Institutions are made of people, which are made of data, which is made of information, and that is the only thing they care about.
In the wake of the COVID-19 pandemic, online fraud has risen by 42%. Virtually every company has become a tech company, utilizing hybrid and remote work models and cloud technology, whereby sensitive data is shared online.
Business email compromise (BEC) is one of the most prevalent fraud schemes. In fact, $1.7 billion was lost to email account compromise in 2019, according to the FBI’s Internet Crime Report. The Harvard Business Review suggests that the average cost of a data breach to a U.S. company is $9.44 million, more than double the average global cost.
Online fraud, including BEC, is one of the most pervasive issues that U.S. institutions face. Its ramifications are only becoming more financially dangerous. Between 2022 and 2023, ransomware attacks targeting the healthcare sector have almost doubled, following research from the Cyber Threat Intelligence Integration Center (CTIIC). These attacks may cause the diversion of ambulances, a loss of communication between various health institutions, or even the cancellation of elective surgeries, according to the Cybersecurity and Infrastructure Security Agency (CISA). Criminals may gain access to personal, private medical records and histories and patient health record systems are rendered defenseless.
Regardless of location, the multiplicity of cybercrime remains pertinent and its reach extensive. All institutions are at risk, and the people within them are even more so. There are several ways to feel protected and remain secure while online, whether in a personal or professional setting.
I. Codes, cryptography, and WWII
In war, it is assumed everyone is reading your message. Today, it is assumed nobody is.
During the 1940s, radios represented the epitome of technological advancement and proved significant during the course of World War II.
Allied Powers, namely, the United States, utilized Native American soldiers as code talkers. They would use their indigenous languages – such as Choctaw or Navajo – to transmit messages the Axis Powers could not decipher, acting as a “code” against the Germans.
Alternatively, to disguise messages, the Germans used the Enigma, a machine used to develop nearly unbreakable codes. Its settings offered over 15 quadrillion potential solutions, and helped the Germans plan and execute attacks. The machine, originally developed by the Dutch to discuss banking secrets, was adopted by the Germans as military intelligence.
“Classical cryptography relies on the assumption that nobody can solve a certain difficult mathematical problem in a realistic amount of time,” reads an excerpt from Network Security.
Alan Turing was a British Mathematician and Philosopher. His expertise in algorithms and formal logic rendered him a natural cryptanalyst. In the early stages of WWII, Turing was able to construct a method known as “The Bombe,” a device that was able to detect the initial settings of the Enigma and, thus, decode its messages.
At the war’s end, the British used the Bombe to read only 10% of all German communications, enough to defend and attack against the Axis Powers as required. Their secret changed the course of WWII.
Within a decade of the war’s conclusion, Turing was prosecuted for allegations of a same-sex interaction. He died due to complications of cyanide poisoning, but only after enduring chemical castration as therapy for his homosexuality. The British government apologized for this treatment over 50 years later, and in 2013, Queen Elizabeth II declared him a royal pardon.
He will be remembered, not only as a turning point in the gay rights movement, but also as a pioneer in the fields of Artificial Intelligence and modern Cybersecurity.
II. The man in the middle
Computers operate using a set of switches, pipelines, and flows, all used to process data. In essence, the hardware establishes a tunnel, where a set of processing elements are connected through a series.
The pipeline’s elements take raw data, transform it in some way, and release it into a repository, where it can be processed and analyzed. When data is transmitted over a network – the Internet, for example – the fundamental unit of this interaction is known as a data packet.
The Man-in-the-Middle (MITM) refers to a type of cyberattack where a criminal inserts themselves between two communicative parties in order to steal data. There are several forms of this attack, and may be used to steal account details, login credentials, and even credit card numbers.
The criminal may impersonate one of the parties or simply eavesdrop on the interaction until sensitive materials are communicated. Besides spoofing or bot-generated messages, the attacker may set up a hotspot in a public setting and wait for potential victims to connect.
If malware ends up on the victim’s computer, the virus takes hold on the device’s switches. As data moves through the pipeline, the virus interrupts the flow and sends these data packets to an entirely different IP address. However, it happens in such a way that the data “leaks.” It is almost impossible to notice this small, trickling outflow of data – straight to the hacker themselves.
Unlike physical mail, there is no clear way to tell if an electronic message has been tampered. The victim may never realize they were hacked — unless, say, that person was using a supercomputer.
Quantum computing may offer new forms of MITM attacks, but even better, new forms of data protection. Supercomputers can process extreme volumes of data; in fact, they can perform trillions of calculations per second.
From physics, photons are particles that behave like waves. They travel at lightspeed and are less susceptible to interference than other charged particles, such as electrons. Using these principles, computers may achieve rapid data transmission with minimal energy loss.
Imagine someone about to send an electronic message. They encrypt it using a key only the receiver knows. However, their device is infected, and a MITM tampers with the message.
Even though the message remains, quantum physics suggests that the photons themselves will change, and thus, the information. Using a supercomputer, the receiver may realize that someone in between has read this private message, which renders the communicative pair on high alert.
Quantum computing may revolutionize cybersecurity professionals’ ability to mitigate attacks. Unfortunately, these discoveries may also open the doors to new forms of cybercrime.
For those who do not use supercomputers, extra precaution is needed to make sure personal messages stay personal.
III. Trust, protection, and security
Most responses to cybercrime, especially phishing and BEC, rely exclusively on the user’s ability to spot the attack. Especially in the context of compromised emails, it becomes difficult for filtering systems to differentiate spoofed from genuine messages.
Look out for “ticking time clocks.” If a message seems to convey a sense of urgency, it is likely because a criminal is encouraging people to act without thinking. Phrases such as “Your account will be terminated” or “Your data will be lost if you do not login” are used to instill panic at the victim’s end.
For those working in public, like a coffee shop, make sure to use a secure VPN before connecting to the free wifi. It is best to know someone personally before connecting to a random hotspot.
Messaging systems, like Signal and Whatsapp, offer end-to-end encryption between sender and receiver and are a worthwhile option to consider, especially compared to iMessage. For secure searching, the Tor browser encrypts the web by default and may be used to preserve anonymity online.
Keep in mind, while Tor will not track browsing history, searches made with illegal or malicious intent will be reported. Unless someone is trying to reach the dark web, they can browse worry-free.
Members of Gen Z have been told since they were little that the Internet is a scary place, and it certainly can be. However, with the proper precautions in place, it is possible to tend to our work with peace of mind and take back power on the Internet.