How Small Business Was Gifted a $25 M Canary in the Coal Mine

Read Time: 4 Minutes

Welcome to Your Tech Suite's weekly newsletter where we provide news, tips, and guidance on improving the technology posture in your startup or SMB. A holistic technical C-Suite... for the rest of us.

This Week's TLDR

• $25 million deepfake scam highlights a critical juncture where science fiction meets science fact.
• Businesses need to reevaluate their cybersecurity posture given the rise in sophistication.
• Information Security needs to become a two pronged approach where prevention and mitigation go hand in hand.
• Google's Gemini, Changes at Mozilla, FCC Rulings, 2023 Ransomeware is big bucks

The Canary in the Coal Mine

In my younger days (and frankly, still today), I'm captivated by science fiction movies like Star Wars, Star Trek, and everything in between.

This week, however, I'm reminded of the Arnold Schwarzenegger movie Total Recall, where Arnold's character heads to Mars and his realistic robotic face mask malfunctions, revealing an enraged Arnold behind what appeared to be a benign old lady's face.

This week witnessed a very public and costly intersection of science fiction and science fact... without the malfunction.

In case you missed it: a Hong Kong-based company was defrauded of $25 million through a sophisticated deepfake scam.

The perpetrators crafted a dynamic deepfake of the company’s CFO and used it in real-time on a Zoom video call to convince a financial controller to transfer $25 million in funds.

This event should serve as a stark reminder that the realms once considered the domain of science fiction are increasingly becoming our reality.

These types of attacks are not just tales of technological advancement; they represent a call to businesses.

Cybercrime is advancing in both sophistication and audacity.

Observing the evolution of scams, the escalation of social engineering, targeted phishing, and AI utilization, I'm reminded of David O. Adeife’s words:

Never innovate to compete, innovate to change the rules of the game.

The Truth About What You Want in Cybersecurity

Consider the challenges you face as a business owner, investor, founder, or leader; securing data integrity, personal identities, and corporate secrets requires navigating beyond the realm of easy.

We passed "easy" a while ago.

The Hong Kong attack leveraged publicly available information along with audio and visual public data about the CFO.

Simplicity is now far behind us. If you're committed to ensuring your business's security, you must be prepared to invest in advanced cybersecurity measures.

As your business accelerates and further integrates digital communication, it's imperative to establish safeguards against phishing, spoofing, and the evolving threat of deepfakes.

Aiming to protect corporate identity? Brace yourself for rigorous verification processes for every digital interaction... and the inevitable frustrations from your users.

Remember, these measures are to combat the threats we know of today. Information security can no longer be an afterthought; your business requires dedicated personnel who are not only safeguarding against the present but are also anticipatory of future threats.

And if your business doesn't have these people... either hire them or contract with a vendor who has them.

The Fight of Your Business' Life

Don't perceive the $25 million deepfake scam as merely a cautionary tale; it should be a mobilizing war cry. Watching Total Recall, I never imagined advising businesses on combatting AI-generated avatars of their personnel that act, sound, and behave like the real thing.

AI brings immense benefits, but the battle against technologies like deepfakes are not fleeting. This is an all-out war. Whether you're prepared or not, whether it's fair or not, your business is on the front lines.

So how should you approach combating this cybercrime?

Start with your people. Ensure ongoing security awareness training that includes the newer types of attacks and technologies being used. Your people are always going to be your biggest asset and your biggest liability.

Train them well.

Employ MFA, corporate code words around data and financial transactions. Trust but verify.

Embrace innovative cybersecurity solutions. Globally we have a 3 million person gap in the security professional sector.

Businesses must turn to cutting-edge technologies that are being developed to thwart these advanced threats. Utilize biometrics, communication patterns and coding, and internally developed process to validate and verify.

We all have to get into the business of cyber innovation and adaptation. Build relationships with your partners so as new attack strategies start to show up, your working with people and vendors who can evolve with you.

Resiliency

The final component that is important will be your company's ability to bounce back and survive.

In the words of Liam Neeson...

The Next Part is Very Important. They're Going to Take You.

The cyber criminals are well funded, highly organized, and have significant people resources to continue to escalate these attacks. Sooner or later, you're going to be targeted.

The $25 million deepfake scam is indeed a canary in coal mine for cybersecurity but also for the day after.

How will you handle the next successful attack on your business?

Does your team have a plan? Do they drill and practice their response to cyber situations?

Put a plan in place so when you're CRM goes down, you can't access your client data, or your accounting system can't send bills; you have processes and a team that has practiced carrying out methodical business continuity.

Deliberate practice so they can think as it happens.

Mike knew...

Everyone has a plan until they get punched in the mouth

News

Big news in the regulatory world, the FCC has ruled that AI-Generated Voices in Robocalls are Illegal.

Excited to hear that Firefox (Mozilla) is doubling down data privacy and security. As part of that move, Mitchell Baker is going to be stepping down as CEO to step into AI and Internet safety.

Google's ChatGPT counterpart, Bard, is being rebranded to Gemini as it move's closer to general availability. A future of a $20 per month package as Google looks to solve its growing search problem.

Ransomware in 2023 is still a strong revenue driver for the seedy underbelly of the internet. Payments topped a new high of $1.1 billion according to Chainalysis report.

YTS Weekly Recommendation

This week's recommendation is the Cybersecurity Blueprint Email Course YTS offers for free! If you are limited in your resources or need a place to start, this is the course for you.

And did we mention its free! Get it here -> https://yourtechsuite.ck.page/cybersecurity-newsletter​

Say Hi on LinkedIn, Twitter/X, & Instagram​

Did someone send you this awesome email? Subscribe Here​

Need additional help? Reach out to the YTS Team!

PO BOX 2103 220 S Wilcox St., Castle Rock, CO 80108
​Unsubscribe · Preferences​