4 minute read
SHADOW ECONOMY
As the physical world increasingly melds with the digital one, new vulnerabilities are manifesting across cyberspace which pose particular risks to your personal reputations, your companies and your investments. There are certain actions, however, that you can take to reduce the risks in each of those three areas.
CREATE A DIGITAL TWIN “A lot of successful people used to tell me: ‘I don’t do online. I like to keep a low profile’,” says Andrew Wessells. “I told them if they were successful, they were already online, so they might as well control how they present themselves.”
Advertisement
For £3,000, The Marque, Wessell’s London-based digital-profile management platform, will build a client’s up-to-date biography, and links to social media, videos, articles and anything else he or she wants the world to see. The SEO team, meanwhile, works to keep this ‘digital twin’ at the top of a Google search in every territory and provides ‘performance reviews’ so clients know how much their profile is being looked at and from where.
A bolt-on ‘digital briefcase’ service, which costs an extra £10,000 a year, tracks clients’ online presence and monitors any potential threat to their personal or professional reputations. Clients are also alerted every time their names are mentioned in the news or on social media.
“Many of my clients use private jets and they wouldn’t dream of getting on a plane that had not been thoroughly checked,” says Wessells. “Likewise, when it comes to their image, they don’t leave anything to chance.”
DON’T TRUST YOUR COLLEAGUES The biggest cyberthreat to companies is not malicious hackers in Albania but mild Henry in accounts, who retired six months ago, and whose former colleagues never changed his computer password. This is according to Annabelle Lee of US cybersecurity firm Nevermore Security. “I have eight hand-written pages of passwords and I change them all regularly,” says Lee. “It is amazing how many businesses still use the same easy-to-guess password for everything and never change it. They are inviting in cybercriminals.”
Lee notes almost all major breaches are enabled by human error. The hackers who extorted ransom from Colonial Pipeline last year accessed the system by stealing a single password using a Virtual Private Network system that did not use multi-step authentication. Hackers infiltrated a Florida water treatment plant by using remote access software used by an employee working from home.
“Look at the underlying technology behind every security system. A VPN is useless unless it uses good cryptography, validated by an organisation such as the National Institute of Standards and Technology (NIST),” says Lee. “Similarly, don’t assume using distributed ledger technology is safe, because there are ways to undermine the security too.” In other words, hackers like Bitcoin too.
Nevertheless, apart from regularly updating passwords, the most crucial thing companies can do to minimise risk is to update their software. Failure to update basic security patches has led to several high-profile ransomware attacks, including the one on the UK’s National Health Service in 2017.
Yet even software updates can be fraught. Last spring, Texasbased SolarWinds made one such update available to its customers and inadvertently unleashed a major cyberattack on America.
“Businesses definitely need to invest more resources on ‘threat hunters’ – specialist companies that can evaluate their security programmes, identify risks and prevent severe breaches,” says Lee. “Staying vigilant is a full-time job.”
Of course, even vigilance has its dangers too: in 2019 customers of major Canadian exchange QuadrigaCX reportedly lost $190 million after the sudden death of its 30-year-old CEO Gerry Cotten – the only one with the cryptographic key to retrieve the money.
GO CASHLESS, GO COLD Inevitably, as a whole ecosystem of virtual assets, marketplaces, traders and other jobs is emerging across a range of online platforms – leading to some predicting a fully immersive, parallel digital universe, or ‘metaverse’ – there are plenty of new dangers for the unwary.
“Because the virtual economy is still emerging, it can be incredibly profitable,” says Giorgio Tarraf, technology intelligence director at L’Atelier, BNP Paribas’ future market division. “The downside though is there is little regulation in place and many scammers. You really do need professional advice if you’re dropping serious money.”
In other words, although the recent frenzy of investment in cryptocurrency and Non-Fungible Tokens (NFTs) means many people now have a ‘hot wallet’ on their phone or have transferred funds to an exchange platform, if you are going to invest £200,000 on a piece of digital art, you should be aware of the risks.
One art buyer lost roughly that amount in September after Banksy’s website was hacked. Although, in the inevitable Banksy twist, the money was later returned, the incident highlighted the fact that once a bid is accepted on an auction site – OpenSea, say, the eBay of NFTs – it is irreversible. Moreover, cybercriminals are just as likely to impersonate artists by hacking curated markets, or by infiltrating online art communities and ‘helpfully’ offering their ‘friends’ technical support.
Of course, even storing your virtual money to buy that virtual van Gogh carries risk. “A good option for the wealthy is ‘cold storage’, an offline wallet such as a USB stick, or even a sheet of paper where you store your key,” suggests Tarraf.
He says that if you do use an online crypto wallet though – as most people do – the wallet provider should use cold storage, provide insurance and use a second verification layer as well as password. Moreover, the exchange – where you can buy and sell crypto – should have a ‘bug bounty’, rewarding ethical hackers for detecting site vulnerabilities, and an external security audit.
