Hacker Tracker: Cyber Knowledge Lags, Fighting Dirty Bitcoins, And Ignoring Ransom Demands

hacker tracker cybersecurity ransomware

It can be difficult to know how to handle cybercriminals and their malicious attacks, especially when many people don’t have a foundational knowledge on what cybersecurity is all about. In this week’s Hacker Tracker, Bottomline Technologies’ Ed Adshead-Grant shares his take on a few of the biggest cybersecurity happenings impacting the payments space.

Cybersecurity Knowledge Put to the Test

Want to know how much Americans actually know about cybersecurity?

The answer … not much.

In fact, new data from the Pew Research Center showed that many Americans are still in the dark when it comes to key cybersecurity topics. The majority of internet users surveyed were able to answer fewer than half of the questions correctly on Pew’s cybersecurity knowledge quiz, which covered a variety of issues and concerns.

The median number of questions answered correctly on the 13-question quiz was only five. Just 20 percent of 1,055 adult internet users who responded were able to answer more than eight questions correctly, and only 1 percent were able to achieve a perfect score.

However, Ed Adshead-Grant, GM of payments and cash management at Bottomline Technologies, noted that this isn’t much of a surprise.

“Many people want the benefit of using technology in their busy lives but do not have the time to understand it,” Adshead-Grant explained. “Keeping track of our personal data and where it might go when engaging the internet is not easy and frequently ignored.”

This uncertainty in cybersecurity topics may leave the door open for a big opportunity as hackers continue to get both smarter and more sophisticated.

Combating Bad Bitcoins

A number of security and fraud risk elements are still hanging a dark cloud over the progress cryptocurrencies have made in recent years.

Anti-money laundering and blockchain analysis software developer Chainalysis and Danish electronic payments provider Nets are teaming up to create solutions for Nordic banks that will validate bitcoin transactions and help financial institutions comply with regulations.

The hope is that the efforts will bring the seedier side of bitcoin to a close.

“People expect to be able to trade in multiple countries and currencies at the click of a button. This extra speed has grown the volume of payment traffic, but it also introduces more risk in totality,” Adshead-Grant pointed out.

When it comes to bitcoin and blockchain specifically, he also noted that an overlay of suspicious transaction patterns is a natural evolution as the payment methods become more trusted and mainstream in the financial supply chain.

The partnership between Chainalysis and Nets will involve making risk assessments and analyzing blockchain activities in order to help banks risk-score customers, so they do not end up being used for money laundering schemes.

Just Say “No” to Ransom Demands

Though ransomware remains on the rise, Michael Corby, an executive consultant for CGI, is holding tight to the argument that ransomware demands should not be paid.

To mitigate the risk of ignoring a cybercriminal’s demands, Corby advised organizations to do the work up front to ensure that their data is available in a form that will not be impacted by ransomware in the first place and that there is a clean backup copy of the data available in a restorable format.

The key concepts companies must understand, he noted, are restore and recover.

According to Adshead-Grant, regular training and communications to instill the necessary behaviors and culture to identify and prevent any ransomware demands from ever materializing are also necessary.

“To cover all scenarios, a centralized, enterprise-wide Cyber Breach Response Program (CBRP) is strongly recommended,” Adshead-Grant continued. “This involves senior stakeholders to ensure that any continuity plan is appropriately implemented, that a communication plan is developed and enforced and that all breach-related inquiries received from external and internal groups are centrally managed by senior management so risks are always being reassessed and managed effectively.”