Computer Crime Research Center


Intersec 2022: Ethical hacker Freaky Clown shares exclusive insights on cybercrime

Date: February 01, 2022
Source: Computer Crime Research Center

How do you think the cybersecurity industry has evolved with the rapid growth in digital transformation?

There is an ancient Chinese curse that translates to ‘May you live in interesting times’, and we are living in the most interesting of times! With Covid-19 hitting every industry in every country, the repercussions on cybersecurity have been incredible. Many of our clients who had previously avoided cloud and other such services, despite the increased security of such things, who preferred to keep their assets on-premises, have been rapidly moving over to enable working from home.

Cybersecurity has had to play a critical role in those types of paradigm shifts. They find that security generally increases, ROI is quicker and overall costs are reduced, and it has the added benefit of improving the working culture for the company. The cybersecurity industry as a whole has not really had to evolve; there have been a few minor shifts, though, for example, our physical security testing has been scaled back due to not being able to get boots on the ground in some sites.

Can you share some deep insights from the world of cybercrime?

We need to understand that cybercrime and crime, in general, are not that different, criminals still perpetuate them, and they are still breaking the law. The difference is the mechanism by which they perform their criminal act. A bank robber is a robber if they do it digitally or physically; the same goes for a stalker. Computers just lower the barrier to entry to crime whilst at the same time increase the reach of criminals.

What are the top cyber threats that you see currently affecting the organisations?

There is a famous list of vulnerabilities called the OWASP Top Ten; this lists the current top digital vulnerabilities we see; however, this list barely changes from year to year. This is because the underlying mechanisms for these vulnerabilities do not change. From a hacker’s point of view, the easiest and cheapest attack for criminals to perform against an organisation is the simple and hyper-effective phishing email. A poor security culture within an organisation can devastate a company even if they spend millions on technical defences.

This is not about educating the user; they are not the weak links here. They are doing their job and are not cybersecurity experts, and cannot be held responsible for clicking a link. How the company deals with it, and the person is more important. As with any fight, it’s not about avoiding the punches; it’s absorbing them and being resilient to carry on. That can only happen if your networks and services are robust from attack.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo