WEBVTT - 5 things you need to know about fighting ransomware | EP 24 0:00:05.460 --> 0:00:08.960 imagine your computer system is taken hostage by criminals who 0:00:08.960 --> 0:00:11.270 demand that you pay them a ransom to get your 0:00:11.270 --> 0:00:14.340 device back. Now this kind of ransomware attack is on 0:00:14.340 --> 0:00:17.820 the rise and no business big or small is immune. 0:00:17.829 --> 0:00:19.790 So what are the five things you need to know 0:00:19.790 --> 0:00:23.419 to protect yourself against ransomware? I'm sonar Ramesh from the 0:00:23.420 --> 0:00:23.550 man 0:00:23.560 --> 0:00:26.220 my team and I'll be getting some answers from David, 0:00:26.220 --> 0:00:30.590 co chief executive of the cybersecurity agency of Singapore and 0:00:30.590 --> 0:00:34.970 Jon Scheyer, Senior security advisor at sofas. That's a security 0:00:34.970 --> 0:00:38.220 software and hardware company. So my first question to both 0:00:38.220 --> 0:00:41.650 of you is just explain to us what exactly is ransomware. 0:00:41.800 --> 0:00:45.040 We're familiar with cyber attacks that are phishing attacks that 0:00:45.040 --> 0:00:47.400 try to get your password and then try to gain 0:00:47.409 --> 0:00:51.199 access to your computer systems. And this would then either 0:00:51.210 --> 0:00:55.650 result in them stealing information or perhaps tricking you into 0:00:55.660 --> 0:00:59.030 transfer of monies or your bank account, et cetera, which 0:00:59.030 --> 0:01:02.830 will result in financial loss. So those are the traditional 0:01:02.830 --> 0:01:07.330 types of cyber incidents which we are familiar with ransomware 0:01:07.330 --> 0:01:07.690 is a 0:01:07.709 --> 0:01:11.860 different kind of cyber attack. What happens is that they 0:01:11.870 --> 0:01:15.040 come into your computer system and then they launch a 0:01:15.050 --> 0:01:20.059 specific type of malicious software which locks up your entire 0:01:20.060 --> 0:01:23.330 computer system so that you can't access it. They then 0:01:23.330 --> 0:01:25.420 tell you that we have locked up your computer. If 0:01:25.420 --> 0:01:28.240 you want access to this computer please pay us a 0:01:28.240 --> 0:01:31.370 certain amount of money, which is the ransom hands the 0:01:31.370 --> 0:01:33.600 term ransomware. So it's ransom 0:01:33.620 --> 0:01:37.780 malware. Initially when the criminals started to do this they 0:01:37.780 --> 0:01:41.500 did it at a small scale. They targeted individuals, small 0:01:41.500 --> 0:01:44.790 and medium enterprises and the amount of ransom that they 0:01:44.790 --> 0:01:48.760 charge was at a very small level. So the victim 0:01:48.760 --> 0:01:52.920 would typically pay the ransom because it was an inconvenience etcetera. 0:01:52.930 --> 0:01:56.610 But it was a lucrative business because the Attackers, the 0:01:56.610 --> 0:01:59.510 criminals were able to do this repeatedly across 0:01:59.530 --> 0:02:03.630 the board many times so many small attacks, but each 0:02:03.630 --> 0:02:07.960 one a few $100 adding up to be lucrative small business. 0:02:07.970 --> 0:02:12.050 From the criminal perspective the criminals have now evolved and 0:02:12.050 --> 0:02:15.370 they have become more organized and they have formed into 0:02:15.380 --> 0:02:18.639 very large gangs. So the gangs are sophisticated and they 0:02:18.639 --> 0:02:22.410 are increasingly targeting larger companies not just small and medium enterprises, 0:02:22.419 --> 0:02:25.440 large enterprises listed companies etcetera. 0:02:25.660 --> 0:02:30.160 In these cases they recognize that the sophistication that's required 0:02:30.160 --> 0:02:33.019 has to go up because large companies don't just have 0:02:33.020 --> 0:02:36.000 one or two computers but they have entire networks. So 0:02:36.000 --> 0:02:38.660 their tax systems now need to be able to overcome 0:02:38.660 --> 0:02:41.810 the defenses of the large company and to be able 0:02:41.810 --> 0:02:44.619 to lock up the entire network once they have done 0:02:44.620 --> 0:02:47.840 this as a whole element of negotiation. Once I've locked 0:02:47.840 --> 0:02:50.889 up your networks I'll charge you a much larger amount 0:02:50.910 --> 0:02:53.930 and then there's an element of negotiation. So the entire 0:02:53.930 --> 0:02:57.460 system is like a criminal business and it's now evolved 0:02:57.460 --> 0:02:59.770 where they have their own R. And D. Teams, they 0:02:59.770 --> 0:03:02.799 have their own negotiation teams, they have got teams that 0:03:02.800 --> 0:03:05.750 deal with the technical aspects, teams that deal with the 0:03:05.760 --> 0:03:08.900 financial aspects and teams that deal with the human aspects 0:03:08.900 --> 0:03:12.500 of negotiation for example. So it's almost like a shadow business. 0:03:12.510 --> 0:03:16.160 It's organized in gangs and they operate internationally. 0:03:16.669 --> 0:03:19.630 Traditionally ransomware. It's a piece of malicious software that will 0:03:19.630 --> 0:03:23.900 encrypt the files on your systems and the criminals will 0:03:23.900 --> 0:03:27.340 ask for a ransom. So that sum of money to 0:03:27.350 --> 0:03:30.200 buy back the decryption key to decrypt your 0:03:30.200 --> 0:03:31.400 files, some of the 0:03:31.400 --> 0:03:33.860 ransomware criminals have also shifted and we've seen this in 0:03:33.860 --> 0:03:36.780 the past couple of years to also stealing data so 0:03:36.780 --> 0:03:38.610 they will steal that data and they will threaten to 0:03:38.610 --> 0:03:41.890 publish that data publicly if you don't pay up. And 0:03:41.890 --> 0:03:42.290 we've even 0:03:42.302 --> 0:03:45.962 seen lately some groups that are actually foregoing the encryption 0:03:45.962 --> 0:03:48.362 bit and just doing the data stealing because in their 0:03:48.362 --> 0:03:48.842 minds 0:03:48.962 --> 0:03:49.772 the extortion 0:03:49.772 --> 0:03:52.342 part is still part of that data stealing. If you've 0:03:52.342 --> 0:03:54.812 got some data that's intellectual property or is going to 0:03:54.812 --> 0:03:59.542 compromise your customers privacy. Some companies are opting to pay 0:03:59.552 --> 0:04:01.592 for preventing the release of that data. 0:04:01.882 --> 0:04:04.742 So it's an evolution of traditional data breaches. 0:04:05.042 --> 0:04:07.482 It does start that way the 0:04:07.934 --> 0:04:11.114 for ransomware has really diversified and specialized, you've got different 0:04:11.114 --> 0:04:13.504 groups doing different kinds of things and we've got some 0:04:13.504 --> 0:04:16.864 groups that are called initial access brokers, they're sole job 0:04:16.874 --> 0:04:20.124 really is to just find victims gain access to those 0:04:20.124 --> 0:04:22.964 victims gain persistence meaning they gain a point of presence 0:04:22.964 --> 0:04:25.764 within those networks and then they resell that access to 0:04:25.774 --> 0:04:29.184 other criminals and often those criminals or ransomware criminals. But 0:04:29.184 --> 0:04:31.234 if you look at the way that the initial access 0:04:31.234 --> 0:04:33.554 brokers work, they exploit vulnerabilities. So 0:04:33.565 --> 0:04:35.666 if you're not patching your systems, then they'll use that 0:04:35.666 --> 0:04:38.026 as a way into your networks or they'll