Webinar – Cybersecurity Threats and How to Combat Them

It was our recent pleasure to host speaker, Brian Walsh, Senior Engagement Manager of Digital Forensics and Incident Response with At-Bay, as he spoke about the current landscape of the cyber world. The unfortunate news is that cybercrime has skyrocketed in the last few years from only a few hundred million dollars of reported incidents, to several billion dollars. The current trend doesn’t show signs of slowing down, either. We must now contend with the current reality – bad actors are out there and they want to separate us from our money.

Coincidentally, following Brian’s presentation, we learned AT&T became the victim of a major digital breach that compromised social security numbers and other personal data of 73 million former and current customers.

It’s hard not to feel a general apathy in the face of such a monumental event. The data is out there… so what? If it wasn’t AT&T, it was Target, or Home Depot, or Yahoo!, or Facebook. You get a new letter every few months from a company promising that they will “do better” and offer to pay for credit monitoring for the next year or two. Just because you don’t get targeted immediately following a data breach, doesn’t mean that you’re in the clear.

We should aII reject the notion that “lt won’t happen to me,” or perhaps even worse, “l’II recognize a cybercriminaI when they send a phishing emaiI.” They are getting harder to recognize. ln fact, if you didn’t notice that my capital i’s and lower case L’s are swapped in this paragraph, you might not notice it in a faked email address or website link. (See for yourseIf, if you copy and paste this paragraph into a word document, it has a few typos).

Remain vigilant – our digital lives (and by extension, our financial lives) are on the line.

So how can you protect yourself against cybercriminals?

As Brian shared during the presentation, we need to bolster our cyber defenses:

Use Better Passwords

First, strong AND unique passwords are a must. Password, 1234, hello24, [last name]2024, don’t cut it in today’s environment. Furthermore, you can have an extremely secure password, but if you reuse it for multiple websites, if one account becomes compromised, then they all are.

Password vaults (1Password, LastPass, ProtonPass, Bitwarden, and many more) make the process of updating and maintaining passwords as painless as can be. You memorize one password (or a passphrase, such as IHateMemorizingNewPasswordsEvery6Months!), and then you can access your passwords for all other websites. Updating passwords regularly is an important practice, as some data breaches are not announced until long after the data has been compromised.

Opt-in to multi-factor authentication

We can further bolster our defenses with multi-factor authentication (MFA) apps such as Duo, Google Authenticator, Aegis, and many more. These MFA’s offer the ability to generate a unique 6-digit token when trying to access any website. You can also have a code sent to you by text message if you do not have a phone app. This means that even if someone were to get your username and password, they would still not be able to access your account without also having a unique code you receive on your phone.

Prioritize accounts to fortify

It is also important to recognize not all accounts have equal value. Your private email address should have extensive fortifications because if that is compromised, the bad actor can reset passwords to your other services. Your old Myspace account, however cool as it may be, doesn’t have as much value, digitally-speaking as your bank account. If you’re not going to take the time to update all of your passwords, at least update the most important accounts.

Be aware of our own social engineering weak points

Often, in the digital world, the weakest link is the human one. Why try to crack a password when a good phishing email and a legitimate looking website can get a human being to just hand their credentials over?

Additionally, human beings crave connection, which is something we all lost through COVID. Human nature is to be nice. However, nefarious actors can exploit this. Romance Scams and Pig Butchering Schemes are two types of growing crimes in the cybersecurity world.

Both start with initiating some kind of contact with a participant, getting to know them better, and once trust has been established, conveying a need for money. Maybe they are traveling abroad, were robbed, and need $1,000 wired to them to get back home. Maybe their child needs an operation, and it is going to be $10,000. Maybe they have an inside tip for a new cryptocurrency and want to help us invest $100,000. The stories tug at us, as we want to foster this connection with our new online friend.

Verify signs of a scam

The answer, thankfully, is not to become Scrooge and cast out all emotional connections in our lives. Quite the contrary, we can lean into our non-digital connections and ask for an objective opinion. Phone a friend, relative, or trusted contact before acting. Ask them if the situation you’re facing sounds legitimate.

In the world of cybersecurity, knowing that we can become victims also provides an acute awareness to ask ourselves some critical questions:

1. Is this request urgent? Cybercriminals want you to act fast.
2. Do I know this person? Cybercriminals will NEVER want to meet you in person.
3. Should I really send money?
4. Is this too good to be true?
5. Can I verify this is true? This is where you can call someone you know for an objective assessment.
6. Did I expect this? Don’t click on links or respond to messages if you weren’t expecting them from someone else.

What happens if you become a victim?

We all make mistakes, and there may come a time where were we become a victim of a cybercrime. Sometimes a moment of clarity comes after an event, and you realize that you gave away a password, send some money, or something else. The sooner you contact someone for help, the greater the likelihood that you will be able to mitigate damage. Don’t let shame or embarrassment stop you from reporting an incident.

This is far from an exhaustive post of all the things that we can do to protect ourselves online, but we are so thankful for Brian Walsh in donating his time. We hope that you can all be a little safer online, armed with this knowledge.

Additionally, if you or someone you know becomes the victim of a cybercrime, please report it to the FBI’s Internet Crime Complaint Center (IC3) at www.IC3.gov.

The information provided herein is for educational purposes only, and should not be construed as advice, including, but not limited to tax, legal, insurance, investment, or retirement advice. For your specific planning needs, please seek the advice of Integris Wealth Management, your tax accountant, attorney, insurance agent, or other professional as appropriate. Investing involves the risk of loss.

BRIAN WALSH, CISSP

Senior Engagement Manager – Digital Forensics and Incident Response at At-Bay

Brian Walsh is a Senior Incident Response Engagement Manager, security architect, analytical investigator, whose actions result in threat mitigation, threat disruption, operational impact, and business continuation.

As a former FBI Special Agent with over 19 years of career experience, he has conducted and managed complex and sophisticated investigations of Cyber Intrusions and Business Email Compromises, among other cybercrimes.

All courtesy of LinkedIn