WEBVTT 1 00:00:00.420 --> 00:00:02.370 Matthew Schwartz: Hello and welcome to the Information 2 00:00:02.370 --> 00:00:05.520 Security Media Group Editors' Panel. I'm Matthew Schwartz, 3 00:00:05.550 --> 00:00:10.590 Executive Editor with ISMG. And it is my pleasure to lead the 4 00:00:10.590 --> 00:00:15.390 festivities this week as we bring in a crack team of ISMG 5 00:00:15.390 --> 00:00:21.660 editors to analyze the latest news of the day. Joining me to 6 00:00:21.660 --> 00:00:28.890 discuss this week's news, we have Marianne McGee, Executive 7 00:00:28.890 --> 00:00:31.050 Editor for HealthcareInfoSecurity. 8 00:00:32.040 --> 00:00:33.510 Marianne, thanks for joining us. 9 00:00:33.630 --> 00:00:35.460 Marianne McGee: Thanks for hosting, Matt. 10 00:00:35.880 --> 00:00:38.610 Matthew Schwartz: My pleasure. Next, I want to introduce 11 00:00:38.610 --> 00:00:42.810 Suparna Goswami, Associate Editor for ISMG. Hello, Suparna. 12 00:00:43.560 --> 00:00:45.510 Suparna Goswami: Hi, Matt. Always a pleasure to be part of 13 00:00:45.510 --> 00:00:46.410 this Editors' panel. 14 00:00:46.950 --> 00:00:50.070 Matthew Schwartz: Thank you. And Dan Gunderman is our News Desk 15 00:00:50.070 --> 00:00:52.110 Staff Writer. Dan, welcome. 16 00:00:52.620 --> 00:00:53.910 Dan Gunderman: Thanks, Matt. Thanks for having me on. 17 00:00:53.000 --> 00:00:57.410 Matthew Schwartz: So, working backwards. Dan, where are you 18 00:00:57.410 --> 00:00:59.960 hailing from today in terms of your virtual background? 19 00:01:00.260 --> 00:01:03.350 Dan Gunderman: Well, it is chilly this week again in the 20 00:01:03.350 --> 00:01:06.530 northeast, but there's been signs of spring already so this 21 00:01:06.530 --> 00:01:13.640 is just a very green supple country road somewhere in New 22 00:01:13.640 --> 00:01:16.880 Jersey. So this is, you know, warming us up for spring, I 23 00:01:16.880 --> 00:01:17.180 think. 24 00:01:17.570 --> 00:01:19.880 Matthew Schwartz: I can hear the check from the New Jersey 25 00:01:19.880 --> 00:01:23.810 Tourist Board cashing itself as we speak. Thank you. Suparna, 26 00:01:24.080 --> 00:01:26.690 also featuring some foliage. Where are we today? 27 00:01:27.470 --> 00:01:30.080 Suparna Goswami: Oh, yes. So I crossed a small garden that was 28 00:01:30.080 --> 00:01:33.680 full of mango trees. This picture was taken, I think it's 29 00:01:33.680 --> 00:01:36.650 an old whole picture. So I thought since this is the season 30 00:01:36.650 --> 00:01:41.000 of mangoes, why not put it as my background. Mangoes start from 31 00:01:41.000 --> 00:01:44.930 April, and I was running out of ideas. So this is the time, let 32 00:01:44.930 --> 00:01:47.960 me just put the mango picture as my background. 33 00:01:48.560 --> 00:01:50.600 Matthew Schwartz: Always time for mangoes, if you can have 34 00:01:50.600 --> 00:01:54.380 mangoes. Fantastic. Marianne, I should say Marianne Kolbasuk 35 00:01:54.410 --> 00:01:57.410 McGee. Where are you hailing from today? 36 00:01:58.460 --> 00:02:01.370 Marianne McGee: This is a view outside our back deck. And I 37 00:02:01.370 --> 00:02:05.000 call it my wishful thinking photo because hopefully next 38 00:02:05.000 --> 00:02:07.520 time I take a photo like this, we'll have leaves on the trees 39 00:02:08.720 --> 00:02:10.190 in the winter. Yay! 40 00:02:12.580 --> 00:02:16.540 Matthew Schwartz: Yay for the end of winter. So I obviously 41 00:02:16.540 --> 00:02:21.640 didn't get the greenery or the foliage memo. Here in Dundee, 42 00:02:21.640 --> 00:02:25.090 Scotland, we do have greenery. I was just out, things are 43 00:02:25.090 --> 00:02:28.300 sprouting. They look beautiful. But instead I've gone for this 44 00:02:28.300 --> 00:02:32.350 edgy, urban, I don't know, minimalist sort of concoction 45 00:02:32.350 --> 00:02:35.800 that I've been playing around with. Lttle collage of the V&A - 46 00:02:35.800 --> 00:02:38.470 the Victorian Albert Museum - that we have here in Dundee, 47 00:02:38.470 --> 00:02:43.870 which has some fun edges and angles to it. So I feel like we 48 00:02:43.870 --> 00:02:46.570 should re-record this, but we're just going to keep forging 49 00:02:46.570 --> 00:02:51.850 onward. And maybe you can include me next time? Anyway. So 50 00:02:53.560 --> 00:02:58.870 anything started this week? Dan, you have been covering just a 51 00:02:58.870 --> 00:03:04.120 little bit of major cybersecurity news. Everyone has 52 00:03:04.120 --> 00:03:08.080 been wondering why the cyber attack floodgates haven't 53 00:03:08.110 --> 00:03:13.630 opened. Why Russia hasn't been destroying and disrupting 54 00:03:13.750 --> 00:03:17.770 anything digital in Ukraine and beyond that it can get its hands 55 00:03:17.770 --> 00:03:21.610 on? This week we heard from some White House officials, including 56 00:03:21.640 --> 00:03:26.020 the top White House official, that this might, in fact, still 57 00:03:26.020 --> 00:03:30.400 be on the cards. What are we hearing? What are you seeing? 