just rely 0:04:38.026 --> 0:04:41.505 on good old fishing, grabbing your credentials or sending in 0:04:41.505 --> 0:04:43.796 malicious attachments that will provide them a foot in the 0:04:43.796 --> 0:04:45.815 door and once they've got that foot in the door, 0:04:45.815 --> 0:04:48.726 then they can either go forward and perpetrate any crime 0:04:48.726 --> 0:04:50.906 they want. But more often than not, they'll resell that 0:04:50.906 --> 0:04:52.876 to another group of criminals which will then go on 0:04:52.876 --> 0:04:54.236 for the next step of the attack. 0:04:54.586 --> 0:04:57.256 Why is ransomware a growing problem? Not just here in 0:04:57.255 --> 0:04:59.106 Singapore but also around the world. 0:04:59.370 --> 0:05:01.690 We've seen the number of cases in Singapore go up 0:05:01.700 --> 0:05:04.349 from about more than 50% in the last one year 0:05:04.360 --> 0:05:07.779 up to 137 cases reported to us last year. And 0:05:07.779 --> 0:05:10.160 these are only the reported cases. I'm sure there are 0:05:10.160 --> 0:05:13.450 many other cases which haven't been reported to the authorities. 0:05:13.460 --> 0:05:15.330 We see the trends going up 0:05:15.339 --> 0:05:19.150 in terms of the scale and the intensity ransomware used 0:05:19.150 --> 0:05:22.480 to affect individuals, small and medium enterprises. Now we see 0:05:22.480 --> 0:05:26.880 it intensifying the criminals are going after big companies and 0:05:26.880 --> 0:05:31.710 including essential services. One example was earlier this year, the 0:05:31.710 --> 0:05:35.290 government of Costa rica was hit by a ransomware attack. 0:05:35.300 --> 0:05:40.039 And this affected essential services in Costa rica, Their medical services, 0:05:40.040 --> 0:05:44.619 tax services, customs, the government actually declared a state of emergency. 0:05:44.800 --> 0:05:49.540 So these have real world implications, not just small companies, 0:05:49.550 --> 0:05:52.750 but actually large companies and even countries as a whole. 0:05:52.760 --> 0:05:56.790 So this is of growing concern, ransomware also is by 0:05:56.790 --> 0:06:01.730 nature a cross border issue. The criminals are typically coming 0:06:01.730 --> 0:06:05.720 from outside the country from anywhere in the world. Actually, secondly, 0:06:05.720 --> 0:06:11.730 they exploit the jurisdictional differences boundaries to avoid the prosecution 0:06:11.740 --> 0:06:14.070 or legal consequences of their actions. 0:06:14.360 --> 0:06:16.770 And thirdly, as I said, they're going after bigger and 0:06:16.770 --> 0:06:23.060 bigger companies that can result in real world impact to citizens, individuals, people. 0:06:23.070 --> 0:06:25.800 This being the case, it is essential for us to 0:06:25.800 --> 0:06:28.560 respond to this. And as we respond to this, it 0:06:28.560 --> 0:06:31.010 can't just be a domestic issue but has to be 0:06:31.010 --> 0:06:32.480 an international response. 0:06:32.779 --> 0:06:35.680 So we're talking about a cross border problem that also 0:06:35.680 --> 0:06:39.880 requires cross border solutions tell us who's most at risk here. 0:06:39.920 --> 0:06:43.890 Well, the fact is that 100% of companies are potential 0:06:43.890 --> 0:06:46.690 victims I'm often asked is, you know, how bad can 0:06:46.690 --> 0:06:48.279 it get? Well, I think it's already as bad as 0:06:48.279 --> 0:06:50.900 it can be because every single business out there is 0:06:50.900 --> 0:06:54.280 a potential target of ransomware criminals. The idea that there 0:06:54.279 --> 0:06:56.090 are bigger fish out there are too small to be 0:06:56.089 --> 0:06:59.850 a target. It's just false. There are many, many different 0:06:59.850 --> 0:07:02.570 ways to monetize a victim. 