Todd ‘s story is the discovery of the Business Benefits for Having Security Assessments Done . He noticed that there are some dangerous security predictions of 2023. On a cold, rainy evening, he could see the mist reflecting off the headlights passing by. The shivers ran through his body and up and down his spine.
Slowly, with much more concern than before, he pulled out his iPhone and began to scroll as he made his way through the maze of people, heads down, in the bustle of the city streets. Distracted again he jostled between apps and got to the thread he was searching for.
What do they see coming this year?”, he asked himself in a bewildered, exhausted, and drained mind’s eye. Normally, given his experience and education, he knew what to expect. But after last year, and that fateful day he watched his own PC files turn death white from LOCKBIT Ransomware. He still recalls seeing it live on his triple monitors in real-time.
It was then he realized neither he, nor any one single person, really knows. Really knows what the hell will happen next, where it will come from or what they will do. There were so many unanswered questions.
So much ego had been deflated. So much pain. So much relationship drama at home due to his time spent during long nights and weekends trying to repair and rebuild after that faithful day.
His start-up business, one that was poised to “transform the world” was hanging on by a thread. The P & L was trashed, the VC investor calls went unanswered and the recruitment process for desperately needed new talent was bone dry.
What they hell are they predicting for this coming year? He needed to know.
He finally arrived in line, placed his order, paid--all without speaking to a single human. This is the issue, he realized. Our tech has been pushed out with little, if any, security in mind. Vendors wanting to hawk the latest greatest gadget, keeps him from even needing to speak to a human in their own place of business to buy their product.
He slouched down on the creaky metal chair in the corner of the café. Scrolling he came across the recent Forbes article on Predictions. Much of it was excellent though he was already aware of what it contained. Great insight but it was what he had seen before. “Nothing new” he thought with a sense of relief spilling over.
Then he saw it. It was what he had anxiety over the night before…it was Dark Reading’s “Beyond the Obvious: The Boldest Cybersecurity Predictions for 2023”.
Some of what he saw was irrelevant. At least to him.
For Todd, the goal was to read between-the-lines and get the sense of what was really coming. Security experts from across the globe had compiled their boldest predictions for 2023. From WWIII possibly starting through cyberwarfare, to “bot vs bot” futuristic tech use for the defensive side tactics, it was there he found some food for thought we all need to consider.
Automation. In fact, ChatGPT. Todd had played with it to help create an API he had been stuck on, adjust and apply some code fixes to their site and even help write portions of his son’s senior year term paper. Swiftly and easily. Too easily. While they deployed MFA last year, across the board, he realized it wasn’t enough. Not for 2023. They had discussed biometrics to help protect identities but they tabled it.
The scrolling continued.
He saw "In 2023, fraudsters will devise new ways to hack into accounts, including new ways to spoof biometrics, new ways to create fraudulent identity documents, and new ways to create synthetic identities." — Ricardo Amper, founder and CEO at Incode.
He thought, Deepfake. Biometrics, once stolen could be deadly not only to his brand but for the people whose identities get exposed and exploited. He understood the dangers and the recent FBI warnings of those applying for remote positions at his firm. They implemented and even practiced new policies to address the known risks. It’s the unknown that he knew he remains unclear about.
The scrolling continued.
He saw the prediction of his friend, David Maynor with Cybrary, who claimed, "A person with no programming or security knowledge may accidentally create a destructive, self-propagating worm using an AI chatbot and then accidentally release it on the Internet, causing almost a trillion dollars in damage worldwide." — Cybrary's Maynor.
Now that, was scary. That would change the trajectory. Sad, but true. But that was simply too big for him to worry about. At least for today.
Realizing that his own people could really only recognize a PHISING email due to grammitacl errors or broken English, he returned to his concern over what dangers will result from the use, by those with ill-intent, of ChapGPT.
The scrolling continued.
He saw the next prediction, that "Hackers will use ChatGPT to develop multilingual communications with unsuspecting users in business supply chains. Many of the most notorious cybercriminal gangs and state-sponsored cybercriminals operate in countries like Russia, North Korea, and other foreign countries [which makes them] somewhat easier for end users to detect. This technology can develop written communications in any language, with perfect fluency. It will be very difficult for users to recognize that they are potentially communicating via email with an individual who barely speaks or writes in their language. The damage this technology will cause is almost a certainty." — Adrien Gendre, chief tech & product officer and co-founder at Vade
There’s the issue, he thought. The heart of the risk. ChatGPT is brilliant he understands. He sees the potential good in it. But when leveraged to advance social engineering and ransomware, he knows that they could not possibly mount an adequate defense. After all, they thought they were “all set” before when the ransomware attack nearly bankrupted his firm in 2022.
What to do? His mind raced. He need to get a handle on it. He needed to get his head wrapped around his business.
But the confusion swept over him. Where do I a start? I know I have to s-o-m-e-t-h-i-n-g. But what?
His epiphany came when he boiled down to the main question, how will I know what I need without some vendor just selling me what they have a quota for or overselling me and giving me a sense of false confidence? A BASELINE. A NEW BASELINE. That was it.
He knows that his people are good, smart and work hard, but he also realizes that no matter how much he spends on infrastructure and systems, if he people don’t realize (or care about) how to protect his brand, it’s going to be over soon.
Pushing the chair back, wiping his forehead from the sweat on his brow, he stood up and walked out. Mind spinning.
He also realizes that no matter how much he spends on infrastructure and systems, if he people don’t realize (or care about) how to protect his brand, it’s going to be over soon.
How Would you Help him? What would you recommend?
We sat down with security experts Christian Scott and Travis DeForge and discussed what to do and what businesses need when looking to the future. We discussed the open source resources they have created phenomenal resources and have an excellent approach to the business benefits and ways to communicate the need for security assessments.
Here is a quick video summary: https://youtu.be/6YeEVXxDZRA
Link to video: https://youtu.be/6YeEVXxDZRA
Here the full discussion here: https://www.buzzsprout.com/2014652/12033319
In the story above how would you start? How would you help Todd as a first step?
🙏 If you appreciate content like this... let's Connect 🙏
I'm David Mauro, fortunate to be in a leadership role with a top-rated MSSP All Covered: IT Services from Konica Minolta
📸 creator/host of 🛡Cyber Crime Junkies Podcast🎤🎧🛡 a interview great leaders and spreading cybersecurity best practices so brands can be better protected.
🚘 I will drive you to do more. Always Learning & Sharing.
🔥 I will be a Positive Supporter for you.
🔔Ring Bell on My Profile 🔔 Be first to see future posts.
🎥 @CrimeJunkiesPodcast on YouTube