58 00:03:31.200 --> 00:03:33.840 Dan Gunderman: Yeah, great lead in there. And certainly active 59 00:03:33.840 --> 00:03:37.410 cybersecurity week again, here at the federal level. So, you 60 00:03:37.410 --> 00:03:41.250 know, we just hit about one month of war in Ukraine and 61 00:03:41.250 --> 00:03:44.400 sanctions continue to hamper Russia's grand plan. And, you 62 00:03:44.400 --> 00:03:48.690 know, whatever that is. So the Biden administration, in fact, 63 00:03:48.690 --> 00:03:51.450 the President of National Security Advisor for Cyber and 64 00:03:51.450 --> 00:03:55.740 Emerging Technology, this week came out and warned that the 65 00:03:55.740 --> 00:03:59.460 long feared Russian cyber escalation may yet come to pass, 66 00:03:59.520 --> 00:04:02.820 particularly amid this reeling Russian economy where we've seen 67 00:04:02.820 --> 00:04:06.510 their currency hit all-time lows. And so this is Anne 68 00:04:06.510 --> 00:04:08.760 Neuberger, who sits on Joe Biden's National Security 69 00:04:08.760 --> 00:04:12.060 Council and she told reporters that there's no certainty that 70 00:04:12.060 --> 00:04:14.670 there will be a certain cyber incident on critical 71 00:04:14.670 --> 00:04:17.550 infrastructure, but that this is a call to action and a call to 72 00:04:17.550 --> 00:04:21.120 responsibility to all the stakeholders in this. So 73 00:04:21.120 --> 00:04:22.980 Neuberger said the administration's detected 74 00:04:22.980 --> 00:04:26.880 preparatory activity, and that specific companies potentially 75 00:04:26.880 --> 00:04:30.780 at risk organizations have been privately briefed about it. And 76 00:04:30.780 --> 00:04:34.500 then Joe Biden, President Biden followed this up in a written 77 00:04:34.500 --> 00:04:37.680 statement late Monday, which I think is worth quoting here. And 78 00:04:37.680 --> 00:04:40.380 he said, "Today, my administration is reiterating 79 00:04:40.380 --> 00:04:42.960 previous warnings based on involving intelligence that the 80 00:04:42.960 --> 00:04:46.290 Russian government is exploring options for potential cyber 81 00:04:46.290 --> 00:04:49.620 attacks. My administration will continue to use every tool to 82 00:04:49.620 --> 00:04:52.830 deter, disrupt, and if necessary, respond to cyber 83 00:04:52.830 --> 00:04:55.410 attacks against critical infrastructure, and we need 84 00:04:55.410 --> 00:04:57.930 everyone to do their part to meet one of the defining threats 85 00:04:57.960 --> 00:05:01.440 of our time." So then in a White House factsheet, administration 86 00:05:01.440 --> 00:05:05.460 officials urged organizations to implement mandatory MFA, run 87 00:05:05.460 --> 00:05:08.340 tabletop exercises, enhance detection and response 88 00:05:08.340 --> 00:05:11.490 capabilities, back up and encrypt data and focus on 89 00:05:11.490 --> 00:05:15.060 various other cyber hygiene measures. So some cyber security 90 00:05:15.060 --> 00:05:18.690 experts that I spoke with called the move or the warning rather 91 00:05:18.840 --> 00:05:23.040 unprecedented. So one expert, who has assisted the US 92 00:05:23.040 --> 00:05:26.490 intelligence community, told me that, you know, again, I think 93 00:05:26.490 --> 00:05:29.370 it's worth quoting here, "Cyber war is not military versus 94 00:05:29.370 --> 00:05:32.400 military. All organizations across public and private 95 00:05:32.400 --> 00:05:34.860 sectors will have to defend themselves from attack. 96 00:05:35.010 --> 00:05:37.500 Organizations must take advantage of this unprecedented 97 00:05:37.500 --> 00:05:40.110 access to government threat intelligence, and heed these 98 00:05:40.110 --> 00:05:43.740 warnings." So despite this very straightforward messaging coming 99 00:05:43.740 --> 00:05:46.260 out of Washington this week, the Kremlin on Tuesday reportedly 100 00:05:46.260 --> 00:05:49.770 dismissed any and all related warnings, which we of course, I 101 00:05:49.770 --> 00:05:52.680 think, expected. So, you know, according to Reuters, a 102 00:05:52.680 --> 00:05:55.200 spokesman for the Kremlin, reportedly told journalists on 103 00:05:55.200 --> 00:05:58.800 Tuesday, the Russian Federation, unlike many Western countries, 104 00:05:58.800 --> 00:06:01.350 including the United States does not engage in state-level 105 00:06:01.380 --> 00:06:06.090 banditry. So again, some signs here of rhetorical war, I mean, 106 00:06:06.120 --> 00:06:09.390 from world powers, which is fairly alarming. But still, 107 00:06:09.390 --> 00:06:12.090 experts say that escalating sanctions have certainly 108 00:06:12.090 --> 00:06:16.110 isolated Moscow on the world stage. And these are actions 109 00:06:16.110 --> 00:06:19.170 that may spur