Security, Security, Security
The old saying used to be location, location, location when it came to running a business, and that’s probably still true to a degree for physical location of retail spots. However, security is front and center in the cyber landscape.
Last week I attended a live webinar and then watched a recording for another webinar that was scheduled in direct conflict with the first webinar that I attended. The first webinar was presented by Datto and had representatives from several large players in the security world. The second webinar was hosted by WatchGuard. Both webinars had a similar focus on the current cyber security trends.
There were a lot of facts tossed around like “99% of email-based financial fraud relied on human clicks rather than automated exploits to install malware”, making end users one of the greatest threats when it comes to cyber security.
I also learned a new terminology, whaling. Whaling is a specific form of spear phishing were the emails are targeting the CEO and various other executive officers of an organization. This means the attackers have already committed extensive studies into how the organization operates, collected proprietary data from the organization and already know enough about it’s executive officers to make a convincing manipulation in the favor of the attackers.
There was an incident recently where a company lost approximately $240,000 from being tricked into believing that they were talking to their CEO. This happened outside the scope of emails. A malicious group had written an Artificial Intelligent program that mimicked their CEO’s voice to accomplish this. Not sure if the conversation took place via phone, Facebook Messenger or snap chat but the AI was able to convince staff that they were talking to their boss when they were not. They were convinced to the tune of over a couple hundred thousand dollars. Always authenticate who you think you are talking to before committing actions that you can’t undo later. Social engineering has reached new heights in sophistication.
The cyber threat landscape has been evolving into ever more sophisticated attack vectors. It is only through a multi-layered defense plan that an organization can weather such attacks. Such a muti-layered defense plan should include written policies, effective hardware and software layers as well as an organizational wide commitment to end user awareness and education.