0:07:02.592 --> 0:07:04.972 It doesn't have to be ransom where there are other 0:07:04.972 --> 0:07:08.612 crimes out there, simply stealing data and reselling the contents 0:07:08.622 --> 0:07:13.052 of that data to other criminals? Additional phishing campaigns against 0:07:13.062 --> 0:07:15.502 them and their partners? There's just too many ways to 0:07:15.502 --> 0:07:16.412 monetize this data 0:07:16.422 --> 0:07:19.252 so you're never too small or too big to be 0:07:19.252 --> 0:07:22.972 a victim of cyberattacks. And one form of cyberattack that's 0:07:22.982 --> 0:07:26.922 on the rise in Singapore and around the world is ransomware. Now, 0:07:26.922 --> 0:07:30.542 that's when criminals launch malware that locks up your computer 0:07:30.552 --> 0:07:32.382 and then demand a ransom from the victor 0:07:32.404 --> 0:07:35.214 and before you can get your computer system back. These 0:07:35.214 --> 0:07:38.714 attacks have also evolved and in some attacks, the criminals 0:07:38.714 --> 0:07:41.704 steal data as well. It looks like these cyber bad 0:07:41.714 --> 0:07:45.174 guys are just constantly upping their game. How can businesses, 0:07:45.184 --> 0:07:48.984 particularly small and medium sized ones, step up defenses against 0:07:48.984 --> 0:07:52.104 such threats in the last two years have been hugely 0:07:52.114 --> 0:07:55.904 challenging for small and medium enterprises. Firstly, we had covid, 0:07:55.914 --> 0:07:58.404 then we had to respond to that many small and 0:07:58.404 --> 0:08:02.094 medium enterprises took the opportunity over force to adopt 0:08:02.216 --> 0:08:07.326 digital solutions. So we were forced to adopt digitalization. This 0:08:07.326 --> 0:08:10.366 has resulted in some benefits for us, but at the 0:08:10.366 --> 0:08:14.746 same time the very act of going more digital exposes 0:08:14.746 --> 0:08:18.336 us to greater cyber risks. So it's a double edged sword. 0:08:18.346 --> 0:08:21.336 On the one hand, you have the opportunity that digitalization 0:08:21.336 --> 0:08:25.516 brings us more customers ability to do things at scale faster, 0:08:25.516 --> 0:08:28.936 more convenient. But on the other hand, digitalization opens us 0:08:28.936 --> 0:08:32.030 to greater cyber risks. So we need to understand this. 0:08:32.270 --> 0:08:34.940 What are the challenges that small and medium enterprises face? 0:08:34.950 --> 0:08:37.490 First of all is the issue of resource, don't have 0:08:37.490 --> 0:08:39.820 enough people don't have enough money, we don't have an 0:08:39.820 --> 0:08:43.620 I T department. So this is a real big resource, 0:08:43.630 --> 0:08:46.610 but I also want to address perhaps a misconception that 0:08:46.610 --> 0:08:51.090 cyber is not just a technical issue. Yes, at the 0:08:51.090 --> 0:08:53.980 base level there are technical issues, but I would like 0:08:53.980 --> 0:08:54.090 to 0:08:54.106 --> 0:08:56.886 urge us to understand from the small and medium enterprises, 0:08:56.896 --> 0:09:00.146 I want to say that cyber actually is a business 0:09:00.155 --> 0:09:04.736 risk issue. If you understand that your business depends on digitalization, 0:09:04.736 --> 0:09:08.676 your business depends on your computer databases, etcetera. Then actually 0:09:08.676 --> 0:09:11.655 as a business leader, you need to be aware of 0:09:11.666 --> 0:09:15.096 the risks that you're taking with respect to cyber and 0:09:15.096 --> 0:09:15.929 you need to be able to do 0:09:15.942 --> 0:09:18.532 deal with this just like any other