Vladimir Putin to react in cyberspace. So I think 110 00:06:19.170 --> 00:06:21.150 that's what we're seeing this week. And again, only time will 111 00:06:21.150 --> 00:06:21.450 tell. 112 00:06:22.800 --> 00:06:25.260 Matthew Schwartz: Excellent! Cyber banditry is, I think, the 113 00:06:25.260 --> 00:06:29.610 phrase of the week for us, here at ISMG. That's fantastic! And I 114 00:06:29.610 --> 00:06:32.190 want to dig into some of that. But I also want to bring 115 00:06:32.190 --> 00:06:35.310 Marianne into the discussion, because I know, Marianne, that 116 00:06:35.310 --> 00:06:38.610 you have been covering these threats as they pertain to the 117 00:06:38.610 --> 00:06:41.220 health care sector. And one of the things I'm going to bring up 118 00:06:41.220 --> 00:06:45.210 in a moment is there was a lot of talk about cyber war, if you 119 00:06:45.210 --> 00:06:49.710 will, disruption. And I think too much talk, not enough of it 120 00:06:49.710 --> 00:06:52.560 happening probably makes it difficult for people to keep 121 00:06:52.560 --> 00:06:55.020 their organizations prepared. Obviously, you have the 122 00:06:55.020 --> 00:06:58.440 President of the United States saying it might get real real 123 00:06:58.440 --> 00:07:03.000 soon. Marianne, give us the health care perspective and how 124 00:07:03.000 --> 00:07:04.890 health care entities are responding. 125 00:07:05.800 --> 00:07:09.550 Marianne McGee: Well, as Dan mentioned, of course, you know, 126 00:07:09.550 --> 00:07:13.750 Biden's heightened sort of advisory this week just kind of 127 00:07:13.780 --> 00:07:17.830 adds to some of the drama, you know, it's been building up. 128 00:07:18.070 --> 00:07:20.920 Thankfully, we haven't seen or at least experts say that we 129 00:07:20.920 --> 00:07:24.880 haven't seen any evidence so far on attacks on the health care 130 00:07:24.910 --> 00:07:30.010 sector in the US directly tied to the Ukraine-Russia war. But 131 00:07:30.010 --> 00:07:36.430 earlier this week, after Biden's comments came out, we had 132 00:07:36.430 --> 00:07:39.070 additional advisories come out from some of the government 133 00:07:39.070 --> 00:07:42.190 agencies that have been already warning the health care sector 134 00:07:42.190 --> 00:07:47.020 about the heightened threat, spillover threats, that could 135 00:07:47.020 --> 00:07:50.740 come out of the Ukraine-Russia conflict on critical 136 00:07:50.740 --> 00:07:53.830 infrastructure sectors such as health care. And a lot of the 137 00:07:53.830 --> 00:07:58.540 advice that these federal agencies as well as the Health 138 00:07:58.540 --> 00:08:03.040 Information Sharing and Analysis Center has been urging health 139 00:08:03.040 --> 00:08:09.790 care sector entities to do include things such as ramping 140 00:08:09.790 --> 00:08:16.150 up or practicing their cyber incident response plans, their 141 00:08:16.150 --> 00:08:20.530 resilience plans and continuity of operation plan so that their 142 00:08:20.530 --> 00:08:24.040 critical functions could continue to operate, even if 143 00:08:24.040 --> 00:08:27.550 their IT systems were affected or needed to be taken offline. 144 00:08:28.150 --> 00:08:32.470 But, of course, a lot of those pieces of advice are things that 145 00:08:32.470 --> 00:08:35.020 the health care sector really should have been doing anyway, 146 00:08:35.560 --> 00:08:39.850 especially since the health care sector in the US and elsewhere 147 00:08:40.030 --> 00:08:43.630 have been such a big target for disruptive ransomware attacks. 148 00:08:44.020 --> 00:08:49.420 And as we know, some of these attacks on hospitals and clinics 149 00:08:49.420 --> 00:08:53.320 have involved these organizations having to take 150 00:08:53.320 --> 00:08:56.590 down their electronic health records, their medical imaging 151 00:08:56.590 --> 00:09:01.630 records, their laboratory systems, their phone lines, 152 00:09:01.630 --> 00:09:04.990 their email, you know. All that taken down sometimes for days 153 00:09:04.990 --> 00:09:08.680 and weeks, which is not only disruptive to the delivery of 154 00:09:08.680 --> 00:09:15.580 patient care, but it also poses potential patient safety. So, 155 00:09:15.970 --> 00:09:19.480 you know, the advice that we've been hearing from the feds as 156 00:09:19.600 --> 00:09:25.300 well as other experts, as the Ukraine-Russia war, you know, 157 00:09:25.300 --> 00:09:28.810 continues, is some of the advice that, you know, they've been 158 00:09:28.810 --> 00:09:31.360 getting for a while. But I think, if anything, this 159 00:09:31.720 --> 00:09:35.200 horrible situation in the Ukraine right now is the latest 160 00:09:35.200 --> 00:09:38.860 wake up call for health care sector entities not only in the 161 00:09:38.860 --> 00:09:43.390 US, but elsewhere to get their cybersecurity houses in order, 162 00:09:43.630 --> 00:09:46.690 especially their business continuity and resilience plans. 