On 1 January, the internet turned 40. This date is considered the official birthday of the Internet, thanks to the switch from Network Control Protocol to Transmission Control Protocol and Internet Protocol, a key transition that paved the way for today’s Internet.
During its brief but busy life to date, it has revolutionised the way we work, communicate, shop, manage our finances and much more. However, it has also introduced new forms of security risk to our lives, relationships, and business.
Dr Jason Nurse, Senior Lecturer (Associate Professor) in Cyber Security at the Institute of Cyber Security for Society (iCSS) and School of Computing at Kent, has reflected on just how much cyber-crime has affected society over the past four decades, and what we need to look out for as the net continues to evolve. He said:
‘As the internet grew, new opportunities for criminals arose. Compared to physical crimes, where there’s the relatively high possibility of being caught by law enforcement, cyber-criminals quickly noticed that it was a completely different ball game in the digital sphere.
‘A lot of cyber-criminals work in an international context, and for that reason it becomes harder to attribute a crime to someone or to know who has committed what crime. What’s more, if they are tracked down in an overseas country, then it is often also more challenging to get them extradited and prosecuted. Once criminals recognised this, and how they could profit from exploiting people online, this is when cyber-crime really took off.
‘With the birth of e-commerce, and as more people moved online, attackers recognised the substantial amount of money that could be made via scams, hacking, extortion, identity theft/fraud and a host of other crimes. This catapulted the prominence of cyber-crime. Scam websites started to emerge more and more frequently, and criminals attempted to exploit consumer shopping habits e.g. Black Friday sales and Christmas (which is why today, online retailers urge customers to be cyber-aware when shopping online). And general hacks skyrocketed on of everything from internet service providers to retailers.
‘Retailers had to respond to different forms of technology that consumers used to shop, and in turn, the financial industry and e-commerce really had to prioritise embedding security in the into their systems, and create safe and secure websites and apps. Shoppers needed to know that retailers could protect their credit card information, along with banks – who needed to ensure banking apps were safe, and banks were called on to provide an extra layer of security for customers shopping online.
‘The need for cyber security in society reached far beyond e-commerce, however. ‘Ransomware’, a type of cyber-attack which threatens to block user from accessing a device, and nearly crippled the NHS five years ago, is another big and current cyber security problem. Much like the mentioned NHS incident, the internet has often brought with it risks which needed a quick cyber security response. And whilst experts have acted quickly to respond to threats – as cyber criminals turned their attention from businesses to individuals – consumers have taken a little longer to understand and recognise the risks online.
‘Today we are much more educated. We understand the risks involved in online shopping, for example. One area that we still need to make consumers more aware of however, is phishing attempts and wider identity theft. There are a variety of phishing attempts every day, where criminals try to entice people to click on a link to lead them to an unsafe website or action. These websites are incredibly well crafted, so it’s often hard to tell if it’s a genuine website or not. They’re also often based around current events, for instance, in the run up to the World Cup there were a lot of scam emails sent to individuals with the promise of free tickets to Qatar to watch the games if users clicked on a link and entered personal information. These types of attacks are dynamic and the criminals are very mindful of the fact that the average person might not consider the risks when clicking on a link.
‘In today’s world, social media also poses identity fraud risks to users. Overexposure and oversharing, means that people are often exposing themselves to crime. Users posting names of their pets, or their partner, can be utilised by criminals for password-hacking. Posting where you are, or where you are not, can also translate to an offline risk, along with get-rich scams and online grooming.
‘As the internet continues to evolve, we need consumers to be more aware of the risks. The newest technology to the market which carries risks is the Internet of Things – which includes devices such as Nest and Ring smart doorbells. Already we have seen instances where criminals have tried to capitalise on these, such as a man hacking a Ring camera in 8-year-old girl’s bedroom, and some of my recent research looks into how misuse of technology, e.g. tracking apps, can facilitate domestic abuse. Which means that it’s not just cyber criminals misusing technology – the evolution of the internet has meant the everyday person can now take advantage of it in the wrong ways.
‘However, things are looking more positive as we’re moving towards a place where we can start to get people to use the Internet more responsibly. There will be opportunities for things to go really, really wrong, but the aim and the hope is that we can put things in place to address the challenges as and even before they emerge/worsen, whether related to scams, technology-facilitated domestic abuse or online harassment.
‘Parliament has recently approved the Product Security and Telecommunications Infrastructure Bill, which seeks to address issues of smart technologies and technology infrastructure to try to ensure that these devices are more safe in their design and implementation. This bill will have a significant impact on what the future, what the future Internet in the UK looks like, and it will have an impact on technology companies such as TikTok, Meta and Twitter – calling on them to make the Internet a safer place, tackling things such as misinformation and addressing online targeting – which must be our priority as the internet continues to grow.’
Dr Jason Nurse is a Senior Lecturer (Associate Professor) in Cyber Security in the School of Computing and the Institute of Cyber Security for Society (iCSS) at the University of Kent. His research interests span smart home technologies, security and privacy awareness, and ways to keep people safe online.