“What’s he stealing? The lyrics to Mambo Number 5?” Pratik Padhiar, YUDU’s Senior Business Consultant.
If you’re in the cyber security business, or just have an interest in tech, then no doubt your social feeds are full of the same kinds of images. Lots of futuristic touch screens; green lines of “code”; padlocks hovering over keyboards: we’re all getting bored of them.
But where have these images come from, and what stereotypes do they reveal? Are stock image artists wildly unimaginative (@DarkStockPhotos suggests otherwise) or are there some deep-seated misunderstandings being accepted as the gospel truth?
1. Hackers are young men in hoodies working in sci-fi basements.
If Shutterstock are to be believed, then hackers are men in their early twenties wearing hoodies, sometimes paired with some supervillain leather gloves and a balaclava.
Where did this stereotype come from? Perhaps a subsection of the older workforce who fear two things: computers and young people. Therefore, that scary “hacking” business that keeps being mentioned in the electronic mails must be being done by disgruntled “millennials” whose Friday beer fridge didn’t get restocked or weren’t given enough “participation trophies.” But hey – they’ve got to get a mortgage somehow, and hacking is easier than giving up avocadoes.
But back in the real world, there is no stereotypical hacker, and they probably wear a variety of different jumpers both with and without hoods. While the majority of hackers are probably in their twenties and thirties and have better IT skills than your average person, they aren’t always the coding masterminds that the media depicts them as. Many might be switching from other crimes – drugs, burglary etc – to something safer and more profitable by buying pre-made malware kits off the dark web. Some are malicious insiders who leak an organisation’s data on purpose, like the Morrison’s breach of 10,000 employee records (including salary and bank details). Inside jobs account for 54% of data breaches according to the Information Security Forum. If they all wore hoodies and V for Vendetta masks all the time, then they would be spotted far too quickly.
2. Cyber crime only happens to big organisations with loads of money to steal.
Cyber crime is undoubtedly big business – this guy is clearly doing very well for himself. So it must only happen to FTSE 500, multi-million, global conglomerates who are evil, faceless corporations anyway, right? It would never happen to a little local business or a charity for puppies and kittens?
Unfortunately, if you believe that then you are probably giving cyber criminals far too much credit. Many aren’t targeting an organisation in particular, but casting out a net and seeing what it lands. The devastating Wannacry attack wasn’t intended for the NHS (who wouldn’t be considered a high value target by any criminal who’s felt the papery caress of a standard-issue hospital gown).
You also don’t have to have a million pound turnover to have valuable data. Phishers may be looking for your customers’ bank details, backdoors to your clients or suppliers, information that might be useful for corporate espionage or political agendas. Even the Royal National Institute of Blind People was hit with a cyber attack in 2017, showing just how indiscriminate cyber criminals can be.
3. Hackers are sneaking into your office and putting their grubby hands all over your laptop.
Things that are unfamiliar are scary, so to make it less scary let’s imagine that cyber crime is just like old fashioned crime, from The Good Old Days. This guy has clearly found your premises in the Yellow Pages, climbed up a rope ladder made of VHS tape, broken your office window with his Nokia 3360 phone-brick and put his wife’s Woolworths tights on his head before getting down to some serious e-burglary.
Now obviously we should still be guarding our devices from marauding hordes of tights-clad strangers. Locking your device when it’s unattended, making sure it’s securely put away overnight and doing the same with USBs, hard drives etc should go without saying. However, according to a study by Kroll, only 12% of data breaches are by malicious outsiders: the remaining 88% comes from human error. Sending sensitive data to the wrong recipient, losing paperwork and storing private data on public servers: all of these can land you in hot water without anyone sneaking into your office with hosiery over their face to Google stag weekend venues in Vegas without their missus finding out.
4. Cyber crime is a business issue that only happens to business people in businesses.
Look at these white-shirted business people dealing with a SECURITY BREACH. Despite their suspiciously crisp, white outlines and the yellow warning triangle hovering in front of Business Man 1 in a rather surreal fashion, they are clearly very focused on the task in hand.
However, our office desktop is not the only vulnerability we have. More and more of us are using our own mobile phones, smart watches, tablets etc during our working life: a phenomenon known as Bring Your Own Device. The more connected devices, the more weaknesses we have, and that’s before we start thinking about whether Alexa is listening in on our conversations. With smart fridges, smart kettles, smart home hubs and smart just about everything, cyber security is not just a work issue.
5. Artificial Intelligence = Robots.
The legal team from the film ‘I, Robot’ have clearly dropped the ball, because every stock image page for “artificial intelligence” is full of eerily familiar white robots. Is this one rehearsing a soliloquy from Hamlet or gloating over the first victim of the machine uprising? Only Shutterstock knows.
The reality is that of course artificial intelligence is not like human intelligence at all. AI is essentially a system of algorithms, great for spotting anomalous activity that might suggest malware but also for seeking out weaknesses in the cyber defences of websites en masse. It’s a category of software, not a sentient robot and certainly not a cyber security silver bullet. While AI engineers have no shortage of ethical concerns to navigate, including gender representation and reinforcing racial biases, we are unlikely to see an army of androids marching through the streets. Still, it couldn’t hurt to be a bit nicer to Siri.
Maybe one day we will live in a world where we won’t have to see different arrangements of the same cyber-themed images over and over again in our social feeds. A world where hackers can be female, or even wear a smart-casual blazer. Where we can talk about the ethical issues surrounding AI biases without being stared down by android after white, shiny android – after all, there will be plenty of that after the revolution. Until then, let’s be wary of the stereotypes that our tech editors may accidentally be promoting, and not let it lull us into a false sense of security (or alarm).
YUDU Sentinel is an app-based crisis communication platform for the management of fire, terrorist and cyber attacks, or any other critical incidents. Crisis managers have immediate access to an independent two-way communication (SMS, voice, email and in app messaging) and can view key documents on mobiles. Sentinel is a cutting edge crisis management tool. Find out more at www.yudu.com/sentinel or contact us on Twitter @YUDUSentinel.