163 00:09:47.170 --> 00:09:49.090 Matthew Schwartz: Excellent. Nothing beats a good incident 164 00:09:49.090 --> 00:09:54.460 response plan - well practiced, often updated. As you say, this 165 00:09:54.460 --> 00:09:57.400 isn't anything we haven't heard before. But the US government 166 00:09:57.400 --> 00:10:01.570 does seem to be saying, along with its devoting law 167 00:10:01.570 --> 00:10:05.170 enforcement and intelligence resources to disrupt cybercrime. 168 00:10:05.830 --> 00:10:07.960 It's also been looking at diplomatic measures, perhaps 169 00:10:07.960 --> 00:10:11.020 stalled at the moment due to the conflict and the falling out 170 00:10:11.020 --> 00:10:14.170 with Russia. But business resilience has been a huge 171 00:10:14.200 --> 00:10:18.310 theme, I think, these last 12 months, probably, when it comes 172 00:10:18.310 --> 00:10:22.180 to try to get ahead of ransomware. I'll turn back to 173 00:10:22.180 --> 00:10:25.360 Dan. Dan, you talked to an expert who said the threat here 174 00:10:25.360 --> 00:10:29.260 isn't necessarily of a military nature, in terms of military on 175 00:10:29.260 --> 00:10:34.720 military. Its fallout from...if Russia does launch a destructive 176 00:10:34.720 --> 00:10:39.010 attacker, may be uses as a proxy like all of the ransomware gangs 177 00:10:39.010 --> 00:10:41.950 it's been sheltering inside its borders to target the likes of 178 00:10:41.950 --> 00:10:45.160 health care and then say, oh, it wasn't us. We don't do banditry. 179 00:10:46.830 --> 00:10:48.300 Dan Gunderman: Yeah. Well, I think, one thing that is really 180 00:10:48.300 --> 00:10:51.660 important to call out here is just the accuracy of US 181 00:10:51.660 --> 00:10:54.600 intelligence to this point. I mean, on the military side, 182 00:10:54.840 --> 00:10:58.770 leading up to the buildup, there was the US intel community 183 00:10:58.770 --> 00:11:01.860 saying, you know, this is happening, this is likely, this 184 00:11:01.860 --> 00:11:05.310 is imminent. And then we hit January. There's 100,000 troops 185 00:11:05.310 --> 00:11:10.350 on Ukraine's border. So I think, all along the US got this right. 186 00:11:10.650 --> 00:11:15.180 And I think the administration is heeding at last these 187 00:11:15.180 --> 00:11:18.930 warnings, and the accuracy of them. So when we have 188 00:11:18.930 --> 00:11:22.560 intelligence now pointing to the Russians actively, you know, 189 00:11:22.560 --> 00:11:26.370 exploring US networks, there's been some reporting this week as 190 00:11:26.370 --> 00:11:31.440 well, that before Biden's advisory this week, there was an 191 00:11:31.440 --> 00:11:35.100 FBI alert indicating that Russian IP addresses had been 192 00:11:35.340 --> 00:11:41.280 snooping around at least five US energy firms. So I think, you 193 00:11:41.280 --> 00:11:44.670 got to the point where these actions could become imminent. 194 00:11:44.670 --> 00:11:47.970 So when you have the shields up warning from CISA, you have the 195 00:11:47.970 --> 00:11:50.400 President of United States talking about cyber almost 196 00:11:50.400 --> 00:11:56.550 daily, it's high time to implement these cyber hygiene 197 00:11:56.550 --> 00:11:57.210 measures. 198 00:11:57.840 --> 00:12:00.450 Matthew Schwartz: But Marianne, are you feeling a kind of call 199 00:12:00.450 --> 00:12:02.760 to arms happening? You know, you said, hopefully, with health 200 00:12:02.760 --> 00:12:05.850 care, we'll be seeing people finally getting their house in 201 00:12:05.850 --> 00:12:08.760 order. Do you think it is happening? Are all of these 202 00:12:09.240 --> 00:12:11.730 warnings helping or it's really difficult to say? 203 00:12:12.780 --> 00:12:15.510 Marianne McGee: You know, again, the health care sector has been 204 00:12:15.510 --> 00:12:18.390 hearing a lot of warnings for a while, and they've seen evidence 205 00:12:18.390 --> 00:12:23.070 of these attacks, you know, not related to a war, but just, you 206 00:12:23.070 --> 00:12:26.400 know, the ransomware attacks that have taken their systems 207 00:12:26.400 --> 00:12:30.630 offline for weeks. And I think that, you know, I think a lot of 208 00:12:30.630 --> 00:12:32.670 them are getting it. I think a lot of them just don't have the 209 00:12:32.670 --> 00:12:34.530 resources. They know what they should be doing. But maybe 210 00:12:34.530 --> 00:12:37.920 they're not doing it, because they don't have the expertise. 