Our virtual talk on April 13 was the ideal forum for Andy Bates, executive director of the Global Cyber Alliance (GCA), to share insights on cyber-security and the increasing challenge of guarding our privacy online.
Andy has been instrumental in developing secure systems such as the Government Secure Intranet and Police National Network and has worked with a range of government departments in the UK and abroad, as well as international agencies such as NATO.
Andy is passionate about the possibilities – and the pitfalls – of the internet. ‘The problem,’ he explained, ‘is that the internet really hasn’t been designed like a public utility. When it was designed back in 1969, it was intended primarily to connect universities, governments and academic industries. The designers probably didn’t think there would be more than 1000 people connected. Well, today users of the internet number 4.8 billion, and soon there will be around 50 billion connected devices.’
This, Andy explained, represents a vast fishing ground for fraudsters: ‘The estimated annual global cost of cyber-crime and fraud is $2 trillion; that is greater than the GDP of Saudi Arabia. And one of the important ways to stay safe online is to bear in mind that your personal computer is not the only target: it could be your phone, it could be that camera you bought to look at fish underwater, or to look at your baby monitor when you’re away from home – all of these internet-connected devices become vulnerable.’
In conversation with Rennie Hoare and the bank’s chief technology and operations officer, Chris Loake, Andy provided valuable advice on how to avoid common scams and stressed the importance of reporting fraud, however small. Criminals, he pointed out, bank on the fact that petty theft carried out via fraudulent emails or websites is unlikely to have legal consequences:
‘If you think about policing since the days of Sir Robert Peel, the convention is that you chase the criminal down within a particular jurisdiction, arrest them and put them in jail. Invariably with online crime, the criminal is nowhere near your jurisdiction. You could be a British citizen, working or on holiday in South Africa; you click on a Mexican email address, a Mexican domain that was bought by a British citizen who’s currently resident in the Caribbean. You realise you’ve been scammed, but who in that whole law enforcement circle would actually go and try to arrest the person responsible? I think we all know that for a theft of £100, or £1,000 or even £10,000, people like Interpol aren’t really geared up to chase the crime down. But reporting these thefts is still really helpful to the UK government, or to global agencies such as GCA, because we can work collaboratively to take down some of this global infrastructure.’
Fraudsters who go after high-net-worth individuals (a practice known as ‘whaling’) often play a long game:
‘Clearly, it’s easier to establish credit in a wealthy individual’s name, so there is potential for credit scams. And criminals are very patient; they know that, eventually, you will cash in your pension, or move house, so suddenly there’s a multi-million transaction happening which opens up new opportunities. Fraudsters only need one or two of those to make their year.’
Too few of us take appropriate measures against fraud because we believe it will never happen to us: ‘It’s a bit like fire insurance,’ said Andy. ‘Hardly anybody has fire insurance, but hardly anyone has suffered a fire. One in two small businesses was affected by fraud last year. Pre-COVID, 50,000 jobs were lost as a direct result of cybercrime attack. Fraud will happen to us, and we all need to build our defences.’