In March 2020, Maria stood up from her new work-from-home setup to make herself a cup of coffee, as usual. She didn’t stop to consider the screen-load of customer data sat by the window, overlooking the pavement.
This year has presented huge challenges for cybersecurity, perhaps the greatest being remote working. Professor Hamid Jahankhani is the Programme Leader for Cyber Security at Northumbria University London Campus. He warns of the fact that whilst many companies have rigid cybersecurity systems in place within the perimeters of the office, these measures don’t protect the high numbers of people now working from home. “A lot of us are working with very sensitive data,” he says.
“Organisations realise that this has become seriously dangerous from a privacy and GDPR point of view – phishing has become the norm.” Furthermore, as more industries digitise their operations, there is more data at risk, testing both security and regulation. “If people don’t understand the concept of digital leadership, they can easily hand over all of the assets of a company to a criminal on a silver plate,” says Hamid.
As a specialist in cybercriminology, Hamid has spent years looking at what makes someone commit cybercrime. He explains that there is a marked difference between cybercriminals and other criminals. However, they appear to share one trait: opportunism. Since the start of the pandemic, cybercrime has risen dramatically, with ransomware attacks targeting new industries. This breed of attacker steals sensitive information and threatens to publish it unless a ransom is paid.
Whilst previously, banks and government institutions were prime targets for cyberattacks, sectors such as education are now increasingly attractive. “Don’t forget we do an awful lot of research for the pandemic. For the vaccines, antibodies, Track and Trace, all of this information comes from within universities.” In the US, the FBI reported a number of DNS and phishing attacks on pharmaceutical centres, with attackers trying to uncover vaccination trial results and formulas. “All of a sudden, it became very interesting – political on one hand, scientific on the other. Cybercrime is no longer about just hubs or minor hacks. It has now become much bigger – we’re talking about geopolitical scenarios here.”
However, the fast-changing nature of cybercrime makes it difficult to legislate. Hamid notes numerous examples where prosecution of cybercriminals has been unsuccessful. Legislation requires a code of ethics and clear definitions of what we mean by cybercrime. These definitions are based on what we expect and what has happened in the past. But when cybercrime evolves so fast, criminal prosecution can feel like an impossible task. “What we secure today is not relevant tomorrow,” says Hamid.
He also mentions biohacking, a growing trend in people altering their bodies with technology. Often experimenting from their own kitchens, bedrooms and tattoo studios, biohackers ‘improve’ their normal human functioning with everything from microchips to DNA manipulation. This has huge implications for the future of cybercrime from an ethical perspective. Where does the law sit with cyborgs?
Hamid raises a final concern for cybersecurity that will resonate with many, particularly during the pandemic. His worry is with e-health and where user data is going. His own experience of chasing a lost electronic prescription for weeks shone a light on the cracks in the system, through which personal data could easily slip.
Despite Theresa May’s government stating that the UK would become a world leader in AI, there is still a huge digital skills deficit in the UK and Europe. This means we don’t have enough people with technological skills for our fast-digitising world, which becomes even more clear when looking at healthcare. “In 2002, the government introduced the e-health concept, but many people are still using paper,” says Hamid. “Some of the silos that we have don’t talk to each other. The challenge is how to bring it all together. The challenge is more revolutionary than evolutionary.”
According to Hamid, it’s the pandemic that’s fueling the revolution. “If so many people hadn’t died, then governments wouldn’t have woken up. The pandemic has revolutionised the way we work, so I think it’s about time that technology was used to assist humans. Technology is here as a right hand.” This technological revolution is happening fast too, faster than Hamid might have predicted.
“Governments say we are in total lockdown and we’re going to send robots, autonomous vehicles, with medications on board for deliveries – I was thinking, hang on a second! I thought this would happen in 2025, but it just happened!” Cybersecurity professionals must be experts in cat and mouse, keeping in step with hackers, cybercriminals and shifting world events. It’s an exciting time for the cybersecurity industry, with the fate of so many other industries resting on its shoulders.
Europe-wide, we need a strategy that pre–empts these changing pressures and encourages people from all backgrounds, industries and skillsets to apply their experience to cybersecurity. Without a diversity of experience in cybersecurity, we will never secure every gap.
If you are considering a career in cybersecurity, or want to take your next steps in the industry, you can learn more here.