Criminals have found that simply asking for what they want is often more effective and certainly less effort than complicated hacking. The ‘CEO Fraud’ phishing scam involves a faked email from senior management tricking the recipient into transferring money, providing log on details or providing confidential information.
Be aware that this happens, verify the email address and consider the grammar and tone of the request.
At an organisational level, you need to consider this scenario as part of your digital risk management so that everyone (including senior management) is aware and pre-agreed protocols can be developed.
Throwing cheap computer processing power at password guessing is a popular strategy for hackers, sometimes turbo-charged by clues obtained from social media stalking. Good password hygiene may be tedious but it is an essential component of a strong digital risk culture.
The UK’s National Cyber Security Centre has some good, and maybe unexpected, advice here.
A distributed ledger is a form of database that is spread across a number of linked computer devices, made feasible by today’s computing power and interconnectivity. Its best known form is blockchain - the technology behind Bitcoin and other cryptocurrencies.
The linked computers automatically maintain common records and cross-check everything, rejecting any data that is flawed and leading to one single version of the truth, significantly reducing the costs of trust.
This digital technology is likely to find applications in many areas where organisations, individuals and governments transact and an understanding of the risks and opportunities associated with it will be a vital business competency.
USB sticks (memory sticks, thumb drives etc) are a great invention but can be risky. It is thought that the highly destructive Stuxnet computer worm was inserted into Iran's Natanz nuclear facility in 2009/10 by means of a surreptitiously introduced USB stick.
Human curiosity and altruism can drive risky behaviour: researchers at the University of Illinois dropped flash drives across the university campus. 98% of the drives were picked up and somebody opened at least one file on 45% of them.
Being a hacker can be hard work – not welcome news to those already unsuited to a proper job. But you can make their lives easier by making public those little details about your personal life that make an attack sound plausible and hence far more likely to succeed – date of birth, check ins from holiday locations, pet’s names, favourite sports teams, hobbies and interests etc.
Spear-phishing is the name of a targeted form of online or email attack which uses information relevant to the recipient in order to manipulate them into taking action (e.g. handing over credentials, transferring funds or opening files or links).
A heating, ventilation and air-conditioning (HVAC) contractor had access to the Target network in order to remotely monitor instore HVAC systems. Log-on credentials were stolen from the HVAC contractor, probably via malware, and used to gain access to Target’s payment systems.
The attack was estimated to cost Target over $200m plus brand damage and led to the resignation of the CEO and CIO.
Understanding the digital risk exposure of complex modern organisations needs to include their supply chains and other elements of their extended enterprise.
The first cryptocurrency, Bitcoin, was launched in 2009. Cryptocurrency is a form of digital money designed using advanced cryptography to be secure and often anonymous and is stored in online digital wallets.
Unlike fiat currency (like $, £ or €) cryptocurrencies are not regulated or controlled by any bank, government or centralized financial authorities. Instead, the power of distributed ledger technology over the Internet guarantees value and confirms transactions at very low cost.
Cryptocurrency is a new way of storing and spending money which is likely to change business and operating models with associated strategic opportunities and risks
Supervisory control and data acquisition (SCADA) is a commonly used type of industrial control system for controlling and monitoring physical processes such as electricity transmission, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems vital for modern society.
An understanding of these systems and their vulnerabilities, particularly as opportunities arise for additional Internet of Things connectivity and data analysis, is essential for effective risk management.