Ransomware on Radio 2 with Jeremy Vine

I recently spoke to Jeremy Vine and his listeners on Radio 2 about ransomware.

Action Fraud reported last year that 4,000 people in the UK have been a victim of ransomware, with over £4.5 million paid out to cyber criminals. As these are the reported figures, it is unfortunately guaranteed that the number of people impacted, and the sum paid out to criminals, will be significantly higher.

The first known ransomware was reported in 1989 and called the ‘AIDS Trojan’. It was spread via floppy disks and did not have much of an impact. Times have changed since 1989 and ransomware as a means of extortion has grown exponentially in recent years due to a combination of factors:

  • Society’s growing use of computers and the internet
  • Developments in the strength of encryption
  • The evolution of bitcoin and the associated opportunity for greater anonymity

Last year we saw reports of strains whereby victims are promised the decrypt key if they infect two of their contacts (called Popcorn Time) and others in which criminals promise to unlock data when the victim reads some articles on cybersecurity (known as Koolova). Ransomware-as-a-service, in which criminals essentially franchise their ransomware tools on the dark web, appears to be very profitable for criminals, with Cerber ransomware reportedly infecting 150,000 devices and extracting $195,000 in ransom payments in July 2016 alone.

Listen to my chat with Jeremy Vine and his listeners for more information on ransomware and what to do if you’re hit. *Spoiler*: I recommend offline back-ups a lot and plug The No More Ransom Project, an initiative between law enforcement and IT Security companies to fight against ransomware.

 

By Dr Jessica Barker

Read More

Digital Guardian article – GDPR: Getting the Board on Board

For my second Digital Guardian blogpost, I continued looking at GDPR. As is the case with many cybersecurity projects, getting senior-level support for GDPR compliance efforts requires effective communication. As research from (ISC)2 has highlighted, one of the biggest challenges with GDPR projects is securing senior-level support (and the budget that goes with it). Read what I have to say in Digital Guardian for some tips on how to get the board on board.

By Dr Jessica Barker

Read More

Digital Guardian article: what does GDPR mean for you?

In the first of a series of blog posts I am writing for Digital Guardian, I have tackled the General Data Protection Regulation (GDPR) and what it means for companies worldwide. To find out what GDPR is and my top ten points on why it matters, read the blog post here.

It’s enforceable from 25 May 2018, which sounds like a long time away, but as time moves quickly and organisations tend to move slowly, you should start preparing for GDPR now. One of the key problems, however, seems to be getting the leadership of organisations to fully engage with GDPR and recognise that preparing for it is a strategic, as well as IT-related, activity. With this in mind, in my next article for Digital Guardian I will be exploring what to do – and how to do it – to get the business level of an organisation engaged and on board with a project like GDPR implementation.

 

GDPR is Coming
GDPR is Coming

By Dr Jessica Barker

 

Read More

Infosecurity Magazine Profile

I'm very happy to be featured in this month's Infosecurity Magazine
I’m very happy to be featured in this month’s Infosecurity Magazine

Michael Hill interviewed me for Infosecurity Magazine about my background, some of the big consultancy projects I carried out last year, the media work I do and much more. You can read or download the magazine here.  As always, it’s an excellent read, with articles on the cyber security implications of Trump’s presidency, an analysis of the future of encryption and a thought-piece on whether and when hacking back is ever legitimate.

Infosecurity Q1, 2017
Infosecurity Q1, 2017

By Dr Jessica Barker

Read More

Predictions for Cyber Crime in 2017: what small businesses need to know

Cyber crime can be pretty indiscriminate, with businesses of all sizes falling victim to attacks. For smaller businesses it can be particularly challenging to receive good cyber security information and advice. With this in mind, I contributed to an article that explores:

  • top cyber crime predictions for 2017
  • what small businesses can do to better-protect themselves
  • the future of cyber crime – what’s on the horizon?

Read what myself and other cyber security professionals have to say about ransomware, the Internet of Things, spear-phishing, Artificial Intelligence, and more.

By Dr Jessica Barker

Read More

Coping with Passwords on the Radio

Most people in the UK returned to work this week after the festive break and I joined Radio 2’s Drivetime show, presented by Simon Mayo, to talk about one of the pitfalls: forgetting your passwords, having not logged in for a couple of weeks.

Take a listen to my interview with Simon Mayo below for my thoughts and tips on what makes a more secure password (and why) and how to cope with many complicated passwords at once (if you don’t want to use a password manager).

