Those at the top need to be more aware of cyber security threats.
When Rudy Giuliani, once mayor of New York City and now head legal buffoon for US President Donald Trump, accidentally inserted a web link in one of his tweets recently, only the most hardened of Trump supporters resisted laughing at his lack of digital acumen. The web domain ‘G-20.In’ was quickly snapped up by someone less keen on the president, and was soon used to host an unflattering message about him.
As if that wasn’t embarrassing enough, Twitter users were quick to point out that Giuliani is also Trump’s cyber security advisor – an irony that is as depressing as it is hilarious.
Yet this kind of thing is strangely common. Despite how important cyber security is, all too often those with the most power and influence are some of the least informed about matters of technology.
Giuliani is a good example of this, because not only is he a senior member of a nation’s government, his role as a cyber security advisor suggests he knows a thing or two about technology. Evidently, that is not the case, and his protestations about being targeted by Trump haters confirmed that, as did his claim that ‘.Either’ hadn’t been turned into a link in one of his previous tweets (because .in is the top-level domain for India and .either isn’t one at all).
In his defence, no one really expected any better from him. On his appointment as the administration’s security expert, most sane people expressed disbelief that such a man would be put in charge of protecting the United States from cyber threats. Equally as predictable were reports several months later that he’d contributed essentially nothing to American cyber security measures.
Yet still he remains in that position, at a time when government bodies in his country are suffering hugely damaging cyber attacks.
No Cybersec Please, We’re British MPs
In light of everything else coming from the farcical Trump administration, it’s tempting to think Giuliani’s lack of technical nous is nothing more than another example of crazy American politics, but the fact is UK politicians are almost as bad.
Cast your mind back to December 2017 when Conservative MP Nadine Dorries, rising to the defence of Damian ‘I was not looking at porn’ Green, revealed she routinely shared her passwords with people in her office. Unsurprisingly, cyber security experts were less than impressed with her comments.
Remember also when Home Secretary Amber Rudd attacked encryption in WhatsApp, despite admitting that she didn’t know how it works.
And let’s not forget that no minister has headed the Department for Digital, Culture, Media and Sport for more than 18 months. According to Wired:
“Since Maria Miller, who held Wright’s post from September 2012 to April 2014, no minister has stuck out the role for more than 18 months, with Sajid Javid, John Whittingdale, Karen Bradley and Matt Hancock all waltzing through the revolving DCMS door since.”
Not so much strong and stable as weak and wobbly – hardly what you’d want from your cyber security department.
Back in America, meanwhile, we have politicians failing to grasp that Facebook makes money from advertising. And in Japan, Yoshitaka Sakurada, the nation’s deputy chief of cyber security, once admitted to having never used a computer.
Worryingly, this phenomenon is unlikely to be restricted to the world of politics. Many businesses may also have senior staff who don’t know the basics of technology and cyber security. These are top-level executives – CEOs, CFOs and so on – with real power, and that power can easily be used by criminals to do significant financial damage to an organisation.
People in such roles are a prime target for phishing scams, because they often have access to key financial systems and can potentially make huge cash transfers. Only this month, cyber security firm Agari reported that Nigerian hacking group London Blue had compiled a list of 35,000 chief financial officers – many of whom worked at major financial institutions.
Due to the seniority of these individuals, scams that target them are referred to as ‘whaling’ attacks. In one such case, the unfortunate CEO of an aircraft part company was sacked, following a whaling incident that left the company €40 million out of pocket.
But while whaling attacks are rising at an incredible rate (200% in 2017), don’t think for a second that junior staff members aren’t a target as well. There’s no shortage of cyber criminals or ways for them rip people off. Whether your cyber security weak link is your CEO or your secretary, anyone could provide an entry point for hackers.
So while it might be fun to chuckle at the technological ineptitude of the Giulianis and the Dorries of this world, it’s far more important to educate them about cyber security and to change their dangerous behaviour. In the end, we all benefit.
Interested in cyber security? Check out our other blog posts on this subject.