211 00:12:37.920 --> 00:12:40.110 They don't have the time, you know, they're still dealing with 212 00:12:40.110 --> 00:12:44.040 the pandemic. You know, the feds have been saying now that, you 213 00:12:44.040 --> 00:12:47.550 know, these health care entities should have business continuity 214 00:12:47.550 --> 00:12:54.150 plans that last four to six weeks. You know, that's sounds 215 00:12:54.150 --> 00:12:57.060 reasonable, I guess. But I don't know how many of them are ready 216 00:12:57.060 --> 00:13:00.720 to be able to function with, you know, four to six weeks of not 217 00:13:00.720 --> 00:13:02.790 having their EHR systems up and running. 218 00:13:04.530 --> 00:13:06.000 Matthew Schwartz: Pen and pencil, right? I mean, a quick 219 00:13:06.000 --> 00:13:07.290 run to Staples, I suppose. 220 00:13:08.340 --> 00:13:09.570 Suparna Goswami: Yeah. But I must say the Biden 221 00:13:09.570 --> 00:13:13.050 administration is keeping all of us busy. I mean, every day, as 222 00:13:13.050 --> 00:13:15.930 you said, they are announcing something or the other related 223 00:13:15.930 --> 00:13:19.140 to cybersecurity. And I haven't seen any other country being so 224 00:13:19.140 --> 00:13:21.720 proactive about this. So, kudos to him. 225 00:13:22.890 --> 00:13:24.810 Matthew Schwartz: Yeah, as Dan says, it's very interesting, the 226 00:13:24.810 --> 00:13:27.060 intelligence that they're coming out with and the way that 227 00:13:27.060 --> 00:13:29.580 they're attempting to use it, I think to wake everybody up. 228 00:13:31.080 --> 00:13:33.000 Dan Gunderman: And you're seeing a lot of other European powers 229 00:13:33.000 --> 00:13:36.060 kind of follow suit after Biden comes out and makes such a grand 230 00:13:36.090 --> 00:13:40.170 warning, like, officials in the UK, sort of echo the comments. 231 00:13:40.320 --> 00:13:43.140 You had officials in the EU looking to implement stricter 232 00:13:43.140 --> 00:13:46.680 cyber rules right after the White House came out with these 233 00:13:46.680 --> 00:13:49.800 remarks. So it's certainly in flux at this point. 234 00:13:51.490 --> 00:13:53.500 Matthew Schwartz: Well, again, the business resilience message 235 00:13:53.500 --> 00:13:58.450 is a reminder that not all attacks can be blocked. Hence, 236 00:13:58.510 --> 00:14:01.810 cybersecurity prevention and defenses and rapid response 237 00:14:01.810 --> 00:14:05.950 capabilities remain the order of the day. And when it comes to 238 00:14:05.950 --> 00:14:10.000 things that can't be blocked, Suparna, you're our fraud 239 00:14:10.390 --> 00:14:15.400 expert. And shifting gears just a little bit here. In terms of 240 00:14:15.400 --> 00:14:19.900 fraud, I know that you've been covering the area of SIM 241 00:14:19.900 --> 00:14:26.080 swapping fraud, as always, quite closely. And this is yet another 242 00:14:26.230 --> 00:14:30.010 threat or attack that we've seen a lot of warnings about. But I 243 00:14:30.010 --> 00:14:32.800 don't know that we've necessarily seen great defenses 244 00:14:32.800 --> 00:14:35.320 yet. Because we keep seeing these attacks come to light. 245 00:14:35.500 --> 00:14:38.110 What have you been tracking recently? 246 00:14:39.230 --> 00:14:42.200 Suparna Goswami: Sure. And you hit the nail. I mean, we have 247 00:14:42.380 --> 00:14:46.640 seen people talking about it across countries, but we don't 248 00:14:46.640 --> 00:14:50.240 really have a defense and that is what I had a panel. It was an 249 00:14:50.240 --> 00:14:52.190 interesting panel because the panelists were from different 250 00:14:52.190 --> 00:14:55.100 countries. One was from the UK, one was from South Africa, and 251 00:14:55.100 --> 00:14:59.240 the third panelist was from the US, and they all shared how SIM 252 00:14:59.240 --> 00:15:02.360 swap is a great problem in their countries but it is somehow 253 00:15:02.360 --> 00:15:05.630 underestimated. And we don't have the right statistics 254 00:15:05.630 --> 00:15:08.630 because people don't report it. When people initially face the 255 00:15:08.630 --> 00:15:10.790 problem, they report it to the mobile network, thinking it's 256 00:15:11.180 --> 00:15:14.000 some mobile network issue. And it's reported to the bank 257 00:15:14.000 --> 00:15:18.050 finally but it's not really reported to the police as a SIM 258 00:15:18.050 --> 00:15:23.000 crime or a SIM swap fraud. So, yes, we do know however, since 259 00:15:23.000 --> 00:15:25.970 the numbers are underestimated, but we do know, however, the SIM 260 00:15:25.970 --> 00:15:29.750 swap fraud is part of account takeover problem. And I have 261 00:15:29.750 --> 00:15:33.170 some statistics that were shared during the discussion. So in the 262 00:15:33.170 --> 00:15:38.900 UK, financial institutions have seen an increase of 150% in 263 00:15:38.900 --> 00:15:42.560 account takeover fraud in the past one year. And SIM swap 264 00:15:42.560 --> 00:15:46.010 fraud is the king of account takeover fraud. And various 265 00:15:46.010 --> 00:15:49.370 other statistics in the UK indicate that SIM swap fraud has 266 00:15:49.370 --> 00:15:55.850 increased by over 400% since 2015, and 43% businesses in 267 00:15:55.850 --> 00:16:00.110 2021, in the UK, said that SIM swap fraud is one of the major 268 00:16:00.110 --> 00:16:03.170 threats that they're facing. But again, these are not numbers 269 00:16:03.170 --> 00:16:06.800 that are regulated, so we might just be underestimating a huge 270 00:16:06.800 --> 00:16:12.020 problem here. And what made me, you know, have this panel was 271 00:16:12.020 --> 00:16:15.590 that FBI came out with this report two weeks back, I think, 272 00:16:15.620 --> 00:16:20.150 or three weeks back. FBI's Internet Crime Center came out 273 00:16:20.150 --> 00:16:23.780 with this report which states that enterprises suffering loss 274 00:16:23.780 --> 00:16:30.230 form SIM swap fraud between 2017 to 2020 was only 12 million. But 275 00:16:30.230 --> 00:16:36.590 this number was five times higher in 2021. So, again, it's 276 00:16:36.590 --> 00:16:40.010 top of the iceberg because people do not report the fraud. 277 00:16:40.250 --> 00:16:44.870 But what we know is criminals are aiming for that because SIM 278 00:16:44.870 --> 00:16:50.030 card is your digital DNA. Now, aside from customer education, 279 00:16:50.030 --> 00:16:52.820 as you probably said, we don't really have the right defenses. 280 00:16:52.820 --> 00:16:55.850 So aside from customer education, I checked with them, 281 00:16:55.850 --> 00:17:00.110 are there any major tools that they are working on to curb this 282 00:17:00.110 --> 00:17:03.680 kind of fraud. So SABRIC, which is the South African Banking 283 00:17:03.680 --> 00:17:06.860 Risk Information Center, the person who presented that said 284 00:17:06.860 --> 00:17:11.030 that most banks in South Africa have proper security measures in 285 00:17:11.030 --> 00:17:14.750 place. But criminals, too, are aware of these measures. And so 286 00:17:14.750 --> 00:17:18.260 they are constantly trying to beat these by going the social 287 00:17:18.260 --> 00:17:21.020 engineering way. And that's where the customer education 288 00:17:21.020 --> 00:17:25.610 again plays a major, major role. And again, in the US, banks do 289 00:17:25.610 --> 00:17:30.620 not pass on the losses to the customers from SIM swap, because 290 00:17:30.620 --> 00:17:34.430 these are unauthorized transactions. So one of the 291 00:17:34.430 --> 00:17:37.910 ideas that was discussed during the discussion was why not give 292 00:17:37.940 --> 00:17:40.580 some incentive to the customers who report their fraud. So in 293 00:17:40.580 --> 00:17:43.850 case they find anything, why can't they straightaway report 294 00:17:43.850 --> 00:17:46.730 it to the bank and there can be some sort of incentive attached 295 00:17:46.730 --> 00:17:50.840 to it so that they are more proactive. And, you know, other 296 00:17:50.840 --> 00:17:53.390 solutions that they were speaking about was behavioral 297 00:17:53.390 --> 00:17:58.190 capabilities, biometrics AI, of course. But again, none of this 298 00:17:58.220 --> 00:18:02.120 is majorly basically being deployed by the banks, because 299 00:18:02.480 --> 00:18:05.390 they are not really investing too much on this kind of fraud, 300 00:18:05.390 --> 00:18:07.970 though they are suffering, but maybe because it's unreported, 301 00:18:08.090 --> 00:18:12.170 they are not really spending enough money or attention to 302 00:18:12.170 --> 00:18:14.240 solve this, because this is not a problem that is too 303 00:18:14.240 --> 00:18:19.370 complicated. And then Clare from UK, she's part of JT Global. And 304 00:18:19.370 --> 00:18:22.910 she was saying that how she is collaborating with the mobile 305 00:18:22.910 --> 00:18:26.450 network operators and releasing mobile data services to banks 306 00:18:26.840 --> 00:18:30.380 that help with authentication checks. So right now, when a 307 00:18:30.380 --> 00:18:33.830 customer is requesting for a change in, say, your SIM 308 00:18:35.690 --> 00:18:38.300 attached to his or her bank account, there are checks, but 309 00:18:38.300 --> 00:18:42.830 there are limitations to that. So now what she is doing is, for 310 00:18:42.830 --> 00:18:49.970 instance, if there's a transaction that takes place, 311 00:18:51.200 --> 00:18:54.710 banks can actually visit the platform, the JT global platform 312 00:18:54.740 --> 00:18:57.890 and ask the network a series of questions, which adds an 313 00:18:57.890 --> 00:19:00.980 additional layer of authentication. So these simple 314 00:19:00.980 --> 00:19:03.860 life checks can raise a red flag, which means banks might 315 00:19:03.860 --> 00:19:06.500 have to carry out additional authentication and they can 316 00:19:06.500 --> 00:19:08.870 check, go back to the mobile operators and check if there has 317 00:19:08.870 --> 00:19:12.080 been a SIM request from this bank account number from this 318 00:19:12.080 --> 00:19:15.230 person. So yeah, these life checks are there but yes, there 319 00:19:15.230 --> 00:19:18.170 is no proper defenses as of now. 320 00:19:18.650 --> 00:19:20.660 Matthew Schwartz: Sounds like a fantastic initiative, though. 