business risk. It 0:09:18.532 --> 0:09:21.141 is something that the business leader needs to think about 0:09:21.152 --> 0:09:23.802 needs to consider and their trade offs, do you do 0:09:23.802 --> 0:09:25.752 this or you do that? On the one hand, it's 0:09:25.752 --> 0:09:27.521 more convenient, but on the other hand, you're taking on 0:09:27.522 --> 0:09:31.131 more risks. Ultimately it is a business decision that may 0:09:31.131 --> 0:09:33.881 impact your bottom line and you as a business leader 0:09:33.892 --> 0:09:36.692 need to be aware of this and making those kinds 0:09:36.692 --> 0:09:37.780 of decisions. 0:09:37.960 --> 0:09:40.970 The first way we do this is by building resilience 0:09:40.970 --> 0:09:43.040 into our infrastructure, into our 0:09:43.040 --> 0:09:44.360 systems. The thing to 0:09:44.360 --> 0:09:47.550 note about ransomware specifically and and really just cyber attacks 0:09:47.550 --> 0:09:49.650 in general is it starts as a trickle and then 0:09:49.650 --> 0:09:52.840 becomes a torrent. So as we're talking about these little 0:09:52.840 --> 0:09:55.790 things like a phishing attack where the document provides them 0:09:55.790 --> 0:09:58.349 a little bit of an access into the network. Once 0:09:58.350 --> 0:10:00.410 they're in the network, they have to then do a 0:10:00.410 --> 0:10:03.350 little bit of discovery and reconnaissance to understand what kind 0:10:03.350 --> 0:10:05.290 of network there in where the high value 0:10:05.306 --> 0:10:07.726 assets are, they have to move around laterally. They have 0:10:07.726 --> 0:10:10.726 to escalate privileges. So all these little things are signals 0:10:10.736 --> 0:10:14.266 that are potentially discoverable and can give people an opportunity 0:10:14.266 --> 0:10:17.766 to detect and then stop the criminals. So building resilience 0:10:17.766 --> 0:10:20.186 into the system where we monitor the networks continuously and 0:10:20.186 --> 0:10:22.476 then are able to spot those signals when they happen 0:10:22.686 --> 0:10:25.086 and investigate those signals is part of it. And then 0:10:25.086 --> 0:10:26.686 the other part of it, we have to stop paying 0:10:26.686 --> 0:10:29.436 these criminals. The volume of money that is going into 0:10:29.436 --> 0:10:32.195 criminals pockets a self fulfilling prophecy, right? The more we 0:10:32.196 --> 0:10:32.636 pay the 0:10:32.652 --> 0:10:35.962 guys, the more they're going to improve their ability to operate, 0:10:35.962 --> 0:10:37.862 the more they're going to be able to recruit affiliates, 0:10:37.862 --> 0:10:39.312 the more they're going to be able to just go 0:10:39.312 --> 0:10:40.291 about their business 0:10:40.442 --> 0:10:43.732 with this ever evolving range of online threats. What sort 0:10:43.732 --> 0:10:47.752 of help is available for businesses smes need to recognize 0:10:47.761 --> 0:10:52.392 that they can and they are being targeted. Some smes 0:10:52.392 --> 0:10:54.462 take the view that I'm too small, no one will 0:10:54.462 --> 0:10:57.752 come after us. The reality is that we are exposed 0:10:57.752 --> 0:11:00.000 to cyber criminals from all over the world. 