The staggering amount of information that is available and shared online is making you and your business increasingly vulnerable to those that know how to combine the data and use it in a cyber-attack.
An incredible 2.5 Quintillion bytes of data is being created every day in 2018. This includes millions of images, videos, locations and messages; never has it been so easy for ‘interested others’ to piece together our lives. Whilst the intention behind combining this data is usually innocent enough, the ways in which it is being exploited is anything but. Criminals, competitors and even neighbours are interested in using information about us for their own means.
3SDL cyber expert Jon Webster, knows all too well how easy the internet has made investigating people: “In the past, I had to trawl journals, death and marriage records, telephone books, and the electoral roll to get information about a person. Now I can just search the internet, and instantly get everything I need”.
Building a picture about someone has become so easy.
In isolation, each piece of information shared online may appear trivial, but when used in conjunction with other sources such as Companies House, Social Media, and fitness tracker websites they quickly add up to something much more interesting. “It’s about building a big picture. Small snippets can piece together to become exploitable information for a range of different reasons” explained Jon. “The information gleaned can be used for intelligence gathering, scams and extortion, all of which can make you, your business, or the people you know vulnerable. The potential for reputational damage is huge”.
Not only is the information more readily available, so too are the tools to collate and analyse it. Simple search engines like Google, and online directories such as 192.com are an easy starting point, but more sophisticated tools are available even to the normal everyday user; there are hundreds of easy to use tools available on-line to help map personal connections and their ‘pattern of life’. These tools are so effective that from one tweet it is possible to find someone’s home address, work address, preferences, friends and more in just a few minutes.
Even posts that appear to contain no personal details can provide valuable clues. The analysis of geotags and the assessment of other people and objects in images quickly lead to logical deductions about an individual’s location and their activities.
It’s not just spies and criminals that are doing this…
You might hope that your friends are interested in your news when you post online, but it isn’t just the people you know personally that are keen to know what you have been up to.
“Businesses have enemies too” says Jon. “Competitors want to know what you are doing, who is involved and how you are doing it – working out your team structure and current projects can be very useful”.
More worryingly, where a person or business or organisation works within Government or sensitive supply chains, it can sometimes be foreign intelligence agencies that take an interest, not just competitors. The theft of Intellectual Property (IP), including from academia, costs the UK millions of pounds a year and gives advantage to those that may wish to do us harm.
Criminals also use internet intelligence to carry out Social Engineering attacks, knowing that small details can give real credibility to their attacks and make them much more difficult to spot. And think about the security questions used to prove your identity – how many of the answers have you already published on-line? Mother’s maiden name (Birth certificate available on-line), date of birth (that 18th birthday post), name of pet (probably on your Facebook timeline), and first girlfriend (Facebook)...
Finally, Media and press outlets will always look to exploit information that has been shared with the public. Particularly, what they can find on social media to either generate, illustrate or embellish a story they already have.
Everyone is a target…
“It doesn’t matter if you are the quietest person online – if you are using the internet, you have links to other people. Somebody you know may be of interest, and your online presence becomes a potential way to reach the real target.”
Jon stresses that every single internet user has value; your data will be interesting to someone, somewhere; “intelligence agencies will focus on the target’s friends to get information”. And this works in reverse, if your friends and colleagues are over-sharers then they can make you vulnerable too.
Personal routine is of particular interest to criminals; if you let everyone know you are on holiday, or away from home for a period, you may come back to an empty house and an insurer that won’t pay!
5 simple steps to reduce exposure
Against this understanding of the threats that are out there, Jon has the following key advice and guidance for people when sharing information:
And of course, should your business or organisation feel that it needs further specialist advice and support to help identify and counter vulnerabilities through online information sharing, cyber security experts like 3SDL are available to help. Our team of professionals have years of experience in all of the areas that Jon has discussed in this article, and we’d be delighted to talk to you about how you can manage the cyber risks that we all face every time we use and share information through the internet. Please contact us at firstname.lastname@example.org