The University of the Commonwealth Caribbean (UCC)  with the National Commercial Bank (NCB )hosted its fourth annual Rickert Allen Memorial Lecture on April 24, with the theme ‘Think Like a Hacker’, shedding light on the importance of adopting a hacker’s mindset to fortify online safety.

In the digital age, where our lives are increasingly intertwined with technology, safeguarding our digital assets has become more crucial than ever before. 

Delving into the lecture, keynote speaker, Director of Cyber & Information Security, Symptai Consulting Rory Ebanks’ riveting address left nothing to the imagination as he spoke on the different methods hackers use to access a person’s private information.

He mentioned that Symptai Consulting has over 20 certifications as it relates to hacking since their ethical hacking requires them to be knowledgeable and up-to-date. Ebanks explained that understanding how hackers think and their motives is a good way to measure up to their efforts and keep your digital assets safe.

Some local company’s that have been breached

Companies such as Mayberry, Massy, Courts, Pricemart, and Caricom were recently hacked. Ebanks noted that big companies bear an average cost of 4 million dollars to fix a data breach. The cost to repair the business, its reputation, and strengthen its systems can be detrimental to a company and many fail on average six months after being hacked.

“Every 39 seconds there is a successful hack- attack or breach; over 2000 successful attacks,” he said, “92 per cent of those are malware’s done through email…we all use email… and most of the time these emails have attachments. It may be a Microsoft Word document, PowerPoint or even a PDF, they may have malware inside it.”

Websites are also unsafe as hackers embed links on some platforms that may seem legitimate.

Statistics

Ebanks offered statistics, saying it takes an average of 50 days for malware to be noticed on someone’s device, though sometimes it can be immediate. He mentioned that he has witnessed cases where a company has been hacked for many years without realizing it.

Over 61 percent of companies are hit with ransomware (a kind of malware that threatens to lock up or destroy a victim’s data or device unless the victim pays the attacker a ransom).

74 percent of the time, humans are the cause for these attacks by being careless with passwords, clicking on links, and so on.

54 percent of organisations do not have password management. 

Over 4 million websites have malware at any given time.

43 million ‘recorded’ occurrences of Cyberattacks were recorded in Jamaica in 2023.

Anyone can be a hacker

Ebanks made a point through an exercise that there is no way to physically identify a hacker; there is no hacker identity to look out for. Young, old, female, male— “Anyone can be a hacker,” he said.

“Their main aim is to gain money,” He said, “And you have others who are simply thrill-seekers. They like the adrenaline rush of breaking into a website… my team members get that same adrenaline rush, but we are ethical hackers [also called White-hat Hackers], we are authorized to do that.”

“Contractors, even your neighbour could be a hacker,” Ebanks added.

Types of Hackers

He explained the different types of hackers; Black Hat, Gray Hat and Black Hat hacker.  Black hat hackers are those with no authorisation, Gray hat hackers usually do not have the malicious intent typical of a black hat hacker, and White hat hackers, are permitted to hack.

He mentioned that insider threats are more common than most believe. Hackers from inside the business have an easier time accessing data than outsiders do, “they are actually a step ahead of the hackers,” he said.

Unsecured remote connections, Wireless attacks (WiFi), password attacks, social engineering attacks (playing on the human emotions).

Phishing, Vishing (through calls), Smishing (text messages) and physical attacks (e.g. stealing a laptop or phone), or speaking to someone to get their information. 

“Attackers are using Artificial Intelligence  to identify weakness in networks, scanning the environment… hackers have access to this information… even your, cloud could be attached,” he said, “We’ve seen a 95 per cent increase in cloud attacks.”

A homograph hacking exercise kept the audience engaged as Ebanks challenged them to figure out which one of the websites was real, https://www.symptai.com or https://www.symptai.com. The results concluded that it is easy to be tricked by a slight font change.

Iphone Vs Android

All devices and smartphones can be hacked. People with the notion that iPhones are impenetrable were disillusioned in this session as Ebanks made it clear that this is simply not the case. 

Apple struggles to keep up with evolving cyber threats, and iPhones occasionally contain security vulnerabilities that are patched with new software versions, making them not entirely hack-proof.

Dane Nicholson head of fraud prevention at NCB, and the Superintendent of the Cybercrimes Division, Jamaica Constabulary Force, Warren Williams, as well as the acting Dean of UCC, Otis Osbourne were present to give their feedback and additions to Ebank’s address.

Nicholson added that NCB is aware of how hackers can access a company’s data, and the many methods used to trick their customers into giving up their information. He mentioned that NBC’s ‘No-click, No-link’ policy is in place to remind customers that NCB does send messages or emails asking anyone to click on a link.

“I would love for this information to be decimated across the industry, “Nicholson said, “Customer education is what is going to change the posture and behaviour of Jamaican citizens.”

Geared towards enlightening the public on the sophistication of the digital ecosystem and the ways they can be harmed through cyber-attacked, the lecture delivered the fundamental information and perspectives of an ethical hacker, as well as pointers to safeguard their digital assets.

Here are some photos from the event: