There are few things more terrifying and devastating than having a loved one go missing and not knowing where they are or whether they're okay. 170,000 people are reported missing every year in the UK alone, and, as much as the police can use their incredible knowledge and experience to find them, their resources are unarguably limited when facing such a huge number of cases. Thankfully 90% of children and 85% of adults are found within two days, but some individuals remain missing for an extremely long time — in March 2020, there were over 5,300 people in the UK who had been missing for over a year, 1,700 of these being children.

Trace Labs, a non-profit organisation based in Canada, specialises in crowdsourced open source intelligence (OSINT), inviting people to volunteer their time and expertise to uncover critical information about the possible locations of real missing people. The organisation partners with law enforcement agencies from around the world to run 'search party' events several times a year, where hundreds of volunteers have a fixed time (usually around four hours) to find information to help progress a set of missing people cases, carefully chosen by the law enforcement agencies. As of February 2023, Trace Labs has run 48 search parties and assisted in 380 cases, with over 11,777 volunteers taking part.

On Saturday 11th February, two of our Cyber Essentials Assessors, Alice and Steve, took part in one of the Trace Labs events. This was Alice's fifth event — she's taken part in the events for the last two and half years as part of a regular Trace Labs team — and Steve's first. They joined forces with Alice's usual Trace Labs group (Adorably Persistent Team), which has grown so much in numbers that it managed to field six teams at the recent event. Since two of these teams were local to the ID Cyber offices, the company were pleased to be able to host them, providing computers, coffee, and pizza.

As the event is hosted by a Canadian organisation, it began at 5pm GMT and finished at 9pm. Our two teams set themselves up in ID Cyber's training room a couple of hours beforehand and regular Trace Labs volunteer Gerard Barrett delivered a briefing, complete with useful hints for all the first-time participants. At 5pm, the submission portal opened and we received details of the four cases we would be working on.

As mentioned, these are real missing person cases, so it would be unethical to share specific details. But, as a general overview, we spent the next four hours combing social media profiles of each missing person and any critical associated people, looking for any notable features not included in the police reports (tattoos, regularly-worn and distinctive jewellery, make and model of mobile devices, etc.), signs of activity after the date reported missing, and ultimately indications of where the person may have gone. We identified networks of trusted contacts (as the missing person would be more likely to get in touch with one of these people than any others), used known social media profiles to identify previously unknown profiles which yielded more information, and submitted everything of value we found to the Trace Labs portal.

Every piece of evidence we submitted was assessed by a Trace Labs judge, who checked that what we had provided was verifiable (particularly if pivoting from an earlier submission) and presented in a way that would be valuable to law enforcement, with any necessary relevant supporting information.

At 9pm, the Trace Labs organisers sealed the portal and verified any final submissions, before giving a closing briefing. At this time they revealed the leaderboard, showing which teams had given the most valuable submissions. It initially felt a bit odd that we were gamifying trying to find missing people, but it's clear this is a really good way to encourage volunteers to find valuable information and to keep them pushing hard through the four-hour event. It's also a good way for teams to see how well their information compares to other teams', so they can consider looking for new tools and ways to improve their submissions. At this event, we were pleased that our team came 32nd out of 220 teams, showing that we were finding and submitting some really important information to help law enforcement agencies find these missing people.

We're now looking forward to the next event, which will probably be held in late summer, and will be using the upcoming few months to research some new tools so that we can hopefully find even more valuable information to help progress the next set of cases.

If you're interested in learning more about Trace Labs, keep an eye out for our ID Cyber Sessions episode with Dan Conn, experienced Trace Labs participant and judge.

Finally, a disclaimer: Please note that, although we were searching for only freely available information, it's unethical to do this unless as part of an official organised effort (e.g., Trace Labs) or with the express permission of the person themselves (e.g., if they want to know what information is available about them).

Our Business Support Administrator Megan clicks the link in the phishing email sent by our Business Manager, Keven. Instantly, Kev gets a notification that someone from his sample group has clicked the dodgy link and assigns them anti-phishing training.

This was a test of our new phishing training platform, and Kev directly asked Megan to click the link. But in an everyday situation, how many of your employees would have clicked and tried to claim their free pizza, or download an unexpected invoice, or learn about the generous new bonus scheme?

According to Verizon’s Data Breach Investigations Report, 82% of breaches in 2022 involved the human element, including phishing, stolen credentials, and error. 35% of ransomware incidents were triggered by email phishing attacks. And:

“… while only 2.9% of employees may actually click on phishing emails, a finding that has been relatively steady over time, that is still more than enough for criminals to continue to use it. For example, in our breach data alone, there were 1,154,259,736 personal records breached. If we assume those are mostly email accounts, 2.9% would be 33,473,532 accounts phished (akin to successfully phishing every person in Peru).”

