The digitisation of everyday life has greatly increased the “attack surface area” for cyber criminals and state backed hackers, and people are particularly vulnerable when they are travelling.
Delegates at this week’s second annual International Travel Crisis Management Summit in London heard from Jens Monrad, senior intelligence analyst at cyber security specialist FireEye.
Monrad said while many emerging and aspiring nations are investing heavily in cyber offensive capabilities not many are focussing on defensive systems.
He warned not all hackers are after money many, particularly those that are state-backed, are seeking confidential information from companies and public bodies to use to their advantage.
“When we look at travel, this is where we are vulnerable. At home I have a secure environment, I can lock my doors,” he said.
“When we are travelling we are very vulnerable. We have to be in specific places at specific times. This is something that we are seeing cyber criminals and hostile states are taking advantage of.”
The hospitality sector is particularly vulnerable to attack because front desk operatives are easily duped into opening emails which they think are bookings or other customer enquiries.
Hotel guests are also vulnerable when they use open Wi-Fi networks because it is simple and cheap for cyber criminals to set up a parallel network and fool people into logging on.
Monrad offered three key tips to keeping secure when travelling: “First, be aware of your surroundings.
“You hear conversations in public places all the time that include information criminals can use to get access to your business and your customers.
“Second, do not trust open networks. If you need to connect to the internet when you are travelling us a virtual private network, some sort of secure method, to make sure communications on your device are encrypted. Open networks are open to everybody.
“Third, minimise your attack surface area. Why do we bring our lap tops with us when travelling? They are a very high attack surface area.
“Give your executives a tablet. Do they need the entire laptop with spreadsheets and sensitive documents on them to do a presentation or a company meeting?”
Monrad said the typical cyberattack follows a familiar pattern. There will be an initial reconnaissance during which the attacker figures out its target’s vulnerabilities.
Then a system compromise will happen, usually from an email that purports to be of high importance and uses intelligence on the victim to appear genuine but which contains malware.
If a file is clicked on, surveillance software is then downloaded onto the user’s device establishing the attacker inside the victim’s business and enabling it to access the data they want.
Monrad said this ‘spear fishing’ approach can be very effective and criminals are also increasingly phoning up victims before sending an email to further establish credibility.
Craig Dunn, head of cyber services at Hiscox Insurance, said in 2016 there were 1.9 million cyberattacks reported in England and Wales.
In the UK, 46% of companies have reported being the victim of at least one cyberattack in the last 12 months.
“Some companies are not doing enough to address this,” he said. “Companies may think they are too small to be targeted but do not realise the financial and reputational harm they could suffer.
“Others are simply too scared of the threat and do not know how to deal with it and so pretend it’s not there.”
Dunn said 67% of breaches involving malware are the result of human error after an employee has been duped into opening up an email and clicking on a link or opening a file.
“This is what we need to be concentrating on. Humans are by far the weakest link in companies’ cyber security,” he said.
Delegates were advised to use strong and separate passwords for vulnerable accounts like emails, be careful about using Wi-Fi, and make sure they have the latest software updates.
The UK government’s Cyber Aware programme has been working with the likes of coffee chain Starbucks, that offers free Wi-Fi, and Dunn said it provides useful resources and advice.