• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

Cyber Crime Threats Run the Gamut from Personal to Geo-Political

I recently spoke at a major US financial services firm in the mid west to a large employee audience about a wide variety of cyber security issues. As I was prepping my slides, I noticed that some of the issues we’re dealing with are highly personal, like having your social network account hacked (as has happened to 1 in 6 online adults according to the 2012 Norton Cybercrime Report). And others, like Stuxnet, the malware attack that took the Iranian nuclear facility offline, are the acts of one government (or two) against another.  So the gamut of topics feels wider than ever. I worried that the audience might not be as interested in the big scary international espionage stuff but I was wrong.

Cyber security audiences sometimes treat the lecture like a Halloween haunted house. We really love the thrill of being scared, especially if it involves something so big, it’s not likely to directly impact us. People were “oohing” and “aahing” over the stories of malware infected memory sticks used to infiltrate the Iranian facility. The idea that some poor nuclear engineer might have inadvertently brought the malware into the site, clicked a Windows icon to set it off, all without realizing what he’d done gave people the chills. When our conversation turned to describing the type of phishing threat known as spear-phishing though, people acquired sober expressions and were taking many notes. That’s because in a spear-phishing attack, the individual employee is as likely to be targeted as a more visible, senior level executive. To a cyber criminal, your role doesn’t really matter, as long as your inbox is connected to the company network. They just need one person to click a link or open an infected attachment to drop their malicious payload into the system, where it can go off looking for financial information of value.  

Internet Security: Protect the Personal; Defend the Workplace from Marian Merritt

My overall presentation included information about the most common social network attacks (“click jacking”); the impact of data breaches; and the importance of a good password manager program.

I’ve included the slides I used for the presentation here but if you visit over at www.slideshare.net/marianmerritt you can download the slides and they include my speaker notes.

Remember to Stop.Think.Connect. 

Comments

Kudos0

I have heard that Stuxnet was a joint effort by Hackers in the U.S., and in Israel working together to shutdown the Iranian nuclear facilities.  There wasn't that much about Stuxnet online compared to other major cybercrimes, and from what I can tell people thought it was a new movie, or even a videogame.

What about the Wikileaks exposure a short time back?  That was started because a person inside the U.S. sent classified information to a public source.  If the U.S. has its own people sending classified information to public sources, then how can people in this country have any hope of being safe while online?  The hacking group Anonymous uses this to help get support for themselves.  It wouldn't surprise me that when the leader of Anonymous finally gets arrested that it would have been someone inside of one our intelligence agencies.

However, it would surprise me that the mastermind behind Anonymous is just a kid in comparison by her/his age.  Then again, since I have thought of it, then it wouldn't surprise me.