321 00:19:20.660 --> 00:19:23.750 And it comes down to information sharing, I suppose. 322 00:19:25.520 --> 00:19:27.080 Suparna Goswami: That's the key. Collaboration is the key, 323 00:19:27.080 --> 00:19:27.680 correct. 324 00:19:28.050 --> 00:19:30.900 Matthew Schwartz: Yes, and like you said, it's how you can build 325 00:19:30.900 --> 00:19:35.280 the most technologically amazing approach. But social engineering 326 00:19:35.340 --> 00:19:38.490 always remains a potent tool, especially if it's less 327 00:19:38.490 --> 00:19:42.000 expensive than trying to build something that allows the 328 00:19:42.000 --> 00:19:44.310 criminals to do but you know, do one better than the 329 00:19:44.310 --> 00:19:48.120 technological approach. So, fascinating stuff. As you say, 330 00:19:48.120 --> 00:19:52.380 SIM swapping, we use our smartphones for so many things 331 00:19:52.380 --> 00:19:56.760 these days. We're so relied on for banking, it's no surprise 332 00:19:56.790 --> 00:19:59.520 that criminals continue to target them. 333 00:20:00.500 --> 00:20:03.050 Suparna Goswami: And scams have seen an increase, to be very 334 00:20:03.050 --> 00:20:05.510 honest, the past one year and this is the year they're saying 335 00:20:05.510 --> 00:20:09.590 that ID fraud and all might still see a decrease because 336 00:20:09.590 --> 00:20:12.470 banks or other financial institutions and enterprises are 337 00:20:12.470 --> 00:20:16.790 really investing a lot in identity fraud, but scams will 338 00:20:16.790 --> 00:20:22.520 probably see an increase and SIM swap fraud is part of scams. So 339 00:20:22.520 --> 00:20:25.760 scams will see a major major increase. That's what has been 340 00:20:25.760 --> 00:20:28.550 predicted that this year will be the year of scams. 341 00:20:29.500 --> 00:20:31.330 Matthew Schwartz: Excellent. Well, thank you for sharing that 342 00:20:31.330 --> 00:20:34.090 information and also the predictions. I'm going to use 343 00:20:34.090 --> 00:20:38.800 that to pivot to the opposite of predictions. And I have a little 344 00:20:38.800 --> 00:20:42.160 question for everyone, a secret question, before I let you all 345 00:20:42.160 --> 00:20:47.830 get back to your work, which is just, we're already a few months 346 00:20:47.830 --> 00:20:53.050 into 2022. And I'm curious if there's one thing that has 347 00:20:53.050 --> 00:20:56.710 really surprised you or caught you off guard already this year 348 00:20:56.890 --> 00:20:59.590 on the cybersecurity front? And you know what, there's probably 349 00:20:59.590 --> 00:21:01.900 not just one, but I'm just going to throw that out there. Who 350 00:21:01.900 --> 00:21:04.480 wants to go first? What's really caught you by surprise this 351 00:21:04.480 --> 00:21:04.780 year? 352 00:21:06.820 --> 00:21:10.750 Suparna Goswami: Well, to me, though, we did talk about cyber 353 00:21:10.750 --> 00:21:14.170 warfare, but I did not really expect this to be in such a huge 354 00:21:14.170 --> 00:21:17.920 scale and for so many days. So the Ukraine-Russia cyber war has 355 00:21:17.920 --> 00:21:21.610 really taken me by surprise in the sense that just the sheer 356 00:21:21.610 --> 00:21:25.570 scale and how it's been panning out for so many days. I thought 357 00:21:25.570 --> 00:21:29.110 okay, we have been talking about it. We have seen these attacks 358 00:21:29.110 --> 00:21:32.830 once in a while, but not like going on for a month. So yes, 359 00:21:32.830 --> 00:21:35.770 that has definitely taken me by surprise. 360 00:21:35.000 --> 00:21:37.760 Dan Gunderman: I think, Suparna, building off what you're saying, 361 00:21:37.760 --> 00:21:41.660 which was I was going to explore is just the way that the cyber 362 00:21:41.660 --> 00:21:45.380 war has taken shape. I think a lot of folks after SolarWinds, 363 00:21:45.380 --> 00:21:48.590 and just intelligence pointing to the Russians having this 364 00:21:48.590 --> 00:21:52.280 immense cyber offensive capabilities. We've seen it 365 00:21:52.280 --> 00:21:54.830 really sort of devolve into the underground, though, between 366 00:21:54.830 --> 00:21:59.180 Anonymous and other hacktivists and cyber partisans of Belarus. 