Avoiding Cybercrime and Online Fraud

From a presentation by Brad Deflin to a private investment management firm.

We work with wealthy individuals and families, VIPs. Even some New York Stock Exchange CEOs. We call it "Cybersecurity for Life." What we mean is that in an age of digital technology and a connected, networked world, many of the old rules for survival and success in life just don't apply anymore. People are realizing it's more when versus if something will happen and they want answers that are smart and make a difference for life.

Cybersecurity for Life is a holistic, comprehensive approach to eliminating cyber risk to the margin by using protective solutions and new life skills for the digital age. We'll talk more about that in a minute. But first, let's look at what's really going on.

We call it the personalization of cyber risk. It's really why we're here today and it means that just over the past several years cyber-attacks have been democratized in terms of both the perpetrator and the victim. This is what I mean by that up until rather recently cyber risk was a problem for institutions like big companies, the government, the Pentagon, nation states around the world. The hackers were black hat types. They targeted institutions to steal corporate secrets, intellectual property and to conduct a cyber warfare between nation-states. These attacks had specific targets and they traditionally aimed at centralized it departments and servers.

But over just the past handful of years a dramatic change has taken place. Not only has the overall size of the attack problem become much, much bigger, but more and more of the activity is targeting not the institutions and large organizations, but they're targeting us people using our personal internet technology in our everyday lives. And the perpetrator or the bad guy or the threat actors as they say is less a black hat operator or computer geek and more a low-life street thug a career criminal or the creep down the street this phenomenon the personalization of cyber risk is literally changed everything.

Here's what I mean.

This is a pie chart that illustrates the facts that were experiencing today. If you look left to right the size of each circle illustrates the volume of attacks. That's the number of incidents taking place over the year. Now the colored slices of the pie illustrate the motive behind the attack the purpose behind the attack. So, the yellow slices cybercrime and the other colored slices are the traditional mode of cyber warfare, espionage IP theft and the rest.

So from 2015 to 2019. Well volume of attacks has skyrocketed more and more of the overall activity of cybercrime for-profit where the goal of the attack is a payoff for cash attacks aren't so much targeted is they are sprayed across many, many individual targets. They're looking for the low-hanging fruit those that are unaware. They're unprepared and unprotected. All of this crazy dramatic change, you know, it begs the question. Well, how did that happen? Well, here's how.

Does anybody remember where you were in January 2007 when we saw Steve Jobs show us the first iPhone ever. He called it what it is a supercomputer in the palm of your hand online connected to the internet and infinite in its capacity to connect to the rest of the world. He said it's your life in your pocket.

And this changes everything of course, it wasn't just the iPhone jobs was referring to its the smart phone the mobile Revolution that's changed everything a connected planet with all of us, huh being our lives around internet technology with a super computer in the palm of our hands were all swimming in the same pool. And this is what has changed everything in retrospect how prophetic Steve Jobs was.

Now this is the ugliest slide of the day. I promise it doesn't get worse than this one. But we like to include headlines that help us make the point. Let's just run through these quickly the CNN reports the FBI's warning Smart TVs are spying on you, ring doorbells... You may have seen this and had a lot of press recently. This sounds so ridiculous, but the fact is it's no joke. It's very serious stuff because the risk is become ambient. We call it ambient risk.

Anyone will tell you the FBI is overwhelmed with cases and you can see by the headlines here. It's more and more about the public and the personalization of cyber risk is the headline says FBI agents are warning the public about cybercrime with a number of victims and money stolen soaring and sophisticated scams. We do work with the FBI and law enforcement regularly and I set on panels and do conferences with their agents all the time.

They’ll tell you that anything reported after 48 hours is generally considered hopeless and that window of time is narrowing by the way and hackers are getting so good at moving money into jurisdictions where the US law enforcement has no Authority or cross-border agreements that can work with in order to pursue their case. I have one more headline and then we'll move on but I've got to include this because it's from The Wall Street Journal just this past Tuesday, and it's such a terrible testimony to what we're seeing all the time.

If you haven't seen this article yet, just Google search the headline you'll see that first this hack started with an email. It includes an element of skulking keep that word in mind skulking or stocking and it was enormously painful for this victim on so many levels the bank and law enforcement are holding their hands up saying there's nothing there they can do. In fact, the bank is stop calling this gentleman or returning his calls. I should say this guy has spent over three $100,000 in legal expenses as a result of the aftermath of this hack and the experience leaves them feeling sick and like a fool. These are all predictable repercussions from a hack and the level of expense inconvenience metal mental stress. They're all consistent with what we see in the field all the time. I don't want to dwell on these risks in these repercussions, but I can't overstate them.

