A huge percentage of attacks are made at banking transactions. This happens when the subject B (which is actually a hacker) asks entity A to send the money to the familiar account – and, along the way, intercepting them. More often than not, it happens that the money stolen directly from our accounts is not a huge sum; this makes it difficult to detect by the account user. More and more people are making mobile payments, creating profiles on various social networking sites, or leave personal details on online gaming sites. People have a tendency to exhibitionism when it comes to personal data, but we must remember that everything on the internet should be protected just as it is in the physical world. "Once the internet was regarded as one of the media alongside radio and television, but today you have to look at it as a utility, such as electricity or gas. It has became commonplace to use it for various purposes, not necessarily good ones, so it's important to create a policy for access to personal data for us – and for our children's children," said Maciej Potoczny, a solicitor, a partner at Porwisz & Partners.
All traces and information left online by a user help to put together an identity in electronic form, which allows them to be treated as an individual. Login, password, date of birth, telephone number, personal identity number (PESEL) – this is the kind of data that make it easy to identify a given person. Identity can now be gathered using pictures from Facebook. Photography can help you get an incredible amount of information that is easy to monetise, eg. by creating personalised advertising that allows a user willing to purchase recommended merchandise. Participants were made aware of how many facts about a person can be obtained once you know their PESEL (the number of children, divorce, spouses, etc). And yet, so many people will unthinkingly enter their PESEL number onto an online questionnaire.
Identity theft is one of the most common forms of cybercriminal attacks. Michael Czarnocki, a board member of Safreum, stressed that the easiest way to steal identity is by targeting minors. Children enjoying the benefits of the internet can unknowingly transmit large amounts of data, which can be used to build up a complete identity, based on data gathered since childhood. Therefore, in 2011 the Polish penal code introduced a new crime, impersonating another person and using their image or other personal information for the purpose of theft or personal damage (art. 190a § 2k.k.). "A common victim of such crimes are also entrepreneurs; losses in the US economy, caused by the theft of data and building another identity amount to billions of dollars," said Tomasz Rytlewski, a partner at Porwisz and Partners.
The speakers agreed that to avoid cyber attacks, it is necessary to raise awareness. Staff training should not be limited to companies’ IT departments, said Mr Czarnocki, stressing the need to conduct workshops on how to create passwords. It is not necessary to have a 30-digit password, but a good one can be easily constructed in a suitable manner. "In today's online era, such courses should be offered as early as primary school," he said.
One of the questions from the audience was: "Is it not the case, that the amount of cybercrime is less than it was 10 years ago? We have access to knowledge, better security, awareness is increasing – or is it rather the case that we are struggling to contain an ever-greater wave of attacks? "The answer was short and simple: The number of attacks may have not increased diametrically, but their detectability is increasing. They are often mounted on a larger scale, as new technologies make this easier.
So how do we protect the information that we put into the network, information that the internet remembers and uses without our knowledge?
- Use other browsers than Google, ones that are protected
- Use another (non-commercial) e-mail service provider
- Separate information that’s sensitive; try much harder to protect it than that which is less sensitive
- Use phones with software that allows for the separation of personal and business use
- Think twice when a service provider offers you ‘improvements’ that may compromise your online security, such as changing a password for a PIN (which indeed is easier to remember but faster to break).
After the training, participants had a chance to exchange business cards and question the speakers individually.
To give you an idea of the scale of the risks posed to business by cybercrime, we encourage you to watch the following videos:
Hacking in real time:
Identity theft and finance: