From follower to leader: Taiwan’s financial sector accelerates digital transformation Â
Taiwan is undergoing a financial revolution, surging ahead in digital transformation, propelled by a convergence of global trends and local innovations. ...
22 November 2023 • by Jamie Woodruff in Technology
To safeguard your organization from persistent cyber threats, look beyond technology and focus on educating your people, says prominent cybersecurity expert and ethical hacker Jamie Woodruff. ...
When organizations look to tackle cyber threats, they put a big focus on technology and forget about people. What I want organizations to realize is that, while we need technology, your people are your first and last line of defense.
I have uncovered numerous physical security weaknesses – in both the public and private sectors – by focusing on the realm of social engineering and the human aspect of cybersecurity, infiltrating targeted organizations to unearth existing exploits.
Through my extensive experience, I know that your people are under attack by organized criminals like never before. These criminals use social engineering to understand who your employees are. They spend months understanding their habits and their strengths and weaknesses, and they use this information to gain access to your organization’s most important asset – your data – with devastating consequences.
According to Verizon’s 2022 data breach report, ransomware attacks have increased by 13% in the past five years. The first half of 2022 saw nearly 236.7 million ransomware attacks worldwide, the average cost of which was $1.85m. Despite their best preventative efforts, ransomware breaches took 49 days longer than average to identify and contain.
To give you an example: the National Health Service (NHS) in the UK suffered a $100m loss due to the WannaCry ransomware attack in 2017 – a massive global cyber strike that affected around 230,000 different machines in 150 countries. More than 19,000 NHS appointments were canceled as a result.
Ransomware is also affecting critical national infrastructure. A recent ransomware attack saw Russian-linked cybercriminals target the British financial system. The incident affected 42 of ION Trading UK’s customers with many European and American banks and brokers compelled to handle trading deals manually. According to the affected brokers, the disruption affected crucial operations such as margin calls and regulatory reporting on major market positions.
People tend to picture a hacker as Warlock from Die Hard, trying to take over the world from a basement. That’s the stereotype. The reality is that it is most likely a disgruntled former employee or a third-party organization tasked with processing your data that is compromising your organization’s security, and not a lone wolf.
In the past, hackers would get into, then out of, an organization quickly – that is no longer the case. Some hackers spend years inside an organization, leaving the back door open and inviting criminals to bid for access to your information.
What we are facing today is serious organized criminals reaching out to your employees asking them to deploy ransomware on their behalf.
In the late 90s, it was all about viruses, malicious code, trojans, and advanced worms. Cyberattacks didn’t tend to use ransomware, even though it has been around for a long time. From 2004 to 2007 we saw identity theft, and from 2007 to 2010 we saw the rise of botnets. Since 2010, it has been about all social engineering. You can have all the technology in the world to ward off attacks but if I watch you for six months and I know your habits and where you hang out, there is a lot of interesting information that can be utilized to lure employees in –this is how organizations are being compromised.
It always falls back to human error, no matter what.
Malicious individuals normally message employees on WhatsApp, Signal, or Telegram to gather information. They promise a payout once the individual has deployed the ransomware within his or her organization and the organization pays the requested ransom.
Their tactics are numerous, and it pays to be hyperaware. Here are eight to watch out for:
Employees should be educated about the many ways that they can fall victim to organized criminals on a daily basis. These are some of the most common attack vectors that criminals use that could potentially lead to data getting compromised.
Beware of people impersonating an individual to get sensitive information. Fake audio and fake videos are increasingly easy to make and are incredibly accurate.
It takes just 11 seconds to gain valuable information from your laptop, so be aware of people trying to divert your attention from your computer, even for a short while.
Domain names similar to the organization’s are purchased to launch attacks, so it’s important to educate your employees on what to look out for.
Criminals drop branded USB pens to be picked up by targeted employees in the hope that they will be plugged into company devices. Emphasize just how important it is not to plug in unknown devices and to be aware of everything they plug into company assets.
Criminals listen to conversations to extract information that could be useful during the attacks or at a later stage. Be aware of not sharing sensitive information, even around seemingly unrelated people such as waiters or delivery men.
Criminals print identification cards to impersonate an employee within the organization structure. Pay close attention to this and to your security access points, which can be easily compromised by tailgaters.
Be careful of the QR codes you scan. Malicious links with QR-generated images could download droppers or trojans onto a user’s device
This article is inspired by a keynote session at IMD’s Orchestrating Winning Performance in Singapore, which brings together executives from diverse sectors and geographies for a week of intense learning and sharing with IMD faculty and business experts.
Ethical hacker and cyber security specialist
Throughout his career, Woodruff has been instrumental in uncovering vulnerabilities within high-profile entities and in the online operations of high profile people. Woodruff currently serves as the Chief Technology Officer of an IT Support and Security firm located in the UK. The company specializes in a wide spectrum of services, including training, cloud solutions, penetration testing, and comprehensive IT support for educational institutions. Woodruff also provides assistance to the Cyber Smile Foundation in the role of Cyber Safety Advisor, an organization dedicated to combating online cyberbullying.Â
15 April 2024 • by Jialu Shan, Yingfen Lin in Cybersecurity
Taiwan is undergoing a financial revolution, surging ahead in digital transformation, propelled by a convergence of global trends and local innovations. ...
12 April 2024 • by Öykü Işık in Cybersecurity
How navigating regulatory changes around AI can not only safeguard your organization against emerging threats but also foster ethical and sustainable innovation  ...
22 November 2023 • by Öykü Işık in Cybersecurity
The quantum era is arriving and organizations need to start thinking about encryption now, says Öykü Işık, Professor of Digital Strategy and Cybersecurity....
2 October 2023 in Cybersecurity
Cybersecurity is a rapidly evolving field, critical for protecting our digital identities and data. In recent years, women have been making significant strides in this male-dominated industry, contributing their unique perspectives and...
Explore first person business intelligence from top minds curated for a global executive audience