Digital Dick Turpins and Kardashian-style malware – a whistle stop tour of common security terms

I was recently asked to give the Babel team a training session on all things cybersecurity, given the majority of my clients fall into this sector. It was a ‘scratch the surface’ session; an ABC tour through the twists and turns of the cyber landscape – the typical threats, terms, actors and facts you might come across in the news and online. There were pictures of zombies, cool animations, and even a test on encryption. (Yes, I might have gone a bit too far with my presentation)

Before I go any further in this blog, I should provide a BIG disclaimer. I am by no means a cybersecurity expert (although my daily exposure to businesses in the sector has arguably given me more knowledge than Joe Public), nor have I ever worked in a cybersecurity company.

Sure, I’ve wondered how easy it is to hack a nemesis (we’ve all done that, right?) and I’ve looked on in wonder as TV characters have attempted to bring down government departments in a bid to shed light on the dark underbelly of a corrupt system. But many of the definitions and explanations I gave in my training session were either inspired by client spokespeople, or admittedly borrowed from the internet.

While I might not fluently know the ins and outs of the industry and its technicalities, I do know how to help cybersecurity companies build impactful campaigns that cut through the jargon and educate on the realities of our digital lives – both personal and professional. In fact, we just recently launched a whitepaper advising companies within the security sector on how to forget the ‘FUD’ in their communications campaigns, and instead build stories based on real-world insights, customer anecdotes and intelligence that journalists and their readers actually care about.

That aside, and rather than give you the full A-Z training session I gave my colleagues (as we’d likely be here for some time), I’ve provided a whistle stop tour below. I’ve summarised what I think are the most commonly-found terms, why they’re important, and what they mean, all with a light hearted, creative twist.

So, with that disclaimer over, let’s get started with:

G is for GDPR. Oh, our beloved GDPR. The General Data Protection Regulation was adopted in April 2016 and came into full force in May 2018. In the simplest terms, GDPR outlines principles, rights and obligations regarding how companies should be storing, handling and protecting customer data. Since May 2018, many businesses have begged GDPR for mercy, as they have fallen foul of its strict guidelines and have subsequently paid out millions in fines. Most recent victims include British Airways, Google and Marriott International.

M is for Malware. If malware were a celebrity, it would probably be Kim Kardashian – always breaking the internet. A more formal definition from US physical sciences laboratory and non-regulatory agency NIST (the National Institute of Standards and Technology) describes malware as any ‘hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose.’ So, essentially any of the nasty stuff – such as a virus or spyware – that a hacker might load onto your device to gain access.

N is for Nation State Hackers. BAE Systems claims that nation state hackers have a ‘license to hack.’ These cyber crims have usually been commissioned by governments, with the aim of disrupting other nations’ systems or dislodging other countries from power. This naturally creates tensions between countries, with citizens and organisations often becoming collateral damage. Charl van der Walt, Head of Security Research at Orange Cyberdefense, explains well the role of nation states, their commissioned hackers, and the resulting cyberbalkanization of the internet in this blog post.

R is for Ransomware. Forget the highwaymen of days gone by, we have new digital Dick Turpins to contend with. As a type of malware, ransomware normally involves the encryption of a victim’s files – say an accounting company, as an example – with the hacker asking for payment in order to decrypt and return the files in their original, readable state, to the owner. Fail to pay the ransom, and everyone and sundry will have access to your precious information. It’s a fine line to walk deciding whether to pay the ransom or not. Any ransom paid is essentially fueling the cyber-crime ecosystem. But the risk of sensitive information being leaked into the ether could potentially be more damaging and costly.

S is for Social Engineering. In the context of cybersecurity, social engineering refers to attacks such as phishing, in which a victim is tricked into divulging personal or sensitive information. The trick usually works because the attack (usually in the shape of an email) is disguised as coming from a reputable source – a friend, a trusted organisation or supplier. It’s called social engineering, because the intent is to play on your human emotions – trust, curiosity, etc. But if you keep your eyes open, you can spot that something – the sender’s email address, logos, spelling of company names – isn’t quite right. Know what to look out for in a phishing scam? Test your skills here: https://www.phishingbox.com/phishing-test

If you haven’t had a chance to read our FUD in cybersecurity report just yet, why not take a look here? And if you’re keen on hearing about the work Babel has done in supporting security companies to create compelling and creative narratives, give us a call!