From a young age, most of us are conditioned to be wary of what we do on the internet yet, despite all our caution, our spam inboxes are rarely empty for long. The unfortunate reality is that simply owning and using an email address can result in it being leaked to a mailer that we never wanted or, worse, into a fraudster’s address book. Of course, that’s exactly what spam inboxes were designed for.
The problem is that the world’s combined efforts to prevent cybercrime seem to have done very little to reduce its impact - at least, on the surface. A company called Cybersecurity Ventures recently forecast that the cost of fighting internet scammers will reach $10.5tn by 2025, an estimate that marks it out as a growth industry of the worst possible kind. The cost was around $6tn in 2021.
Why is this increase happening at all, though? For one, we don’t help ourselves. Password hygiene, ie. the art of keeping accounts up-to-date with strong passwords, is quite poor in large parts of the population. In fact, an infographic created by ExpressVPN on the topic revealed that most people make baffling decisions with regard to their online security, including using their own names in passwords. Shockingly, according to the research, almost half (43%) of internet users have login credentials that could be easily guessed by family members. The average person also re-uses the same password for up to six websites. You can probably already guess what the worst passwords of all are, too, as they rarely change - 123456, password, qwerty, passwort (German), and azerty (France).
However, as is the case with all crimes, the victim isn’t actually doing anything wrong by using guessable passwords. The blame falls on the perpetrator, who shouldn’t be doing what they’re doing. Unfortunately, the world seems to lack a strong enough deterrent against cybercrime, largely due to the fact that internet-based regulation is still evolving, and laws that cover older modes of communication tend to fill in the gaps.
A good example of the latter is the UK’s Malicious Communication Act, which was written in 1988, long before the consumer internet even existed. On the subcontinent, according to this piece published in the Times of India, there are numerous cybercrime laws that internet users should heed. In particular, there are references to passages from the Information Technology Act, created in 2000. Oddly enough, the words “electronic communication” weren’t added to the former document until 1991, emphasizing just how recently the world has turned digital. Consider that social media, as we know it, is less than twenty years old. Evidently, there are definite updates required to accommodate the digital era.
Criminals are constantly coming up with new ways to trick people, which means that security has to evolve, as well. As this article from the National Cyber Security Centre outlines, a dangerous new tactic from scammers is called spearphishing, in which a person hijacks the email of an important person (such as a CEO) and pretends to be them in order to steal information from other employees. This can be a difficult thing to defend against, as communications often look genuine.
So, what’s the solution? Inevitably, it falls to managers to ensure that their co-workers are up-to-date on the latest threats. After all, educating a colleague about the dangers of spearphishing could actually save an entire business from becoming a victim of fraud.