Elliot Seeto on LinkedIn: A deepfake ‘CFO’ tricked the British design firm behind the Sydney Opera… (2024)

Is your Inbox getting flooded by Marketing Spam?Probably not a new tip for many but it was a game changer for me.Was able to halve my unread emails from my Inbox by setting up a quick rule to identify the keyword "unsubscribe' and send it straight to 'Deleted items'.Amazing!Be careful though, you might end up missing key updates from sources you actually want to read.Go check those and set a rule up for those.

16

17 Comments

"We need to make #Cybersecurity (for SMB's) easier, approachable and simple" Jason Murrell talking about how the Cyber Security Certification Australia (CSCAU) is helping MSP's support #SmallBusiness get better with online safety.Full video of the latest episode of this #CyberCollective podcast in the comments:

25

1 Comment

"We need to make #Cybersecurity (for SMB's) easier, approachable and simple" Jason Murrell talking about how the Cyber Security Certification Australia (CSCAU) is helping MSP's support #SmallBusiness get better with online safety.Full video of the latest episode of this hashtag#CyberCollective podcast in the comments:

14

1 Comment

Let's explore how your #personaldata being leaked can be used for targeted #scams and how easy someone can be socially engineered to make bad decisions especially with easily found #AI tech.All I need for this example is a name, phone number, country and date of birth. Stuff that would be easily obtained from the many #databreaches we hear about.Let's call this person Sarah Walters.I search social media sites and find various matches to that name and if they have a public profile, I could have everything I need to put my plan into place.I have verified the location and date of birth to give me the best chance that I have the right person.I noticed that Sarah is an avid Justin Bieber fan with loads of public post. I see that she has recently attended a concert at (xx location)Now I have everything I need.I use some like Parrot AI to create an deepfake voice recording as Biebs.Call and leave a Voicemail, something to the tune of "This is Justin, just calling you to thank you for coming to my concert at X. As one of my biggest fans, and as your birthday is coming up, you have been selected to join me for an all expenses paid trip to Vegas for my upcoming concert for you and 3 friends.Contact my team at rewards@beliebers.net to claim your place.Can't wait to see you there."If Sarah is a hardcore fan, all common-sense would go out the window.Sarah emails, details are shared to appear real. Then they say, for legal reasons we need to take a holding deposit for each person to ensure we abide to US travel laws, blah blah.That will be $500 each for your group of 4.Sarah throws out all potential suspicions and has no idea about US law and doesn't care because emotion overrides critical thinking.Make the transfer because " I just won Biebs tickets baby", who wouldn't!Now why would I give people ideas, you might say? Well this is just an example but these things are already happening.Get help, do some training and be better Cyber prepared.

2

This is an excellent article by Rosalyn Page on how effective, simple low-tech #CyberAttacks can be.I won't rehash the article as it is a great thought provoking read. While there are some technical controls that could be put into place to mitigate some of these risks such as disabling or limiting only authorised USB drives to access systems, there is a much more effective method to reducing this #Risk.#SecurityTraining!Not just your run of the mill training platform though, but it should include a comprehensive training program that incorporates ways of validation.Training without validating that the users actually understand and utilise the training in their day to day lives is like changing a tyre without checking that the nuts are properly tightened before you drive off.Something bad will probably happen.Comprehensive training doesn't need to be complex though, in fact, sometimes simpler is better. It just needs to be thorough and digestible to the everyday person.Good training also helps users to protect themselves outside of work and in their private lives. It might be that little thing that stops them from handing their money over to that Nigerian prince or worse.

13

4 Comments

#Cybersecurity for SMB's is difficult for the many MSPs to deal with as their are no specific laws, regulation or guide lines to follow. In this Episode we look at the Cyber Security Certification Australia (CSCAU) new #SMB Standards and #Certification process to support MSPs and SMBs on improving their cybersecurity through industry-led, affordable, and regularly-updated methodologies. I am joined by our MSP voice: Adam Cliffe, MD and Security Advisor at ADITS and our SME: Jason Murrell, Independant Chair at the Cyber Security Certification Australia (CSCAU) and Co-Founder of the MurFin Group

21

7 Comments

When I read articles like this, stating a need for 5000 new workers in the #cybersecurity industry each year to keep up with demand, it is interesting to see many Security focused vendors going through lay-offs. What's even more interesting and disappointing is the limited support of #SmallBusiness in last night's Australian federal #budget. And no mention of cybersecurity either. Although I wasn't expecting there to be, so no surprise there.This is not a current government issue though. Granted there are other pressing matters, like the cost of living and housing crisis' to deal with. But when I hear politicians say "Small business are the life blood of Australia" or #Cyber Safety is a priority for all Australians", well it's kinda hard to take them seriously when there is no follow through or support.I believe we already have a viable solution to help make sure small businesses can reduce their #Risk.The #MSP and #TSP community!But they need support.I'm neither here nor there when it comes to politics but action is needed. Time for governments to step up regardless of party lines and put their money where their mouths are.Cybersecurity is not a partisan issue, it's something that can affect us all regardless of political affiliation.

26

16 Comments

"Cbeyr Scrietuy is smtoehnig taht all slmal and mdiuem biusesnes msut tkae srioelsuy"According to Social media, if you can read this, you're a Genius.That's a bit of a stretch but it does show a persons capacity to think differently. Can you read it?The trick here is that as long as the first and last letters are in its correct place than the person should be able to read it.I could read things like this fairly easily without explanation and I am far from a genius (So says my wife). Thought everyone could. But I've seen different results.- Some couldn't read it at all- Some struggle with it but could read it once the understood the pattern- Some (like me) read it with some thought and recognised that the letters were scrambled- Others read it normally and didn't notice that it was scrambled."Cool story bro, Why are you spamming me with this crap Elliot?"Simple 'cognitive tests' like this can help identify different strengths and weakness in your team. Having too much of one can throw a team off balance. There is a bunch of cognitive and personality tests available that you could use to get a good balance within your teams to not only be efficient but be able to work together. When it comes to your security teams, this can be extremely important to get right. During an incident, if your teams don't work well together, things get missed or ignored, which can be impactful during an IR play. It also highlights that everyone is different and needs different ways of training. Not everyone can do an annual online #securityawareness training and be expected to remember it on top of their everyday workloads.As an example, I am not a text book training type person. I learn through experience. Getting my hands dirty, speaking to people and asking questions is how I learn.Different methods need to be considered when delivering #SecurityTraining. This is part of rolling out a successful program, build it for everyone.

17

5 Comments

Are we getting it wrong and focusing on the wrong things when it comes to #cybersecurity?The stats seem to point that way. Most statistics global point to human error being the key contributor to a #cyberbreach or incident, usually anywhere between 70-95%. Yet Security training for SMBs is typically a low priority.The controls we put into place are there to mitigate issues when mistakes happen. But why can't we reduce the mistakes through training at the same time?

25

8 Comments