 

My parting advice in the interview is the importance of two-factor authentication, for advice and support in doing this, check out this website.

By Dr Jessica Barker

Read More

Yahoo and the ‘biggest known data breach’ of 1bn accounts

Last night Yahoo announced another huge data breach, this one dating from 2013 and including information from 1 billion accounts. The information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5 so pretty trivial to crack) and, in some cases, encrypted or unencrypted security questions and answers. This follows the news in September of this year that information associated with 500m Yahoo accounts was breached in 2014.

I did a few radio interviews on the story this morning but wanted to expand on my thoughts. I made a video earlier in which I talk about:

– details of the breach
– the label ‘biggest known data breach’
– whether it could be state-sponsored
– what to do to better protect your online accounts

See what I have to say about this news and feel free to comment or ask questions, twitter is usually the best place to reach me.

By Dr Jessica Barker

Read More

Cybersecurity Worries put 1 in 5 off Online Christmas Shopping

We’ve just had Black Friday and Cyber Monday, which are no longer limited to the days themselves but many sales spanning at least a week. Figures suggest that retailers have had very strong sales: Barclaycard has reported record numbers of transactions on Black Friday and online retailers have indicated that Black Friday and Cyber Monday have surpassed their expectations and broken record sales from previous years. In the UK, online sales are expected to have exceeded £1.27 billion on Black Friday alone.

Unsurprisingly, December is the busiest time for retailers and online shopping is particularly popular. Anecdotally, I’ve known some people refuse to buy Christmas presents online because of cybersecurity fears, most memorably the Liverpool taxi driver who took a day off work and drove to London to buy his son a skateboard rather than buy it online. It cost him a day off work, a day’s petrol to and from London and it was more expensive to buy in-store, but he refused to do any shopping online because “the hackers have won”. How many more people feel the same?

Last week, at the same time as Black Friday and Cyber Monday deals were being pushed by retailers, I surveyed over 1,000 people in the UK to ask if worries about cybersecurity had ever stopped them buying Christmas presents online.

Findings

Survey of 1,000 people in the UK
Survey of >1,000 people in the UK

The statistics suggest that one in five people in the UK have been put off buying a Christmas present online due to cybersecurity worries. Looking a bit deeper into the data seems to suggest that the older people are, the more likely it is that worries put them off buying online, but to be conclusive about that we’d need a higher sample size.

I ran the same survey last year and found that slightly fewer respondents had been put off buying Christmas presents online due to cybersecurity worries. The survey last year also had slightly fewer respondents in general (1,002 last year compared to 1,031 this year). It’s not a huge variations in the numbers, but I will run the survey at around the same time every year and it will be interesting to see if patterns become more conclusive, or not.

While I’m talking about future research, some thoughts:

  • It would be really interesting to run deeper research to explore the extent to which people choose their online retailer according to perceptions of cybersecurity (whether they trust the retailer or not). The hypothesis being that investing in cybersecurity, and marketing based on that investment, could offer a clear return-on-investment for online retailers. I plan to explore this question in the near-future.
  • I do a fair amount of these surveys, focusing on cybersecurity attitudes and behaviours (see my research on two-factor authentication and biometrics, for example). While surveying 1,000 people gives a good insight, it would be great to survey higher numbers. If you or a company you know would be interested in sponsoring such a survey, I’d be happy to chat about it so please get in touch.

By Dr Jessica Barker

Read More

Cyber Security in the Media

I’ve been commenting in the media a fair bit recently. I like to do this when my schedule allows, it’s a lot of fun and, being passionate about my job, I love to talk about cyber security whenever I can. It’s an honour that I get opportunities at a national, and even international, level to raise awareness both of cyber security issues in general, but also of the industry as a career.

However, as it’s been an especially busy few months with my consultancy work and speaking events, I haven’t had as much time to post about the media appearances once I’ve done them. So, this is a summary of some of my recent commentary.

Passwords vs Biometrics on BBC Radio 4’s Today Programme

 

The Dyn DDoS on BBC Radio 4’s Today Programme

 

Pippa Middleton’s iCloud Account Compromise on Sky News

 

The UK Cyber Security Strategy

I spoke to a few media outlets about the new UK Cyber Security Strategy. Here’s what I had to say:

On BBC Radio Wales

 

On ITV News

 

On Scotland Tonight

 

On Channel 5 News

By Dr Jessica Barker

Read More