This post is based on a keynote presentation given at the 2018 FBI CJIS Symposium.
Cyber criminals’ greatest advantage is their superhuman reputation. Demystifying this false perception removes the assumption that they cannot be defeated. So, let’s talk...
Popular culture has perpetuated the myth that cyber criminals are masked thieves with computer skills indistinguishable to magic. Part of this can be linked to the news industry becoming profit-based. Reporters produce sensationalized stories, preying on the public’s vulnerabilities and pre-existing anxieties. The click-bait headlines and exaggeration has not only sold us their faulty stories but their biased ideas, as well. But just like everything else in Hollywood the realistic examples of computer exploitation aren’t entertaining enough to show on the big screen.
This widespread misrepresentation has only fueled the negative emotions end users feel when encountering risky situations. Understanding who the actual perpetrators are is the first step in being proactive when it comes to cyber security.
So who are these mysterious criminals and what is it they want?
Many cyber criminals are regular people with 9-to-5 jobs and families. They have bills to pay and quotas to meet. Not quite so exciting, right?
However, the motivations behind their criminal activity is where it can get a little more complicated. There are several different types of cyber attacks that Ben Desjardins, VP of Product Marketing at RSA Security explains.
Clearly, cyber criminals’ motivations are linked to the way they operate. Understanding the varying types of these attacks helps us identify where to defend.
One example is a phone call from a criminal posing as an authority figure, a suspicious pop-up ad, or a breach in a company’s security - whatever it is, the common theme is an exploitation of trust and urgency. Most social engineering attacks prey on our instinctive reactions to situations, not allowing us to slow down. People then react emotionally, with fear and panic influencing their decision-making.
With simple preparation or foreknowledge, these situations can be handled appropriately and even avoided. Slowing down cyber criminals with a security perimeter of trained people is key.
It all goes back to understanding and being informed. Knowing who and what we are dealing with is crucial to help reduce our susceptibility. Forewarned is forearmed.