Paul Haskell-Dowland has been in the cybersecurity education and research domain for two decades — and he is on a mission to teach the rest of us how to stay safe online.
It’s a significant job for the Professor of Cyber Security Practice at Edith Cowan University.
The cost of cybercrime in Australia is incredibly high, although the figure is likely even greater than the reported data suggests.
“It was estimated [a couple of years ago] that the global cost of cybercrime … was going to hit the $1 trillion mark, and I believe it has passed that,” he said.
“It’s very hard to get an accurate indication of these figures, because so much of the cybercrime goes unreported.”
Professor Haskell-Dowland, who is also Associate Dean for Computing and Security, said for many people, their only insight into the world of cybercrime was what was portrayed in the media in movies like Hackers, and even the Diehard franchise.
“If we go back a few years and think about the Hollywood impression of cybersecurity, it was criminals in darkened rooms, sitting behind a keyboard, usually with a hoodie and tapping away at a computer and hacking into systems,” he said.
“We’ve had that glamorized view of cybercrime or cybersecurity for many, many years.”
Criminals increasingly sophisticated
Professor Haskell-Dowland said this portrayal was not entirely accurate and, in reality, cyber threats come from far more organized operations, which are “incredibly well-resourced”.
“This is a global network of cybercriminals, engaging in very significant levels of crime,” he said.
“We’ve seen cybercriminal groups who are incredibly well organised, are reporting profits of hundreds of millions of dollars … so they’re competing with large multinational corporations.”
With this high level of sophistication, individuals were becoming increasingly more susceptible to attacks.
“It’s not just targeting one person, it could be targeting 100,000 people in just a click of a mouse, or a few key presses,” Professor Haskell-Dowland said.
He said there was an array of ways individuals could be compromised by this kind of activity.
“Sometimes it’s things like scams, but we also hear about things like ransomware, where people’s computers are taken over and their data or files are stolen or encrypted in a way that prevents them from accessing them, and then being forced to pay fines to recover that data,” he said.
“For the past few years, identity theft has been something that has raised alarm bells and people often see things like card-skimming being a bit of an issue.”
How to protect yourself
Professor Haskell-Dowland said there were several relatively simple ways individuals could protect themselves against cybercriminals.
He said the first involved looking at the “boring subject” of their password practices, which he said was of paramount importance.
“People find a password that meets the criteria, and then they reuse them on multiple systems, and that would be fine if all of the systems that they used were secure, and were never compromised,” he said.
“Unfortunately, all it takes is for the weakest one of those systems to be compromised and that one password that you thought was secure, is now in the public domain, it’s publicly available.”
Professor Haskell-Dowland, who personally has more than 500 passwords, recommends that passwords are not only unique to each site, but are also stored safely and securely.
“I use a password manager to make sure that they’re all stored safely,” he said.
“Even having a notepad of all of those passwords and keeping that locked away in a drawer at home is still better than having the same password on every single system.”
Professor Haskell-Dowland also suggested updating all systems and backing up data.
“Always apply updates to … every device that you’re using, including your mobile phone … to make sure that the cybercriminals don’t have an easy foothold into your system,” he said.
“Making sure that you have a copy of all of the important data … so that in the event that you get an attack, maybe you get some malicious software on a computer, you don’t lose everything.”
Targets go beyond the individual
Professor Haskell-Dowland said it was not only individuals who were susceptible to cybercrime. It also had the potential to be used as a hugely disruptive warfare strategy.
“We could be talking about the systems that control electricity, the systems that control water,” he said.
“The things that we utterly depend upon, for our day-to-day life… are often computer controlled.
“If you’re an adversary and you’re wanting to target a country, then it is much easier to attack infrastructure via digital means than it is to launch, for example, a missile to try and target a power station.”
But despite the huge risks that cybercrime poses, Professor Haskell-Dowland said we should not “get too carried away with panic.”
“The issues in cybercrime are significant, and they are growing, but so is the defensive side — there’s an enormous amount of time, effort and money being spent on defending the nation and defending the individual,” he said.
“The reality is most cybercriminals are still very lazy in their perspective and they will go for the easiest targets, so simply making yourself that little bit more difficult to be a victim means that they’ll simply move on to easier and easier targets.”