. Take the time to develop cybersecurity capabilities that leverage policies, networks, systems architecture, and human resources. This approach fundamentally improves the odds of your organization stopping a cyber-attack before it can wreak havoc.

The Effect of Technology Trends on Cybercrime

As we’ve explored in some depth already, cybercrime comes in many forms. These attacks include:

• Data leaks
• Data modification or destruction
• Distributed Denial of Service (DDoS), in which access to a system is impeded or denied
• Ransomware attacks, where the use of targeted files requires a ransom to be paid before the restoration of the data

In most, if not all, of these cases, the advancement of new technologies  – and the cultural shifts accompanying them – has opened new possibilities for criminal misuse. The shift in dominance from landlines to mobile phones has enabled cell phone spoofing schemes. The economic shift from cash transactions to electronic for everything from garage-sale purchases to income taxes has given rise to the oversharing of Personally Identifiable Information used for identity theft. And reliance on email rather than verbal or paper communication as the preferred method to communicate and record correspondence has powered phishing, spear phishing, whaling, and other email-based scams.

The internet’s ability to provide data anywhere and anytime has raised expectations for on-demand information. The cultural shift to expect 24-hour availability of online purchases and access to online self-service for commercial and government services has increased exposure to ransomware, spyware, and DDoS attacks. The common denominator for all these attacks is that the attacker typically profits from the attacks through direct payment, redirected funds, free services, and other information for personal use and bribery. The low rate of criminal prosecution for cyber-attacks lends further incentive for criminal mischief. Cybersecurity must adapt to manage these ever-changing technology trends.

Reliance on Mobile Devices

The ability to be connected anytime and anywhere is now the rule rather than the exception, especially as work settings have shifted out of centralized office spaces. With the increased use of mobile devices comes a host of new vulnerabilities. The hybrid nature of their use, including emergency, routine, and recreational applications, exposes a person’s identity and preferences to anyone who gains access to the device. The more personal information that is stored on a device, the greater the chance of identity theft, but less obvious challenges abound:

The proliferation of Wi-Fi Access

Mobile device use thrives on Wi-Fi hot spots, which are commonly supplied by businesses as a convenience to their clients. In the mobile device industry, Wi-Fi capabilities come standard with most devices. Add Wi-Fi access to the current cultural expectation to have access to information immediately, and users browse sites and make online purchases without stopping to consider that attackers may be watching the device or computer.

In the past, caution was taken with physical credit cards by adding a three-to-four digit Card Verification Value (CVV) security code to the account number or by shifting to the EMV (Europay, Mastercard, and Visa) computer chip system. Unfortunately, these precautions do not address transactions that do not require a physical card to be present. Therefore anyone with the appropriate blend of information (account number, billing address, name of credit card holder, and CVV) can easily make an online purchase. For this reason, public Wi-Fi should be used only for information in the public domain and information that does not require secured sign-on.

The temptation to read emails from anywhere public Wi-Fi is available increases exposure to attacks. When in this situation, consider texting or calling to communicate. Plan ahead for locations, such as public libraries or office locations, where secured Wi-Fi or hard-wired internet services are available. If it is absolutely necessary to read emails and no secured Wi-Fi can be accessed, keep the sessions as brief as possible, and remember to sign out completely.

Use of “Internet-of-things” (IoT) Devices

Using “smart” technology to perform tasks such as remotely turning on vehicles and adjusting heating and cooling systems at home while at work has given attackers another point of entry. Banks have been hacked through the Closed Captioning Television Cameras. At least one casino was infiltrated using a thermometer in a fish tank.

With the convenience of Artificial Intelligence (AI), the technology landscape and subsequent security measures are expected to get more complicated. Cybercriminals will attempt to exploit the gap between the desire to have the latest technology and the implementation of security measures for that technology. Whenever adopting any new internet-enabled technology, be sure to pay close attention to potential opportunities for its misuse. Always consider whether the convenience outweighs the security costs.

Secure Online Interactions

Online interactions are unavoidable within the daily functions of an organization. Constant adaptation is required to thwart attacks. When a new technology emerges, organizational data security experts must keep pace to respond effectively. In the last decade, these adaptations have included email security (which we’ll discuss in the final article of this series) and online networking.

As social networks like Instagram, TikTok, Facebook, Twitter, YouTube, LinkedIn, and others have proliferated on corporate devices, security practices have had to keep pace. Best practice generally mandates that end-users abide by safe password practices, such as passwords that do not contain personal information and passwords that expire. Here are five other ways to thwart the efforts of identity thieves or attackers using social media:

1. As much as possible, follow precautions as to what data to post and what data not to post. As a rule, users should not post anything that would be asked when opening a bank account or applying for a credit card. This would include addresses, dates of birth, previously used names, social security numbers, or other PII.
2. Categorize information based on the type of website. An easy way is to divide the information as follows: if possible, do not use Facebook, Twitter, YouTube, or personal email for anything work-related, and do not use professional networking websites for anything personal.
3. Whenever possible, avoid the use of networking sites from mobile devices. Unless the mobile devices have added security features, avoid accessing these sites. Security features include multi-factor authentication, such as face scan, fingerprint scan, or voice recognition, in addition to a pin that locks the device.
4. Do not borrow other devices to check social websites unless the device that is being borrowed has the most recent security patches.
5. Make it a habit to click the logout icon, regardless of which device or computer is being used to access the networking site.

Conclusion

In the world of technology, change is inevitable. The security officers must stay one step ahead of the technology curve to develop proactive ways to stop the attacks and more effective ways to respond. Prevention and early detection of attacks are often due to excellent communication within an organization and effective training of all employees on what constitutes a potential threat. All of this requires continual employee, client, and public education on the best ways to detect, prevent and respond to cyber-attacks within the context of the newest technology.

Subscribe to Momentum’s news and blog portal to stay up to date on current cybersecurity trends, technologies, and best practices,

This post is adapted in part from a recent Momentum white paper, Technology Trends That Complicate Cybersecurity. To learn more, drop us a line at info@m-inc.com.