How to Engage in the Fight Against Cyber Threats
Gary M. Shiffman
Economist ? 2x Artificial Intelligence company co-founder ? Writer
Last week at the amazingly successful American Bankers Association (ABA) Risk and Compliance Virtual (RCV) Conference, I suggested we think about cyber threats in terms familiar to compliance and risk professionals so that we can develop concrete plans to engage in the fight. Too often, “cyber” sounds like the domain of hackers and malware experts, when in fact, the call to action in cybersecurity should lead with: no coding experience needed.
Think of cyberspace as a massive and global domain for human interaction -- technology-enabled human interaction. Cybercriminals take actions these days in collaboration with others, and they coordinate via online markets. I used a few examples such as cryptocurrency and bullet-proof hosting, which enable non-technical people to engage actions where they want to use technology to avoid law enforcement. I also pointed out the role of the cash-out specialist: the human who opens bank accounts and enables money mules to convert crime to cash. Today’s criminals simply rent the needed tech skills in a tremendously deep and global market, to capitalize on vulnerabilities.
Take the example of Ray Hushpuppi, an Instagram influencer who regularly posted about his Rolls Royces and designer watches and clothing to more than 2 million followers. Hushpuppi allegedly specialized in cash-out services.
When building plans to combat cyber threats, remember Hushpuppi. Improve screening, resolve identities, and audit behaviors. Use technology to screen wider and deeper. Provide a reason for the new, non-technical cybercriminal to back out of the market. That’s how risk and compliance professionals fight cyber threats.
Corporate Security and Risk
4 年It was a great session.
Award-winning Global CIO & CTO | Innovator | Team Builder | Engineering | Infrastructure | Artificial Intelligence | Technology Risk Management | Financial Services | Board member
4 年As recently heard at a virtual conference #covid is just another point on an existing social #threat vector in #cybersecurity.