Here’s a graph of the damages the economic damages that are surging from cybercrime the green columns represent and trillions of dollars. And if you look at 2015 just five years ago cybercrime damages represented a mere 400 billion dollars over the course of that year. In 2019, that number came in at one point five trillion dollars in damage.

Damages from cybercrime over the next coming to years between 2020 and 2021 through 2022 damages from cybercrime are expected to reach six trillion dollars a year that's in less than two years of 4X of four times from where we are today many agree with the footsteps of a period of chaos and damage like mankind has never seen the periods being called the Great hack.

Others are calling it The Greatest Transfer of Wealth in History by any measure the wave of disruption and damage will be historic for mankind and it's why Warren Buffett in his annual report to shareholders says cyber is the greatest of all risks we have today including terrorism and nuclear war.

So, here's what we see from our perspective in the field every day again with people. These are individuals and families, and professionals, email is attack vector #1. Number one ninety percent of all successful attacks start with an email. We just saw that in the Wall Street Journal article in 90% industry statistics matches our experience in the field email attack Vector. Number one secondly phones and Macs.

More attacks are taking place on phones than in the past in just two weeks ago for the first time ever threats aimed at Max exceeded Windows including the most Insidious of attacks ransomware where incident reports have gone from one every two minutes in 2018 to one of every 11 seconds today ransomware payments over the same period have bolted from 1 billion in 2018 to an estimated 20 billion dollars by the end of 2020.

Wi-Fi over just the past year, year and a half at my business …we've seen public Wi-Fi and home Wi-Fi hacks or more common because most networks are defenseless and so simple for anyone to hack and yet we're having our lives around our devices in our internet connections and sadly but importantly there's a convergence between digital and physical or traditional crime begin with a cyber hack in order to optimize the potential and results of their crime. So physical attacks burglaries rapes extortion blackmail you name it personal information is being stolen and used to optimize the crime. This is exceedingly important to understand because it's a trend that's putting the notion of security and safety on its head and yet the public's awareness is still very low finally on this list is skulking another emerging risk, we call sculpting less and less anymore. Do we see a cold start to a hack? This is what happened in that Wall Street Journal article. We just looked at where hackers are spending the time they need and they're showing to be very patient is they skulk on our devices and networks collecting the information they need and optimizing the nature and timing of their strike for maximum gain and the greatest probabilities for success without getting caught.

This is the first statistical report. I've seen related to skulking this report was just released yesterday. They refer to it as stocking we've had clients come to us that have been stocked like a Boyfriend/Girlfriend husband/wife ugly divorce or just the creep down the street, but it's the skulking effect that we see more of in the field to differentiate the skulking we see like the Wall Street Journal article is about hiding and devices and email accounts in order to collect the information.

Let’s get to the flip side of the coin the good news. You know in a democracy in a market economy, It's very good at identifying and solving problems - a big problem in a market democracy means big profit potential. Warren Buffett says cyber is Mankind's problem Number One. It's because of the huge dislocation and risk. It's asymmetrical risk, so equally huge sums are being invested in solutions that level the battlefield and move past this period where the aggressor holds all the advantage and the lure of big, easy money is just too great. The orange columns left to right represent new, fresh capital to the IT security industry. What's important to know here is this this is the take-away all this fresh investment capital is working to the advantage of consumers by building technology that includes new tools like artificial intelligence and machine learning and it's driving innovation in the field like we've never remotely seen before. The advancements in cybersecurity mean greater efficacy and value that is for the consumer. It works better. It's easier to deliver the results and its cheaper cost wise.

Here's what this capital investment looks like today. This is what cybersecurity looks like today. It's less about firewalls and hardware and IT Tech Support engineers and more about remote data centers. They call a managed security operations centers that deliver as a service results in real time. Of course, it's smart with AI in ml and it is software-defined which means to protect a phone or a computer is as easy as installing any other software application. Today's firewall is a managed security operation center in the cloud. It delivers protection and security to end users and end devices that have the software connection.

This slide illustrates what these managed security operations centers do but what they really do is just two things; protect from the outside, that is the bad stuff from getting in, and anonymize everything that goes out. Protect coming in, anonymize going out. All the functions and intelligence these centers have and use is a long, long list, but you can you can group them into two categories protect from the outside and anonymize all your information that departs over the big bad internet.

