Food for Thought
It’s March, which means Savannah is gearing up for another St. Patrick’s Day celebration. This year will mark the parade’s 200th anniversary. Between that and Infinity turning 25 later this year, I couldn’t help thinking about where we are and where we’ve been in terms of technology.
200 years ago, cybersecurity wasn’t a factor at all. Innovations at the time include Rev. Professor William Buckland being the first person to describe a dinosaur in a scientific journal and Louis Braille developing the 6-dot reading code, Braille. But 1824 was the year silicon was discovered.
20 years ago, Facebook was just getting started, and Bluetooth and Skype were all the new-age rage. Cell phones were still a few years away from the creation of the iPhone, and there were no streaming services, only DVDs sent through the mail. Daily email traffic was estimated at 77 billion, with 83% of that being corporate emails.
2 years ago, everyone seemed to be talking about the metaverse, and the Internet of Things (IoT) really started to change our homes and lives. AI was about to explode publicly with the release of ChatGPT at the end of that year. And an estimated 333 billion emails were sent daily with nearly 49% of them identified as spam.
Depending on who you ask, it feels like the world is changing at a faster rate than ever before. If you’re like me, that’s both really exciting and very challenging. So the point here is not to have a history lesson, but to take a breath when things seem overwhelming.
Change is constant. And we will continue to adapt to the threats as they arise. As far as cybersecurity, start with the basics and stick with them – strong, unique passwords, enable MFA, and always think before you click. Your awareness, and your team’s, is what will best protect you and your business.
Slam the Scam Day
National “Slam the Scam” Day is designated by Social Security’s Office of the Inspector General to raise awareness of government imposter scams, which continue to spread across the United States. Slam the Scam Day is Thursday, March 7, 2024, as part of National Consumer Protection Week, which takes place this year from March 3-9.
Click on the image to get the Social Security Administration’s Scam Alert fact sheet pdf.
2023 Reporting Stats to Know
Various reports and studies have recently come out analyzing full year 2023 data:
77% Increase in reported data compromises affecting US organizations. 1801 in 2022 compared to 3205 in 2023.
– Identity Theft Resource Center’s 2023 Annual Data Breach Report
276% surge in email-delivered malware between January and December 2023.
– VIPRE Security Group’s Annual Email Threat Landscape Research
“When you take a look at the kinds of [email] threats we’re seeing today, a lot of them are preventable. It just takes the right tools, but most companies don’t know they exist because email doesn’t always get the same kind of security attention as the rest of the network. Unfortunately, threat actors know this,” said Usman Choudhary, Chief Product Officer and General Manager, VIPRE Security Group.
Only 7% of companies can recover data and restore their business processes within 1-3 days after a ransomware attack.
79% said their company had been the ‘victim of a ransomware attack’ between June and December 2023.
9 in 10 said their organization had paid a ransom in the prior 2 years, despite 84% saying their company had a ‘do not pay’ policy
– Cohesity survey of IT and Security decision makers
“Organizations can’t control the increasing volume, frequency, or sophistication of cyberattacks such as ransomware. What they can control is their cyber resilience, which is the ability to rapidly respond and recover from cyberattacks or IT failures by adopting modern data security capabilities,” said Brian Spanswick, chief information security officer and head of IT, Cohesity. “It is no surprise that the majority of companies have been hit by cyberattacks like ransomware. What is alarming is that 90% have paid a ransom, breaking their ‘do not pay’ policies, and most are willing to pay over 3 million in ransoms because they can’t recover their data and restore business processes or do so fast enough.”
108% increase in Business Email Compromise (BEC) attacks between 2022 and 2023.
QR code attacks target the C-Suite 42 times more than standard employees.
89% of QR code attacks are after your credentials.
SMB companies (specifically organizations with up to 500 employees) are 19 times more likely to receive a QR code attack than the largest enterprises with more than 50,000 employees.
– Abnormal Security H1 2024 threat report.
On Your Radar
As you are probably aware, Quickbooks has some upcoming changes.
They are discontinuing the QuickBooks Desktop 2021 software as of May 31, 2024.
“If you don’t upgrade your QuickBooks Desktop 2021 by May 31, 2024, you won’t have access to live technical support if you run into problems or any of the other Intuit services that can be integrated with QuickBooks Desktop.”
Software reaching its End of Life is a critical security risk that can be planned for and avoided.
In addition, QuickBooks Desktop is planning to stop selling several products to U.S. new subscribers after July 31, 2024.
“Existing subscribers are not impacted by this change. Existing QuickBooks Desktop Plus and Desktop Payroll subscribers can continue to renew their subscriptions after July 31, 2024.”
If you use Quickbooks and have any questions, I recommend reaching out to your Quickbooks account rep or IT partner soon.
Deepfake Quiz
Last month, I shared the Taylor Swift video that scammed people across X, formerly Twitter. A few weeks ago, Bitdefender Labs put out research that analyzed a batch of deepfake videos. They focused on audio deepfakes, known as voice cloning, and how they can spread and be successful on social media. Voice cloning is the process of using AI tools to create synthetic copies of another individual’s voice. The voices generally play over real footage of the given celebrity.
They found the videos were targeted at more than 1 million users in the US and Europe, and at least one of the posts reached over 100,000 people. They noted that the scammers also attempted to bolster credibility by creating “lookalike websites of popular news outlets” like the New York Times and linking the posts to those fraudulent websites.
“We expect that we will see more compelling videos in 2024,” Bitdefender Security Analyst Alina Bizga said. “Sometimes we see really lazy work, but then you do get really, really good pieces of convincing deepfakes out there. So people really need to stay vigilant and double-check everything.”
Look for unnatural lighting, issues with teeth, eyes, or hands, strange mouth movements or blinking, and visual emotion that does not match what is being said.
With those tips in mind, can you identify the AI-generated photos in this group? Answer is below the image.
Answer…
C, D, and F are AI-generated.
