MY TAKEAWAYS ON THE INCREASING RATE OF CYBERCRIMES AROUND THE GLOBE

Following recent news about the increasing wave of cybercrime activities across the globe, I came up with the following takeaways:

1.    Internet fraudsters are basic but more basic are their victims/marks. Common cybercrime tactics such as phishing ought to be easily detected in the 21st century by any professional working in the business environment. Phishing tricks are very common such that they virtually follow the same tricks and approach 95% of the time. It is basic rule of thumb nowadays to verify web links/URLS before even clicking them. Also, passwords and sensitive information such as financial/banking information such as ATM PINs, internet banking passwords, etc should not be shared or disclosed to a third-party via the internet. Proper crosscheck should be carried out when a user receives a mail claiming to be from the user's banks or financial service provider. Before attempting a password or PIN reset via a request coming via a mail; due diligence should be carried out before proceeding.

2.    Top level officers, C-level executives, board members and high level officials of top organisations are very susceptible to online fraudulent activities, especially executives from the baby boomers generation and above. A high percentage of folks at the top level position in top organisations and fall within and above the baby boomers generation bracket have little or poor security consciousness on the internet. They often let down their guards and often very exposed; hence, they are the targets of many online fraudsters. Unfortunately, many of them are not aware of this and even when their attention is drawn towards this, they tend to take it with a pinch of salt and rebuff every ideas and suggestions to get them prepared against being victims of internet scams. And because these top level officers (CEOs, CFOs, etc) are the ones tasked with taking huge decisions, many of whom control the flow of money and cash flow in their Organisations; they are often the preferred targets of the internet fraudsters.

I have always suggested that continuous training and refresher courses on IT security and awareness be organised for top level executives of top organisations. Unfortunately, this category of officials are always too busy trying to chart a course/vision for the Organisation, thus, they don’t seem to have time for such. Many even don’t see the need for continuous ICT security awareness/training as they feel it is a waste of time and it doesn’t ad to the bottom-line of the Organisation.

3.    Online/internet scam is not a joke. Detailed efforts and quality time is spent by many of these fraudsters towards perfecting their schemes and enterprise. I always wonder why many of these young internet fraudsters cannot channel this same intelligence, energy, skill, efforts and time into doing legitimate businesses and come up with something much beneficial ?

Somebody once said that in looking for people to hire, you look for three qualities: integrity (character), intelligence (skill), and energy (passion). And if you don't have the first (character), the other two will kill you.

We can therefore conclude that most internet fraudsters possess some basic intelligence and energy but they lack integrity (character). They lack strong core values like; patience, contentment, honesty and emotion.

With the above said, according to Isaac Newton’s third law of motion which says, “for every action, there is an equal and opposite reaction”. This therefore means that the anti-graft agencies (EFCC, FBI, etc) must provide a greater or at least an equal action (in skill, time, effort, energy, intelligence) to be able to stand a chance in rivaling the actions of the online fraudsters and same goes for every internet users. Internet users must ensure continuous updating of their knowledge and awareness of the various methods utilised by these cyber criminals. It become easier to avoid falling a pray when the method being utilised by the fraudsters is already familiar by the potential or would-be victim/mark.

4.    Every internet or cyber scam can always be nipped in the bud if the target victim quickly detects and make a complaint to a determined law enforcement agency willing to clamp down the fraudsters. I always advise end users to report/flag suspicious phishing mails. This helps the mail provider agencies like Google or Microsoft to place such email address in a grey-list or blacklist and under close surveillance. This will also help necessary law enforcement agencies carry out a better investigation.

5.    The recent cases of successful cybercrimes reported on the media further reiterates my fear and reservations for cloud services provided by cloud solution providers. The Single Sign-On (SSO) advantage of platforms such as Microsoft Office 365 happens to also be a disadvantage. The Single Sign-On (SSO) happens to be the Achilles heel of the Microsoft Office 365 platform and other related platforms that utilise the SSO system. Yes, SSO provides organisations and enterprise systems with several benefits such as; convenience, speed, transparency, and less work at the back end but the same SSO has its own drawback which is, once that single login credential (password) is in the possession of a rogue or cyber criminal; this grants a complete access to all other applications in the system; hence, giving ample room for a rogue to carry out multiple attack/collateral damage until an intrusion is detected and by then, it might be too late.

In conclusion, it is the personal responsibility of every internet user to ensure their safety on the web and ensure they do not fall victim to cybercrime. Organisations may have ICT policies and standard operating procedures guiding every end user but the onus lies on the end users/individuals to ensure they are properly mitigated against the risk of internet crimes.

What are your views/thoughts? Feel free to share them in the comment section.