Cyber 3-2-1: Making Cybersecurity as simple as 3-2-1.

This week: What are the cybersecurity lessons from Russia’s invasion of Ukraine, why a small business paid a $150k ransom, and why you can no longer trust a phone call.

PS This week, I’m trying out a new, shorter format for Cyber 3-2-1. Why? Because many subscribers tell me they love the Friday email.. but they don’t read every edition as they don’t have the time. The last thing I want to do is add more ‘to do’s to your inbox, so Cyber 3-2-1 is now a shorter countdown of 3 interesting topics that I’ve read about during the week. Let me know what you think of the new format.

To listen to Cyber 3-2-1 and a roundup of my other articles this week: All episodes are accessible from or wherever you get your podcasts.


3. Russia’s invasion of Ukraine has taught us many cybersecurity lessons

An article in The Washington Post (and shared by Secure The Village) describes how the ongoing war in Ukraine has played out in cyberspace.

Companies such as Microsoft, Google, and Cloudflare have been praised for their work to spot unusual behaviour and block attacks before any significant damage is caused. Starlink, a satellite broadband system developed by an Elon Musk company, also preserved online access for people in Ukraine when Russian attackers cut optical fibre cables. And previous attacks by Russia on Ukraine’s power systems in 2016 enabled Ukraine to know how to block similar attacks launched in 2022. Apparently, governments are now using lessons learned in Ukraine to strengthen their own cyber defence.

As the article states, Ukraine’s resilience shows that “doing the basics is better than doing nothing”.


2. Why would a small business pay a $150,000 ransomware demand?

This short video from TechRepublic is an interview (recorded in 2021) with the CFO of a small business that was the victim of a ransomware attack. The firm (which had 8 PCs and about 30 staff) had no way to recover without paying a ransom of USD $150k. The attack only impacted 8 PCs. But unfortunately, these 8 PCs controlled machinery on the factory floor, so it meant 30 staff members were unable to do their job. The firm engaged their cyber insurance provider, who brought in a specialist team to negotiate the ransom demand from $400k to $150k. The CFO knows it’s strange but he is grateful that the firm was attacked by a ‘reliable’ cyber gang, as he was told that many other gangs may not have helped him recover his systems.

The key question for you – Would your organisation be able to pay $150-200k for an unexpected event within a matter of days? If not, I think it’s time you looked at your security defences and lined up cyber insurance cover as soon as possible.


1. AI-powered Voice Replication

AI (Artificial Intelligence) is the big news story of 2023. AI-powered Voice may be the big cybersecurity news story of 2023.

This article on Vice (and shared by Grugq) shows how an AI-powered replica of a voice was used to fool a bank’s voice verification system. Apparently, “this sort of voice replication can be completed without ever needing to interact with the person in real life”.

This article on ScamBusters describes how there have even been cases of AI voice replication being used to fool parents into thinking they are speaking to their own child on the phone, who ‘tells’ them that they have been kidnapped and they must pay a ransom to get them released.

I can think of one way to test whether the caller is really who they say they are – Ask the caller something that only you and they would know.

If it was my son, I would ask ‘Did you tidy your room before you left the house?’.

If the caller says ‘yes’, then I’d know it’s not my son.