Cybersecurity Without Insanity? It could be as simple as 3 – 2 – 1…
This week: Deepfakes are going mainstream, UK law firms have been warned about an increase in cyber attacks, and Irish SMEs need to close their front doors.
3 – You may be the next porn star
Cyber criminals are using photos and videos posted on social media to generate fake sexually-explicit content, and using these fakes to harass or coerce victims into paying them to take the content offline.
This is according to a recent Public Service Announcement by the FBI. According to the FBI, “technology advancements are continuously improving the quality, customizability, and accessibility of artificial intelligence (AI)-enabled content creation. The FBI continues to receive reports from victims, including minor children and non-consenting adults, whose photos or videos were altered into explicit content. The photos or videos are then publicly circulated on social media or pornographic websites, for the purpose of harassing victims or sextortion schemes. [..] Malicious actors have used manipulated photos or videos with the purpose of extorting victims for ransom or to gain compliance for other demands (e.g., sending nude photos).”
Key takeaway: In this brave new world, we can’t believe (everything) anything we see or hear online. All of us are going to have become far more cynical.
2 – Law firms need to upgrade their security defences
Law firms in Britain have been warned [by the UK’s NCSC] to upgrade their cyber defences after a number of ransomware attacks that led to sensitive and potentially legally privileged information being stolen by criminals and published online.
According to a recent report in The Record, one firm “was fined £98,000 by the Information Commissioner’s Office (ICO) for “negligent security practices” after it was deemed likely the criminals [who had successfully attacked the firm] had penetrated the firm’s network through a publicly
known system vulnerability in software that hadn’t had the patch applied for five months. The ICO particularly criticized the firm for its lack of multi-factor authentication and the failure to encrypt stored personal data and legal bundles, as well as for running Windows 7 past its support date.”
Key takeaway: I’ve helped a number of legal practices and I know solicitors are focused on doing good work for their clients. But there’s no avoiding the fact that this good work now includes the need for good security.
1 – Most Irish businesses lack awareness of what ‘good’ cyber security looks like
Only 20% of Irish SMEs are “very aware of the specific measures or tools required to protect their data”.
This is according to a survey by iReach Insights on behalf of Google, and recently reported in Tech Central. Other findings include:
- 46% do not regularly back up data
- 47% do not ensure software is updated
- 47% do not use Multi-Factor Authentication
- 62% do not ensure employees receive regular / annual security awareness training
- 72% do not have an incident response plan.
Key takeaway: Most cyber attacks are not sophisticated. They do not need to be, as the majority of businesses are leaving their front doors wide open and inviting the attackers in for tea. (PS If you want to lock your front door, Google’s You’re The Business includes an informative video on the common scams and key defences. My Secure Foundation also explains the 10 key things that you should focus on. If you do not have the time or interest to do this yourself, I can help.)
PS I talk about these news stories, and delve into how to manage cyber risks and regs without losing your sanity, on the “Cybersecurity Without Insanity” podcast.
All episodes are accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.