All these functions are performed in a real-time manner. In this slide the service is being provided to an institution as you'll see the traditional buyer of it security products because the total cost of ownership is so much lower. The efficacy is so much higher and it's performed again in real time, which the risk demands today, so we do the same thing using the same managed so manage security operations centers that other big institutions are beginning to use but we bring it into our personal lives. We provide clients with the same tools a large institution would use because not only does it work really well, but now it's simple and it's affordable.

We identify the three primary attack surfaces, and this is how we apply advanced cybersecurity technology to our everyday everyday lives. Everyone has these three primary attack surfaces email your personal Internet devices and networks. Whether it be your home, home-office Wi-Fi or public Wi-Fi. These are the three things we have to focus on this is where the rubber hits the road, and this is where all the risk lies.

So to bring us back full circle protecting from cybercrime and online fraud my company uniquely provides enterprise-grade solutions that leverage all the best science the cybersecurity industry has to offer and we bring it to bear to protect private clients and families with email that is secure, personal devices that are protected 24/7 365 in real time, wherever you're using them.

Home and Office Wi-Fi networks with the full capacity of a managed security operations center. We call it cyber security for Life think about your digital estate; email, personal technology and internet networks. This is where the enemy is closing in personally and professionally and these are the first holes to plug. Let's just run through them each quickly email. We always start with email.

Email is the gateway to much of our life again. It's where 90% of all attacks start and in our private lives. We should own our information our email information not Big Tech so they can resell it and make it available to anybody that wants to use it against us. So, we always start by setting up an email domain we can help get others and family members on board and you start by telling your professional advisors to use your new email address over time you decide whether you want to keep your old public Gmail or AOL or Yahoo, or whatever email account you're using or eventually eliminated altogether. People look at that a little bit differently case-by-case personal devices next.

It’s usually personal devices. This is usually where the financial damage happens ransomware. For example, as you've seen people who have been victims suffer more than financial loss. It can be the mental strain and inconvenience. We use the managed security Ops Center approach the set clients up with real-time protection from all these device-centric threats and the third attack surface networks here, we're referring to our home our home office Wi-Fi every

Online connected appliances in our environment is an on-ramp to your network. It gives outsiders access to your information and devices whether it's a Ring Doorbell and Alexa, a smart TV, or anything else. Smart homes are more and more easy targets that that were exploits are now being aimed and we're seeing more and more network hacks taking place.

How can a hacks be prevented?

It starts with the individual this technology is moving forward and advancing just incredibly the protection the technology the defensive technology that's taking care of itself. Again, it keeps getting better, cheaper, and easier. That's what technology does, but to protect we have to have people that are aware that are engaged, and they can begin to what we call think-critically about these matters because honestly even in just 6 to 12 months there will be hacks and exploits we can't even dream up today. You've got to be prepared on your own two feet to think about these things and our job honestly is not to sell technology solutions. Our job is to work with people to bring this best-in-class technology into their everyday lives and we act as coaches more than anything because when you begin to use these things and you begin to work with us, your awareness level will spike your questions will become greater.

Or you'll have more enthusiasm and confidence around the matter and that's what prevents these unfortunate events from taking place.

Thanks, Brad. So what's the benefit of total digital security versus like a Norton Antivirus or one of the other antivirus softwares? That's a great question. We get it all the time. Norton McAfee semantic the retail versions, you know, there are essentially giving up to have all of the operations on your device to not have a managed network security operations center where it's real-time responding with advanced intelligence, advanced software constantly calibrating.

Good question here. How do you ensure clients aren't fooled by social engineering and maybe some of the educational element a great, great question because really that's the risk, right? And so what we have the way that we do that you can't, you know, you can't eliminate it. But what you can do is work with people equip them with these solutions in what happens immediately when people start using these services and start talking to me or Diane or anybody else with your organization is

If they start to ask really good questions, which to us means? Oh, they're getting it. We call them probing questions. It means their critical thinking skills are going up and they become much more aware and much more discriminating about their activities about what they see. They know if they have a question and they're just not sure they always have somebody to call so the social engineering element becomes much more difficult and that is an element that's becoming more and more sophisticated.

 

Share:

Subscribe Here!

 

Includes the monthly CyberAdvisor Letter.

 


 

calendar_icon

Calendar of Cybersecurity Education and Speaking Events

 

Recent Posts