The Evolution of Cyber Threats and Security was the hot topic of the night as David spoke in front of the Institute of Public Accountants (IPA) Ipswich chapter.
With the Accenture Cost of Cyber Crime Study reporting that over the next 5 years the cost of cybercrime will top USD5.2t it was no wonder that the IPA are keen to educate their members about the importance of cyber security and protecting not only their own business data, but that of their clients as well.
During the presentation, David covered the business of hacking, using the Ransomware-as-a-service consortium GandCrab/REvil as an example
of how hacking has become so organised that victims of the hacking get access to a help desk for payments and a 12 month guarantee
not to be hacked again.
GandCrab/REvil has comeback into focus in recent days, with the highly publicised exploit of vulnerabilities in the software of Kaseya’s VSA tool, used by IT professionals to manage servers, desktops, network devices and printers. GandCrab/REvil, is now holding the data of more than 1,000 businesses to ransom, demanding USD70m in Bitcoin in exchange for a key that could be used to decrypt the files.
GandCrab/REvil's attacks have now become so frequent that U.S. President Joe Biden as ordered U.S. intelligence agencies to investigate the attack on Kaseya's customers for possible connections to the Russian government.
David also covered Social Engineering, a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It is important to note that Social Engineering does not involve Malware at the outset, these attacks are plotted and planned against specific victims.
This video from Cisco highlights the crippling effect Social Engineering can have on an organisation:
Questions from the audience ranged from what are the best Multifactor Authentication (MFA) apps to use (we suggest MYKI, Microsoft Authenticator or Google Authenticator), whether text message or email is better as a secondary authentication method and how to encourage clients to secure their own data, to help with this, the attendees were also armed with our 14 ways to protect your business from a cyber attack handout.
If you are looking for a cyber security speaker for your next industry event drop us a line, we would love to help you out.