This week: As many of you may currently be finalising your income generation strategies for 2024, here’s the Top 3 from the world of cyber crime:

  • A new entry at #3: Using the regulators.
  • Back at #2: Using cyber attacks.
  • But still at #1, for the 1197th week in a row: Using your staff!


3 – Income Generation Strategy #3: Using Regulators

When a victim of a cyber attack failed to pay a ransomware demand, the attackers informed the “U.S. Securities and Exchange Commission (SEC) about [the victim firm not disclosing] a cybersecurity incident that impacted customer data and operational information.”

This is according to a recent report in Bleeping Computer. Apparently, “while many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so”.

So what? The days of firms concealing the fact that data under their control has been accessed by unauthorised individuals may be over. If regulations like GDPR haven’t already forced disclosure, it looks like some cyber attackers will force it.


2 – Income Generation Strategy #2: Using cyber attacks

“The chief operating officer (COO) of a US network security firm has pleaded guilty to compromising the IT systems of two hospitals in order to generate business for his company.”

This is according to a recent report in Info Security Magazine. “His attacks are said to have caused over $800,000 in “financial harm” to the hospitals. [..] Although the former COO could have faced a jail term of up to 10 years, prosecutors are recommending 57 months of home detention/probation due to the fact that [he] has been diagnosed with a rare and incurable form of cancer and a “potentially dangerous vascular condition.”

So what? I wonder which hospital is treating the COO for his illness?


1 – Income Generation Strategy #1: Using your staff

“The most common type of cyber attack occurs when criminals tap into business email systems, intercept an invoice and change the bank details [..] Some of the easiest ways to avoid attacks are to implement multi-factor authentication”

This is according to a quote from the Australian Small Business and Family Enterprise Ombudsman in The Canberra Times (and shared by Risky Business News). The Australian government has launched a new cyber health check program for small and medium businesses, allowing them to undertake a free assessment of their security measures.

So what? Most attacks are not sophisticated, and most organisations shouldn’t focus on James Bond. They should focus on Jim The Burglar fooling one of their staff into transferring money into Jim’s bank account.