By Chris Skinner for Iris.xyz

We talk a lot about cybersecurity, fraud and risk, but are we too complacent about it? We have all these stats and figures:

  • According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is still delivered by email.
  • Out of the 1,300 IT security decision makers surveyed for cyberark Global Advanced Threat Landscape Report 2018, 56 percent said that targeted phishing attacks were the top security threat they faced.
  • Ponemon’s 2017 Cost of Data Breach study found that organizations were able to identify data breaches on average within 191 days. That might sound like a shockingly high number—it’s more than six months!—but it’s marginally better than 2016’s figure, which was 201 days.
  • Ponemon pegs the average cost of a single attack at $5 million, with $1.25 million—a quarter of the total—attributable to system downtime, and another $1.5 million (30 percent) to IT and end user productivity loss.
  • According to Thales’ 2018 Data Threat Report, 64 percent of respondents around the world feel that adhering to compliance requirements is a ‘very’ or ‘extremely’ effective way to keep data secure.
  • According to the 2018 IDG Security Priorities Study, 69 percent of companies see compliance mandates driving spending.
  • According to the Business Advantage State of Industrial Cybersecurity 2017 report, 54 percent of companies sampled experienced an industrial control system security incident within the past twelve months—and 16 percent had experienced three or more.
  • A 2018 report from Trustwave produced some dispiriting numbers when it comes to Internet of Things (IoT) security:
  • 64 percent of surveyed organizations have deployed IoT devices, and another 20 percent plan to do so within the next year
  • But only 28 percent of those organizations consider their IoT security strategy to be “very important,” and more than a third think it’s only somewhat important, or not important at all
  • Take those two facts into consideration, and is it any surprise that 61 percent of those surveyed have already experienced an IoT security incident?

Yep, there’s numbers (cybersecurity)and numbers (fraud). Perhaps the biggest one is annual fraud rates are now costing over £3 trillion a year.

The reason I’m writing this is not to labour cybersecurity and fraud and risk, but because I was reading an interview with Frank Abagnale, the fraudster who featured in the film Catch me if you can with Leonardo DiCaprio.

Related: AI is Only as Good as the People Who Program It

Since Frank got caught he’s become an authority on fraud, as most ex-fraudsters do. Here’s a few quotes from the article:

When you get into cybercrime, for many it’s like playing a video game- who’s the best at breaking in? who can score the highest? Who can get the most information, or cause the most disruption? It’s like a game amongst a group of people who play and challenge each other …

The vast majority of fraudsters, and criminals get caught not because of good police work, but because they continue doing the same thing over and over again, until someone notices …

I’m not on any social media, but I do believe that there will come a day when we look back on social media and say, ‘this was the wrong thing for humanity… this was a bad experiment, and we should never have done that…’ – We are giving organisations detailed information on every aspect of our lives, more information than we know about ourselves, and that information is now being used to manipulate us, our psychology and our behaviour. It’s extraordinarily dangerous …

Passwords are a 1964 technology that we’re still using in 2018 …

But what really made me post this was his closing comment. Bearing in mind the Internet of Things (IoT) stats I mentioned above – only 28 percent of organisation view IoT security as important – take note of this:

Until now, cybercrime was all about making money and stealing information (because information is money). Today however, we have the ability- from 30 feet away- to shut off someone’s pacemaker. A malicious individual could walk down a street today, and shut-off bodily devices that are controlled by computer chips, murdering them. In a few years’ time, they will be able to do this from thousands of miles away. A law enforcement agent today can stop a vehicle on the freeway providing they are within 35 feet of it, because the average vehicle has over 240 microprocessor-controlled components; you can shut it off, lock the doors, enable airbags…. In a few years’ time, a malevolent individual may be able to do that from thousands of miles away, on mass. Today, we think of cybercrime as financial crime, but I fear it will become much darker, more of a terrorist tool, and much more harmful to our wellbeing.

You can read the whole interview here.