Internet of hacked things: the biggest threat to online safety is ourselves

The Four Corners revelations about hackers’ activities have highlighted that the threat to Australians — and anyone who uses the internet — is real.

The program focused very much on the technical attacks: the 5-10 per cent of hacks that are advanced, almost stereotypical, usually aimed at large organisations and quite often backed by a foreign government.

However, almost all publicised cyber security compromises are actually a result of human, not technical, failures, and this is something that every individual has to take responsibility for.

Tips for staying safe online:

  • Use separate devices for banking and kids’ gaming
  • Don’t send passwords via email
  • Don’t use personal accounts on untrusted wi-fi
  • Think twice before providing anyone personal information, a phone call to confirm is never a problem for legitimate requirements
  • Don’t click on untrusted or unknown links
  • Check the address an email comes from to ensure it is legitimate and look out for grammatical errors in emails

The Four Corners revelations about hackers’ activities have highlighted that the threat to Australians — and anyone who uses the internet — is real.

In almost a typical “good vs evil” storyline, it has become commonplace to point the finger at China as the bad guy.

The truth is that accurately identifying the culprit behind an attack remains one of the most difficult things to do.

The beauty of the internet is that, for a skilled operator, anonymity is easy.

It’s also easy to make an attack appear to come from China.

Of course, these accusations don’t come from nowhere and — contrary to what it would admit — China does have a long and rich history of conducting both traditional espionage as well as industrial and commercial espionage against Western countries.

Our biggest threat is ourselves

Whether you’re operating a small business in Australia, or are simply concerned about your personal online security, don’t spend too much time worrying about who it is that’s attacking you.

There are a range of people interested in making money out of your actions online, or stealing your data.

If you follow basic security advice, maintain up-to-date systems and are mindful of your actions online, the attacker’s job immediately becomes harder.

While breaking into a well maintained system is difficult, technology can only go so far in keeping you secure. The biggest threat to most companies is actually the lack of security awareness of their employees.

The same goes for our day-to-day lives: the biggest threat to our online security is actually ourselves.

Have you ever clicked on a link in an email you weren’t expecting? Opened something you shouldn’t have just because you were curious? Sent a password to someone via email? Or clicked continue on an unexpected pop-up because there was some juicy gossip being promised on the next page?

Welcome to basic social engineering, which creates situations that put your private details at risk. One of these actions can kick off a chain of events that can compromise you in less time than it takes to realise the promised material wasn’t behind that click.

The Four Corners report suggested that the Australian Government isn’t doing enough to warn Australians of the risk. While more needs to be done to make cyber security information more accessible,there is information out there if you go looking.

It’s unfair to lay the blame elsewhere. Everyone must take responsibility for their own actions online.

In the same way that you wouldn’t leave your front door unlocked, why would you leave your valuable information unsecured? These are the types of conversations we should be having in both our workplaces and at home.

What’s your attack surface?

The more we do online, the more potential there is for us to be compromised; this is referred to as your “attack surface”.

If you think about yourself as a potential target, how would you classify your attack surface? What devices do you connect to the internet at home? The more appliances, security cameras, or computers that are left unsecured, the greater the attack surface.

Your attack surface also extends to your smartphone or internet-connected tablet.

Do you do online banking from the same device that you let your children install applications on? Have you ever installed an app that requires access to your contacts, photos or location without questioning why?

A large portion of our online security boils down to awareness and a risk-based approach. For example, separating devices so that you’re not banking from the same device as your kids are for gaming.

By making these simple decisions — and talking about them — we can make ourselves a slightly harder target and the job of a would-be attacker much harder.

Whether you’re a large business facing threats from a foreign government or an individual with a smartphone, we all face online security threats on a daily basis.

The sooner we take responsibility for our actions, the sooner we can strengthen our defences.

Scott Ceely is a cyber security specialist and managing director of Seer Security.