Welcome to the WEI Tech Exchange Blog

3 Key Takeaways From Cybersecurity Expert, Theresa Payton

Written by Greg LaBrie | Sep 28, 2021 12:45:00 PM

Today’s cybercriminals are better equipped and are utilizing technology that’s more advanced by the day. With the value and importance of data only growing, protecting that data has never been more essential and enterprises need all the help they can get. With this in mind, we recently held a cybersecurity event to share information on key topics including:

  • The best strategies enterprises can use to keep data safe.
  • The anatomy of a hacker.
  • The tools hackers utilize to gain entry to your systems.
  • Cybersecurity predictions for the upcoming year and beyond.

This virtual event, presented in partnership with Cisco, featured Theresa Payton, a legendary figure within the cybersecurity and IT world. Her resume was already impressive, with executive level roles in banking technology, but she made history as the first woman to serve as the CIO of the White House. She currently leads Fortalice Solutions as CEO.

In the article below, we’ll share the top three takeaways from the event that you need to know to effectively combat cybersecurity threats.

1. Web Browsing Is A Minefield

Hacking isn’t as it appears in the movies. Instead of brute forcing your firewalls or other cybersecurity solutions, cybercriminals will exploit any simple way into your digital environment. Many of these opportunities can be as simple as a user clicking on a theoretically safe link.

As shared by Theresa, things like clickbait, fake ads, and chat bots are often utilized by cybercriminals to lead your employees astray. While they may not contain malware or other nefarious programs, the demographic data that’s exposed and tracked once clicked on can be all hackers need to get started.

The ad itself or the advertising company running the ads may be genuine, but bad actors that gain access to that data can take the information gathered, such as operating system, IP address and username, and use it to build social engineering campaigns, fraud campaigns, and other carefully constructed personas to further trick your employees into opening the doors to hackers.

2. Bad Actors Are Using AI To Impersonate Key Players

As previously mentioned, today’s hackers have access to technology far beyond what their predecessors could even dream of. One of the most insidious tools being utilized is AI technology that leverages internet photos and audio to create deepfake profiles.

Deepfakes are synthetic media built using artificial intelligence (AI) to alter the appearance or sound of a piece of media, such as a video or audio recording. In the wrong hands, this technology is being used to create fake user profiles, impersonate employees, and using an executive's 'likeness' to authorize fraudulent bank transfers.

As shared by Theresa during the cybersecurity event: “An international company with international lines of business needed to do a wire transfer to a vendor. The vendor sends a typical message to the CFO, who receives it and waits for the multi-factor authentication. In their case, the authentication is a phone call and voice authorization. CFO receives it [from the CEO] and makes the transfer.”

Unfortunately for this company, it was not the CEO on the phone and the transfer was fraudulent. By utilizing deepfake technology, hackers are creating a world where enterprises cannot trust what they see and hear and must rely on additional security layers, like codewords and separate lines of communication, to keep these incidents from happening.

3. We Have To Work Together To Stand Against Cybercriminals

As more enterprises fall victim to ransomware and large scale incidents wreak havoc (the Colonial Pipeline incident being a perfect example), the cybersecurity community must come together to catch these bad actors.

Many enterprises seek to hide evidence of breaches to save face, but in doing so, they’re making it easier for bad actors to continue on with their actions. Instead, when attacks happen, information regarding it should be shared with the community in general, not just internally or only with law enforcement.

“We need international cooperation… Cybercrime has to be dealt with and we need to have an international accord that says an attack against a private sector company is an attack against all of us and it will not stand,” Theresa said.

Ensure Comprehensive Cybersecurity With WEI & Cisco

Having a trusted technology partner like WEI can help you build the right security foundation with secure tools, such as those found in Cisco’s security portfolio. We can walk you through a cyber-savvy strategy to identify vulnerabilities and take a proactive approach to risk mitigation. Contact WEI today to start a cybersecurity conversation that will deliver the security outcomes your business requires.

 

NEXT STEPS: Lack of visibility across your entire IT estate is often the biggest challenge when it comes to effectively securing your company from intrusion. Cisco can help you spot those vulnerabilities faster with a proactive security strategy. It really comes down to having the right tools AND frequent cybersecurity training for your employees, but let's start at square one and take a look at what's possible when you have full visibility! 

Meet Cisco SecureX in two ways.
Watch the Demo and Read the Solution Brief.