Charlie McMurdie is a cybersecurity speaker, best known as the former head of the Police National Cyber Crime Unit at New Scotland Yard. With decades of frontline experience tackling some of the country’s most serious cyber threats, she has advised global corporations, law enforcement agencies, and government bodies on how to strengthen their digital defences. She shares here insights on how cybercriminals are evolving, the rising sophistication of ransomware, and what organisations must do to stay secure in the era of hybrid working.
Q: With the surge in remote and hybrid working, how have cybercriminal tactics evolved to exploit new vulnerabilities in today’s workplace?
Charlie McMurdie (pictured): “We saw, with COVID causing all the problems, that it was a big nudge, a big push towards lots more people using their own bits of kit — their own laptops, their own phones — lots more working from home, own devices being used. And we saw a massive increase in attacks and harvesting data. Certainly, cybercrime on the back of, you know, purporting to be government bodies offering furlough payments or COVID — “you need to click on this, that, and the other.”
“So, any hot topic, the cybercriminals will utilise that for their advantage. Now, people are working far more remotely — obviously, that opens up more doors for the cybercriminals. But I think we shouldn’t steer away from that. I think working from home, as long as it’s done following the right processes and procedures that businesses put in place, should be a great enabler.
“I think where we can fall short is when people don’t follow the right process — they haven’t got the right security, AV, or, you know, they’re not using the right company setup or company process. I think, just to put a simple example in place — we’ve seen some breaches where you think, once they’ve actually breached, why are they stealing the data from that company? They don’t have any financial gain to be had. There’s no real — you can’t work out the incentive to steal your data from that company.
“But then, when you look at the people who may have their data within that company database — so, you know, Charlie McMurdie, for example, and Charlie McMurdie in that database that’s just been harvested, whether it’s a social media database or, you know, selling toilet rolls or something particularly insignificant — that Charlie McMurdie uses the same password on that database as Charlie McMurdie uses on her company email.
“So, we’ve seen that that can be used as a very simplistic tool because people use the same password on umpteen different platforms and forums. So, that gives a leg up.”
Q: As emerging technologies reshape the threat landscape, what adaptive strategies must cybersecurity teams adopt to stay ahead of increasingly sophisticated attackers?
Charlie McMurdie: “Everything is now being connected to our networks, and every day there is some development around technology and new bits of kit — for both defending, and lots of kit being developed by the attackers. So, I think, you know, how do we actually stay match fit to deal with cyberattacks and the cyber technology that’s out there?
“I think key to all of that is really getting the right people in place. A lot of my old cyber unit were detectives from the Flying Squad, we had loads of industry players, and it’s that mindset — people that are keen to stay match fit, keep up the pace, keep up the learning, keep the interest and the development going.
“Because, you know, technology changes at such a pace that if you’re good at doing a certain aspect and dealing with a certain technology today, you’ll fall behind. You have to have that intrigue, that interested mind.
“I think the other thing as well is — you know — nobody can deal with cyber in isolation. It’s a team game. You look at the attackers, and the attackers will work — quite often, they’ll have their own organised network, the criminal network, and they’ll head-hunt individuals to form part of their attack network from around the world.
“They’ll almost, you know, check their CVs and hire. And we need to mirror-copy that. We need to be sharing intelligence, we need to be working with the best people, we need to have the networks of sharing intelligence as to what’s going on, what’s happening.”
Q: Among the many types of cyberattacks businesses face today, which do you see as the most pressing, and what practical steps can organisations take to defend against them effectively?
Charlie McMurdie: “Again, how it’s developed and become far more sophisticated, and that really causes significant harm to businesses. Certainly, when organisations are hit with this type of attack, it can be the rabbit in the headlights — like, you know, what do we do now? Ransomware.
“I remember way back in the day when ransomware was quite straightforward. It would be, you know, you receive an email and your computer is locked down because you’ve been doing illegal file sharing or downloading music, you know, that you weren’t allowed to download. And you get this symbol, sign would come up on your screen saying, “You have been fined 50 euros or 50 pounds. Pay your money now.”
“And I really remember early days when they were actually using our police logo — we’d set up the original cybercrime unit in law enforcement, the Police Central e-Crime Unit (PCeU), and they were using our logo that we had as one of the “you’ve been locked down for file sharing, you need to pay the PCeU money.” We thought that might help with our funding challenges that we were having at the time! But that was very low level.
“Nowadays, you see companies — and big organisations — we’ve seen most recently, you know, the NHS, the health sector, government sector — anywhere where there’s really rich data and they know that they can cause significant harm. They like, you know, the legal sector, the health sector, financial sector. And it’s not a straightforward attack and lock that organisation down now.”
This interview with Charlie McMurdie was by Mark Matthews.
