Fintech is likely to make financial cybercrime even more common, warns William Hau, an information-warfare specialist.
He was in Hong Kong recently to promote a self-published book, “Born 2 Hack”. The book is a call for more people with programming skills to join the cybersecurity industry, which faces a critical lack of expertise worldwide.
Hau hopes to get more people to follow him into a career as a “white hat”, a hacker who works on behalf of companies and governments to either probe their defenses or help them respond to breaches.
The book offers a peek into the world of white hats, but not enough. Hau doesn’t want to wade into the details of coding, perhaps out of fear of intimidating his audience, or just to avoid breaking client confidentiality. He should have been a little readier to try.
Reading his book, I still don’t really know how it works when he’s called in to handle a bad situation. There’s no description of the actual work.
He alludes to things like the Shamoon virus attack, which sounds like something I might catch in the shower. And what is an SQL Injection attack, and would it arouse C-3PO?
In computers we trust
Hau’s on a mission to inform people of cybersecurity, but I’d suggest he could venture a little further into the weeds. (I think Hau should find a publishing house to take this on and whip it into proper editorial shape; there’s enough in it to make for a commercial product.)
That said, he offers plenty of nuggets. My biggest takeaway is that we – people above a certain age – were right to be afraid to put our personal information on the internet.
Remember how in the late 1990s and early 2000s, everyone was reluctant to put credit-card information online? Companies like PayPal made it “frictionless” while Facebook made us ready to post waaay too much information online.
But that older, fearful, primitive version of us? They were right! The internet, Hau writes, was never built with security in mind. Twenty years ago, e-commerce companies raced to build websites, with security as an afterthought, with no formal penetration testing (that is, they didn’t bother to find out how easily they could be hacked).
Crime does pay…online
There are three reasons why cybercrime will increase.
First, the advent of social media, the Internet of Things, public Wi-Fi, and mobile banking is rapidly expanding the “attack surface” of both consumers and corporations.
Fintech in mobile banking is all about being “frictionless”; consumers prize this convenience over everything else. That’s an invitation to trouble, and Hau reckons hackers are going to shift their targets from companies to consumers at a mass scale.
Second, cloud computing takes your information and spreads it everywhere. True, cloud computing reduces the single-point-of-vulnerability of keeping everything on one company’s servers. But it creates far more opportunities to steal something. Vendors’ clouds are safe if transitioning data there is well planned, and the I.T. is properly architected. But some companies will get it wrong.
Third is that hacking has never been easier. There are Cyberattacks-as-a-Service businesses out there selling malware and ransomware on the open market. Attackers don’t even need to know how to code now: they can simply buy point-and-click software, and head off to do some thieving.