Blog

Chris Mathers

February 2, 2017 by Speakers' Spotlight

Protect Your Organization From Cyber Crime

Chris Mathers spent most of his life working undercover for the Royal Canadian Mounted Police, US Drug Enforcement Administration, and the US Customs Service.  Posing as a gangster, a drug trafficker, and even as a money launderer, Chris has seen and done it all. In his extraordinary talks, Chris takes audiences into the underworld that only he can describe, letting people in on the stunning stories and secrets harboured by terrorists and those involved in organized crime. In this post below, Chris explains why cybercrime is on the rise, and what organizations should do to protect themselves:

When asked why he robbed banks, Jesse James replied, “Because that’s where the money is.”

Well, now that money is available online!

Just for a moment, pretend that you’re a bad guy.  Consider the advantages of cyber crime, as compared to “old school” crime.

You don’t need a gun.

This is an important point.  Guns are dangerous.  They ruin the cut of your suit. The have a tendency to go off at inopportune moments.  And, don’t forget the really important disadvantage; if you are carrying a gun and you end up interacting with the police, you may get killed.

You don’t have to wear a disguise.

In fact, you don’t even have to wear pants.  You can rob and steal from the comfort of your own living room.  All you need is an Internet connection.

The chances of going to jail are almost zero.

If you’re smart enough, the victims probably won’t even find out for weeks that you have robbed them.  They might call the cops but they won’t be able to help. They’re too busy dealing with violent crime, terrorism and demonstrations.

Reduced travel costs and risks

For criminals, just like for everyone else, travel can be a real pain.  Random searches of your carry-on by nosy security people, inquisitive Customs officers and crappy airline food, all combine to reduce the enjoyment of your travel experience.  But with cyber-crime, you can forget all that.  You don’t have to be face-to-face with your victim.  In fact, you don’t even have to be in the same country.  The truth is that most of the bad guys, who commit these crimes, typically live in eastern Europe.

You will make a whole lot more money.

Bank robberies, home invasions, jewellery store smash n’ grabs?  Forget that.  A bank robbery might net you a couple of thousand dollars, if you’re lucky.  And, there will probably be a dye pack in the money that will blow up and turn your face blue.

But a recent study by the Ponemon Institute pegged the average annual loss to companies worldwide, due to cyber-attacks, at $9.5 million per year[1].  In the U.S., it’s more like $17 million per year. That’s a lot better than robbing a bank.

All of this isn’t lost on criminals.  Like everyone else, they evolve with time and circumstances.  They’re making a ton of money and, what’s worse is that it’s costing the companies who are victims, a fortune.

Ransomware attacks, where crooks encrypt your data and charge you a fee to decrypt, cost companies an average of $157,000 per incident.

Cases where user credentials have been stolen to gain access to corporate networks, cost companies around $230,000 per incident.

What can you do?  As an individual?  As a company?

You need to develop a robust cyber-security policy and train your staff.  Current estimates are that 1% of all emails are questionable.  That is to say, they may contain malware as part of a “phishing”[2] attack.  If you think about how many emails are sent every day, around the world, 1% is a big number.

So, if you or your employees don’t take this threat seriously, the chances of becoming a victim are close to 100%.  The financial and reputational costs of a cyber attack can be significant.

And sometimes non-survivable.

[1] http://www8.hp.com/us/en/software-solutions/asset/softw

 

[2] Phishing is when bad guys send emails purporting to be from reputable companies in order to convince you to reveal personal information, such as passwords and credit card numbers.