Cybersecurity: Why it’s becoming harder to stay safe online

Scottish public bodies and private organisations have received a timely cybersecurity warning from across the Pond. Coming from ex-FBI and Microsoft UK global cyber expert Edward Gibson.

Gibson was federal bureau senior supervisory agent in charge of investigations in the UK, then headhunted as the software giant's chief cybersecurity adviser.

He has given more than 250 presentations. Ranging from Riyadh, Saudi Arabia, Shirahama, Japan, and Ukraine and Russia well before the current war. Also Scotland.

Characteristically,  he would don dark glasses in classic "G-Man" pose, morphing into his "Ed the Fed" alter ego to stress extreme caution in cybersecurity activities, asking pointed and often unsettling questions of his audience.

Now, Gibson’s comments signal what amounts to an online and mobile channel tipping point. Also, his novel digital work with UK and Ireland law enforcement agencies offers a cybersecurity solution.

Over the last two decades we've all been involved in unprecedented technological advances. Yet there remains a constant we're still failing to get right.

Gibson told me from Washington DC: "Cyber defences? I could give the same presentation today that I gave twenty years ago. It's all about people."

The tech landscape has dramatically altered in recent years. The latest is we're being  encouraged to embrace, hour-after-hour, the "Funhouse", a so-called futuristic 3D multi-window frontier by donning headsets/goggles and immerse ourselves in virtual reality (VR).

It seems a long time ago – not quite in a galaxy far, far away – when we would use a bulky and clunky deskbound personal computer for simple word processing. Also, playing Star Wars: Dark Forces when the boss wasn't looking.

Funhouse is being described by some as an unfettered cyber experience and being hyped during an unprecedented era of clickbait, disinformation and deepfakes. It's becoming far harder to know what to believe.

We're already faced with a constant barrage of economic espionage, complex money laundering, cyber fraud schemes, intellectual property theft and lately sophisticated crypto-currency scams.

That's quite a list. Microsoft issued a warning state actors are using artificially generated tools to enhance attack methods.

Whisper it...

Some beleaguered individuals and outfits may be about to quit the internet altogether, viewing it as thoroughly toxic.

They're fed up of what is a seemingly ever-rising risk of being assaulted by malicious online and mobile security breaches.

No one is immune. Even Tesla's Elon Musk couldn't stop a major data leakage of salaries of his 140,00 employees.

One energy sector executive, who asked not to be named to avoid trolling, told me on discovering a recent phishing campaign attempted to snare nuclear waste management workers: "You know, I wonder if such constant online aggro is worth it."

Unsuspecting organisations also face getting caught in the virtual crossfire of a global battle about the future of the internet threatening to accelerate into full-out cyberwar.

A power-play has in one corner purists like Sir Tim Berners-Lee. The World Wide Web co-creator is still holding out an earnest hope it's not too late to bring a much needed dose of commonsense to a worsening situation.

Although he is on the record as admitting the WWW "genie is out of the bottle" when it comes to achieving a rebooted safety net.

In the other are free-for-all advocates of a wide-open meta playground - like the aforementioned Funhouse - as long as the profits keep pouring in.

We're talking big bucks in prospect for each of the proprietary-minded Big Tech titans who are already worth more than the GDP of numerous countries. But it's never enough in a relentless pursuit to beat the competition.

The five largest US IT companies Alphabet (Google), Amazon, Apple, Meta and Microsoft have global revenues totalling trillions of dollars. Google alone is worth an estimated $1.8tn.

In short order they anticipate doubling revenues through the burgeoning and highly-lucrative new generation artificial intelligence marketplace and appear unfazed by a Techopedia warning of "artificial superintelligence" heading our way one day.

The ASI concept surpasses human intelligence where machines will feature highly-advanced reasoning, decision-making and problem solving capabilities far beyond the creative or logical capabilities of any one of us. 

Gen-AI might be all brand new but a profound lack of trust and with it confidence over it's usage continues to rise. Such growing mistrust is not helped by latest reports indicating discovery of critical security risks in Google's flagship Chrome operating system (OS). 

Gibson is now back home in Washington DC where he operates as a licensed private investigator in the State of Virginia. He is also a financial regulatory public arbitrator and CEO of Embassy Attache Groups and was a DC special inspector general for pandemic recovery 2020-2021.

He keeps in close touch with all matters cyberfraud back in Europe, is a Fellow of the British Computer Society and retains a particular empathy for us Scots.

Gibson emphasises how a simple mistake at work can result in costly implications and all but bring about the complete shutdown of an organisation.

Significantly, during his five-year stint with Microsoft he persuaded the software giant to provide forensic training to all UK and Ireland law enforcement officers.

A short, sharp three-day programme was attended by nearly all designated constables including select officials from other European countries.

Food for thought as regards duplicating such a public or private sector employee cyber training course? Gibson reminds us there remain no borders in cyberspace.

Threats and attacks can come from any location at any time, posing challenges where incidents can involve victims, suspects and crimes spanning multiple countries.

Cyber and Fraud Centre Scotland, a not-for-profit "employee-first" organisation, whose expert team works closely with ethical hacking students at Abertay University, points to an online basic remaining problematic.

We're talking about business email compromise where a cybercriminal gains unauthorised access to an account or server belonging to an organisation.

The BEC threat calls for employees to be trained up and constantly reminded all the attacker requires, as they seek either finances or sensitive data, is two pieces of information: username and password.

Which? reports email along with text and mobile phishing scams remain 24/7 threats. Gibson points out computer crime within the last decade has moved into a different realm. 

Virtual gangs are nowadays often organised on a cellular basis with no real knowledge of each other, rather than the common perception of a detached teenager in a darkened bedroom.

Increasingly such gangs have the power and often ambition to take down an organisation. Add to this estimates that the nefarious "Dark Web" is now three times the size of the Internet as we know it.

"Most of these people know what they're doing...and if we don't get on top of the problem they are going to take the internet to the point where people may fear to venture into it."

A reboot creating an open and more trustworthy internet appears all but lost in the ether...