Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action.
This week: How a framework like NIST CSF or CIS Controls can turbo-charge your security efforts, how our teenagers are ending up with convictions for money laundering and supporting terrorism, and how the FBI fooled 800 criminals into telling them all about their drug deals and other criminal activities.
This week’s action: Tell your family to protect their bank accounts.
1: You can’t detect what you can’t see. A standardized framework could give you 20/20 vision
This article provides a useful insight into how organisations can move from a ‘sky is falling’ reactive response to proactive identification and containment of attacks. It also describes the benefits of aligning to a recognised cybersecurity framework. The article mentions the CIS Controls, but NIST CSF is also a valuable reference. I’ve also written about the pros and cons of Cyber Essentials in the past. Alignment to these frameworks will certainly uplift your security defences. They will also demonstrate to your clients, prospects and regulator that you have appropriate security measures in place. Managing the risk is one thing – Proving it is another.
“That call for a weekend war room is an experience that no CISO and their team want [..] Gaining visibility of threats and vulnerabilities is not easy, but it is fundamental. Can you see everything in the environment? Because if you cannot see it, you cannot react to it; if you cannot see it, you cannot mitigate it; if you can’t see it, you can’t plan for it. [..] The best security operations centers that confront security incidents often make use of a standardized framework that helps to define what security responses are needed [..] In fact, almost every significant cybersecurity incident—certainly that an organization like the FBI investigates—shows some kind of violation of the critical controls [defined in a standardized framework]”.
2: Yes, another article about ransomware. But this one is in plain English.
I know, you’re all sick of hearing about ransomware. But, but, but.. This article is an easy-read and explains why we’re hearing so much about these attacks now.
Ransomware is now “a pandemic of a different variety [..] with hackers taking advantage of lax security measures for an easy payday. [..] Many experts still think that the worst may be ahead of us [..] [Ransomware] is relatively easy to execute: The most common tactics involve using software to get around security holes, or tricking users into downloading malware by pretending to be a source they trust. [..] Attacks happen for one reason and one reason only: They are profitable. If you make them unprofitable, the attacks will stop. [..] Following the money remains one of the most basic, yet powerful tools we have”.
3: How the younger generation are using their bank accounts today to limit their options tomorrow
The previous article leads us nicely into this article. Cyber criminals eventually need bank accounts if they want to convert the proceeds of their crime into real cash. And they frequently use the bank accounts of our family members. So, spread the word: Allowing someone else to use your bank account today is an effective way to limit your options tomorrow.
“Ciara handed him her [bank] card. [A year later], Ciara stood nervously before a judge in Dublin District Court and pleaded guilty to two counts of money laundering”.
“In Kerry, gardaí recently uncovered a network of 51 suspected money mules when they raided the home of an 18-year-old [..] The youngest was 16, most were in their late teens or early 20s and the oldest was 24”.
“All face possible convictions under the Money Laundering and Terrorist Financing Act.”
“It is one of the worst convictions they can have, because they are prosecuted under the Money Laundering and Terrorist Financing Act. It means you won’t get a visa to the US. You won’t get a visa to Canada. You will not pass vetting tests. You will not be allowed to be the treasurer of your local GAA club. You won’t get a job with a bank or a financial institution. Your credit rating will be impacted, which will impact on getting mortgages or loans. You are destroying your future with these convictions”.
An estimated 1,000 people in nearly every county in Ireland, mostly aged between 16 to early 20s, who are currently being investigated by Gardai for laundering money for criminals, with many recruited via Snapchat or social media. All face possible convictions under the Money Laundering and Terrorist Financing Act.
More than 800 suspected criminals in 18 countries have been arrested after being tricked into using an FBI-run encrypted messaging app, which allowed police to monitor their chats about drug smuggling, money laundering and murder plots.
Read more: https://www.bbc.com/news/world-57394831
ONE ACTION – If you do only one ‘cybersecurity’ thing this week, do this.
1: Spread the word: Don’t share your bank account
There are over 1000 young people in Ireland currently being investigated for money laundering offences. This is probably a small percentage of the total number involved in similar activity. I think it is reasonable to assume the majority are not active criminals – They are tempted into this by ‘easy money’. We all need to make sure we tell our family members and their friends that allowing someone else to use their bank account is easy, but it will make things very difficult for them in the future.