(Verizon 2022 DBIR, p. 34)

Technically experienced individuals aren’t immune either: the highly successful and hugely respected Linus Tech Tips YouTube channel, which boasts 6.8 billion views and 15.3 million subscribers (correct as of March 2023), was temporarily lost to cryptocurrency scammers after one of the team fell victim to a phishing attack.

If current phishing attempts are sophisticated enough to catch out even those who are very scam-aware, how can your organisation identify the 2.9% of its workforce likely to fall prey to a phishing email? More importantly, how do you stop them clicking that link?

There’s no easy fix, but regular and focused training can help. ID Cyber is partnering with EC-Council to offer Aware, a phishing simulator and training platform, which we will be releasing in the coming weeks. Through the platform, we can send your employees tempting emails, identify who opens the message and/or clicks the dodgy link (which diverts to a page to alert them of the phish), and assign targeted training based on their level of interaction. Emails are designed to be as convincing as possible while still showcasing key features that employees should look out for, and that are reinforced through the post-simulation training. Finally, the system generates advanced reports so that you can track how well your employees are performing in phishing tests and whether they’ve completed the training they’ve been set.

Register Your Interest Today

Interested in making your employees more Aware? Register your interest via the contact form to be notified when the platform is available.

Original content by EC-Council

According to studies, 39% of UK businesses identified a cyber-attack in 2021. The average cost of a cyberattack has cost UK businesses £4,200. For medium to large businesses, this figure drastically rises to £19,400 with phishing and ransomware attacks being the main forms of offences that resulted in these fatal costs.

The information security job market is expected to see major growth in the wake of these increased cyberthreats, as there is a greater need for cybersecurity professionals than ever. In this article, we'll explain why becoming an EC-Council Certified Cyber Security Technician (C|CT) is an excellent first step towards a career in this competitive, high-demand field.

What Does a Cybersecurity Technician Do?

Cyber Security technicians are directly responsible for multiple tasks related to information and network security. The C|CT certification creates a foundation of technical skills that will enable any individual to enter the world of IT and cybersecurity.

EC-Council's Essential Skills coursework covers the basics of network defense, ethical hacking, and digital forensics to get you started on the path to becoming a cybersecurity professional. The series not only lays the groundwork for a cybersecurity career in and of itself—it also serves as a starting point for pursuing future certifications and training. In other words, becoming a C|CT means gaining excellent skills right from the start, and they won't be the last ones you learn.

What Are the Benefits of Becoming a Certified Cyber Security Technician? 

Becoming a C|CT opens the door to careers in many IT and cybersecurity niches, including networking, systems administration, and security operations center (SOC) analysis. These roles are very much sought after and high paying in-demand. It’s been reported that 51% of all private sector businesses highlighted a lack of confidence in conducting a range of basic cyber security skills tasks or functions. This is where YOU can make a difference.

As noted above, ongoing increases in cybercrime mean that the skills taught in the C|CT program will be in high demand in the future. Becoming a C|CT can get you started in a rapidly expanding field that is expected to provide multiple avenues of growth over time.

The benefits of becoming a C|CT include learning a wide variety of skills that will form a foundation for your work in cybersecurity. Just a few of these skills include:

• Providing technical cybersecurity support
• Troubleshooting network security problems and monitoring alerts
• Applying appropriate standards to protect organizations’ information assets

Finally, the C|CT course offers a robust and uniquely hands-on curriculum. The C|CT covers a broad range of cybersecurity topics, but the coursework also goes deep: The C|CT program encompasses the fundamentals of cybersecurity, identification of security threats and vulnerabilities, network security controls, security design, testing techniques, and much more. All these skills are highly specialized, high-paying, and much needed in today's digital environments. 

What Are the Benefits of Hands-On Training?

There's no question that extensive benefits are associated with any academic learning. However, when it comes to cyber security, studying books and retaining knowledge simply isn't enough. To succeed in this field, you need more than theory—you need practice and real-world experience.

In your C|CT studies, you'll spend 50% of your time actually applying your knowledge in hands-on labs. This means you'll develop practical skills and learn real-world techniques to help you identify vulnerabilities, build cyber security defenses, and ensure that computer networks are prepared to manage breaches. 

The C|CT course offers ample immersive experience through 85 wide-ranging labs covering numerous scenarios within network defense, ethical hacking, digital forensics, and more. These highly realistic scenarios provide the practice opportunities you need to prepare for a career in cybersecurity and help you develop the critical thinking skills necessary to become a world-class cyber security professional.

These challenges take place on EC-Council's exclusive Cyber Range, which plays a key role in EC-Council certification courses. The live Cyber Range gives you the practical experience you need by letting you explore immersive scenarios that teach you how to deploy your skills in the real-world environments you'll encounter during your career. This environment allows you to test your programming skills, practice computer forensics, and learn how to handle a variety of security incidents. 

Ready to Become a Certified Cyber security Technician?

You can find additional information about how to become a C|CT on EC-Council's website or visit our website where you can also explore the many other cyber security certifications.