ICYMI: 3 Cyber Must-Reads for CISOs and Business Leaders This Weekend
This collection of award-winning articles from Focal Point spotlights a lesser-known but costlier threat than ransomware, an elusive group of hackers making a comeback, and a boardroom strategy that can boost a CISO’s profile (and budget).
Don’t believe what they say about yesterday’s news: Sometimes it can remain vital long after it first made headlines.
Like our three Focal Point stories that won Tabbie Awards in the 20th annual international editorial and design competition for business-to-business (B2B) publications, hosted by Trade, Association, and Business Publications International (TABPI). Focal Point is one of 13 publications—a diverse group that includes McKinsey Global Publishing, Computerworld, and Global Cannabis Times—that received three or more awards earlier this month, among hundreds of entries from around the world published in 2022.
Our winning stories are still highly relevant to current cybersecurity discussions, and in some respects, they’re even more pertinent now.
Consider our investigation of teenage hackers, inspired by last year’s cyberattack on Uber committed by a 17-year-old linked to the notorious (and notoriously young) cyber gang Lapsus$. Just this month, the U.S. Department of Homeland Security (DHS) released its Cyber Safety Review Board (CSRB) report on Lapsus$ activities, outlining how group members—many of them teens—have been able to thwart a surprising number of well-resourced organizations in recent years using rather simple techniques. The report spells out 10 recommendations, several of which are covered in our article, that enterprises can (and should) deploy now to bolster their cyber defenses.
As DHS Secretary Alejandro Mayorkas noted, “The CSRB’s findings are not only timely; they are actionable.”
The same can be said for the recommendations in the following three articles, which offer expert guidance from chief information security officers (CISOs), CEOs, security analysts, and bug bounty hunters. And, hey, we’ve got a three-day weekend coming up. So if you’ve staked out some primo hammock or chaise time, we suggest you bookmark this page and click back when you’ve got your feet up. Or better yet—click through now and get a head start. You’ll snooze better this weekend knowing how to make your organization more secure.
Business email compromise—the stealth threat
THE AWARD: 2023 Technical Article—Bronze
WHY IT’S RELEVANT TODAY: This article brings to light a well-documented yet still little-known fact about cybercrime: Ransomware, which hogs much of the media spotlight, pales in comparison to business email compromise (BEC) attacks, which have been around longer, prove far costlier, and are growing in frequency, complexity, and severity.
Sure, ransomware—despite its destructive nature—seems to have a cooler, sexier vibe, whereas “business email compromise” sounds technical, awkward, boring. But this form of phishing is a stealthy bugger, with fake (but convincing) emails slipping into unsuspecting employees’ inboxes and wreaking havoc. Typical scams involve hackers who pose as vendors submitting invoices, or C-suite execs requesting wire transfers. Employees—typically overworked, under-resourced, and cyber-naïve—too often comply.
The FBI’s 2022 Internet Crime Report, released in the spring, clocked nearly 22,000 BEC complaints last year, with adjusted losses totaling more than $2.7 billion.
Getting the word out about such scams is imperative, as the best defense against BEC is an informed, committed workforce trained to spot these fake messages.
[Read on: Why business email compromise costs companies more than ransomware attacks]
Talk therapy for CISOs pays off
THE AWARD: 2023 How-To Article—Bronze
WHY IT’S RELEVANT TODAY: Designed for CISOs but useful for anyone who engages with the C-suite, this article breaks down the art of persuasive presentation-giving into three basic steps. Ditching jargony cyberspeak is a big part of step one.
To convince CEOs of just about anything, you need to not only think like C-suite execs but also talk their language. That means front-loading numbers and the bottom line. We plot that course step by step by step, using charts and data from an executive survey on communication by Harvard Business Review Analytic Services, sponsored by Tanium (which publishes this magazine).
Doctors generally don’t get taught bedside-manner skills in med school, and CISO certifications never address how to talk to the people who write the checks and set the rules. They should; such skills are vital.
[Read on: How CISOs can talk cyber risk so that CEOs actually listen]
Teen hackers are back* and tough to predict
THE AWARD: 2023 Feature Article (Top 25 Issues)—4th Place, Honorable Mention
WHY IT’S RELEVANT TODAY: Teen hackers—the subject seems almost quaint given today’s preoccupation with elite cyber gangs and criminal operatives working with direct (or indirect) consent and consideration of nation-states. Yet the teen hacker is still out there and, in some ways, more elusive.
The CSRB’s findings [on the teen-heavy cyber gang Lapsus$] are not only timely; they are actionable.
What drives him (it’s usually a him, though female cybercrime is on the rise) is not money or power—areas that defensive strategists are familiar with. It’s bragging rights.
Our article, which came in fourth out of TABPI’s top 25 finalists, posted before ChatGPT became a household name. Since then, artificial intelligence (AI) has exploded—and a lot of tech experts are worried. AI-powered chatbots like ChatGPT that lower the bar and allow less-experienced individuals to carry out cyberattacks will only elevate the impact of teenage hackers. Last year, the Focal Point team felt we’d forgotten about this demographic, who dominated the world of cyberattacks in the earliest days of the internet. It was (and is) time to remember what makes them tick.
[Read on: Inside the mind of the elusive teenage hacker]
* Teen hackers are like IT help desk tickets—no matter how good you are, they never really go away.