367 00:21:59.180 --> 00:22:03.710 And, you know, so much of it has taken place. Not at the state 368 00:22:03.710 --> 00:22:07.940 level, at least with Ukraine's IT army and amassing hundreds of 369 00:22:07.940 --> 00:22:11.330 1000s of volunteers. I think one may have expected if this 370 00:22:11.330 --> 00:22:14.540 conflict would have ensued, it would have been almost military 371 00:22:14.540 --> 00:22:20.300 vs. military. And we haven't really seen that today. So it's 372 00:22:20.300 --> 00:22:23.030 been surprising among a number of other things like you said. 373 00:22:24.500 --> 00:22:26.210 Matthew Schwartz: Marianne, what's caught you off guard this 374 00:22:26.210 --> 00:22:28.820 year? If anything has caught you off guard or surprise, I should 375 00:22:28.820 --> 00:22:29.120 say? 376 00:22:30.140 --> 00:22:35.000 Marianne McGee: Well, you know, we've been seeing progressively 377 00:22:35.060 --> 00:22:38.720 more and more health data breaches, large ones being 378 00:22:38.720 --> 00:22:42.050 reported to the Department of Health and Human Services over 379 00:22:42.050 --> 00:22:44.690 the last several years. You know, last year was a record 380 00:22:44.690 --> 00:22:48.440 year. One thing that does, you know, I guess pleasantly 381 00:22:48.440 --> 00:22:52.760 surprised me, you know, still, is that we haven't had one 382 00:22:52.760 --> 00:22:59.810 incident as large as the Anthem cyber attack that actually was 383 00:22:59.810 --> 00:23:04.310 detected in 2015. But it happened in 2014. And it 384 00:23:04.310 --> 00:23:08.840 affected like 79 million individuals. So, you know, 385 00:23:08.870 --> 00:23:13.310 thankfully, you know, we do see lots of large attacks, and you 386 00:23:13.310 --> 00:23:15.560 know, breaches in health care, but we haven't seen anything of 387 00:23:15.560 --> 00:23:20.090 that size for a few years now. And so I'm always waiting for it 388 00:23:20.090 --> 00:23:23.090 to happen, and hopefully it won't happen. But again, with 389 00:23:23.090 --> 00:23:26.840 all the Ukraine-Russia talk, you know, you kind of wonder what's 390 00:23:26.840 --> 00:23:30.380 next. And you don't want to be surprised. But, you know, that's 391 00:23:30.380 --> 00:23:32.990 one thing I'm pleasantly surprised about so far, that we 392 00:23:32.990 --> 00:23:35.930 haven't seen an Anthem-level breach in a while. 393 00:23:36.770 --> 00:23:38.210 Matthew Schwartz: Well, thank you for sharing a little bit of 394 00:23:38.240 --> 00:23:41.240 it. Yes, it is a pleasant surprise, isn't it? The absence 395 00:23:41.270 --> 00:23:45.140 of at least known big, bad breaches is always something to 396 00:23:45.140 --> 00:23:45.830 be celebrated. 397 00:23:47.570 --> 00:23:49.550 Dan Gunderman: Is there something that surprised you? 398 00:23:49.850 --> 00:23:53.360 Matthew Schwartz: Oh, you catching me off guard here. I 399 00:23:53.360 --> 00:23:54.140 didn't expect that question. 400 00:23:54.140 --> 00:23:55.400 Dan Gunderman: Too much to choose from I know. 401 00:23:56.300 --> 00:23:59.420 Matthew Schwartz: I know, right? I mean, I saw Suparna got in 402 00:23:59.420 --> 00:24:04.910 there early with the Russian invasion of Ukraine. And I will 403 00:24:04.910 --> 00:24:08.510 double down on that as well. There has not been a day gone by 404 00:24:08.630 --> 00:24:12.470 when we haven't been dramatically rethinking our 405 00:24:12.500 --> 00:24:16.190 assumptions. When it comes to how cybersecurity, online 406 00:24:16.190 --> 00:24:22.160 attacks, online disruptions have a key part to play. The thing I 407 00:24:22.160 --> 00:24:25.040 would emphasize that really surprised me is the information 408 00:24:25.160 --> 00:24:30.500 warfare aspect of it. And how Ukraine has so quickly and I 409 00:24:30.500 --> 00:24:35.810 think effectively gotten out its message about the conflict down 410 00:24:35.810 --> 00:24:41.000 to such things as tractor memes. I mean, if this was 2021, we 411 00:24:41.000 --> 00:24:43.700 wouldn't be talking tractor memes. But you say that and 412 00:24:43.700 --> 00:24:47.390 everybody knows what you're talking about. So it is a small 413 00:24:47.390 --> 00:24:49.730 piece of what you were emphasizing, Dan, but I think 414 00:24:49.730 --> 00:24:53.720 the information space has also been a big surprise for me with 415 00:24:53.720 --> 00:24:56.690 this conflict and it continues to evolve, doesn't it? Despite 416 00:24:56.690 --> 00:24:59.360 the absence, obviously, of any cyber banditry. 417 00:25:00.520 --> 00:25:01.210 Dan Gunderman: Yeah, great point. 418 00:25:04.930 --> 00:25:06.880 Matthew Schwartz: Well, thank you. You all did admirably well 419 00:25:06.880 --> 00:25:10.600 with the surprise question. I appreciate that. So I will just 420 00:25:10.600 --> 00:25:14.950 say, Dan, Suparna, Marianne, it's always a pleasure. Thanks 421 00:25:14.950 --> 00:25:18.370 for your time and insights this week for our latest ISMG 422 00:25:18.400 --> 00:25:19.960 Editors' panel. 423 00:25:21.070 --> 00:25:21.610 Dan Gunderman: Thank you, Matt. 424 00:25:21.700 --> 00:25:22.840 Suparna Goswami: Thanks, Matt. Thank you. 425 00:25:24.220 --> 00:25:26.620 Matthew Schwartz: I'll sign off. I'm Matthew Schwartz with ISMG. 426 00:25:26.650 --> 00:25:28.870 Thank you for joining all of us.