0:11:00.160 --> 0:11:03.900 They're opportunistic so when they find a potential victim they 0:11:03.910 --> 0:11:07.580 find a target. They're not specifically targeting you but they 0:11:07.580 --> 0:11:09.900 just find somebody and just hit it. And the nature 0:11:09.900 --> 0:11:13.030 of the digital spaces that they can fire many bullets 0:11:13.030 --> 0:11:15.450 as it were at a relatively low cost. 0:11:15.460 --> 0:11:17.530 So you need to plan for this, you need to 0:11:17.530 --> 0:11:22.349 be prepared for this, understand the resource constraints that smes face. 0:11:22.360 --> 0:11:25.290 So in that respect what government has done is that 0:11:25.290 --> 0:11:29.060 we have launched many programs which could help smes many 0:11:29.059 --> 0:11:30.760 of them are actually free. 0:11:30.920 --> 0:11:34.350 For example CSC has launched the S. G cyber safe 0:11:34.350 --> 0:11:38.460 program in 2021. This provides free to kids which you 0:11:38.460 --> 0:11:41.400 can download from us. Get access from us for free. 0:11:41.410 --> 0:11:45.220 These are designed for the leaders. The bosses in the smes, 0:11:45.230 --> 0:11:48.000 they're designed for all the employees as well as for 0:11:48.000 --> 0:11:50.780 their I. T. Departments so you've got different two kids 0:11:50.790 --> 0:11:53.920 which are designed for the different parts of the organization. 0:11:53.929 --> 0:11:54.980 So there are some which are 0:11:54.995 --> 0:11:57.955 designed just for the bosses to understand some for the I. T. 0:11:57.955 --> 0:12:00.675 Department so that they can implement the solutions and then 0:12:00.675 --> 0:12:03.845 others are for awareness for all the employees because actually 0:12:03.855 --> 0:12:06.225 all of us are at the front lines of this 0:12:06.225 --> 0:12:09.625 challenge that we're facing and all employees need to do 0:12:09.625 --> 0:12:12.715 the basic things cyber actually is a team effort. We 0:12:12.715 --> 0:12:15.725 need everyone in the organization not just the I. T. Department, 0:12:15.735 --> 0:12:19.055 the bosses, all the employees to be aware of the 0:12:19.070 --> 0:12:22.020 part that they play and play their part. Well. In 0:12:22.020 --> 0:12:24.790 March of 2022 C. S. A. Has also launched two 0:12:24.790 --> 0:12:28.520 new initiatives. These are the cyber essentials and the cyber 0:12:28.530 --> 0:12:32.010 trust Mark, one of the big challenges that we glean 0:12:32.010 --> 0:12:34.559 when we talked to all our stakeholders is that cyber 0:12:34.559 --> 0:12:37.510 is just too complicated. There's so many things to do, 0:12:37.520 --> 0:12:39.260 what am I supposed to do And then when I 0:12:39.260 --> 0:12:42.179 speak to the vendors, they're always telling me their solution 0:12:42.179 --> 0:12:43.020 will solve all the 0:12:43.375 --> 0:12:46.405 so as an sme it is a huge challenge to 0:12:46.415 --> 0:12:49.585 try to make sense of the space, know exactly what 0:12:49.585 --> 0:12:51.974 you need to do and what you can do cyber 0:12:51.975 --> 0:12:55.105 essentials is a move in that direction where we simplify 0:12:55.105 --> 0:12:57.345 it and say that look if you're an S M E, 0:12:57.355 --> 0:12:59.875 these are the basic things that need to be done 0:12:59.885 --> 0:13:02.704 and if you do this, you give you a relative 0:13:02.705 --> 0:13:06.385 level of cyber hygiene which will put your enterprise in 0:13:06.385 --> 0:13:07.205 a better state. 0:13:07.420 --> 0:13:10.059 And in addition to that, we have also reached out 0:13:10.070 --> 0:13:13.260 to different companies to make sure that their products aligned 0:13:13.260 --> 0:13:15.820 to this and that us sme then you have a 0:13:15.820 --> 0:13:18.470 choice of which products you can buy, which will meet 0:13:18.480 --> 0:13:21.929 the cyber essentials. Mark. We hope that in due course 0:13:21.940 --> 0:13:25.040 you can put this a bit like a simpler version 0:13:25.040 --> 0:13:27.850 of I. S. O. Mark on your company and then 0:13:27.850 --> 0:13:31.260 you can tell your customers that your company has reached 0:13:31.260 --> 0:13:33.610 this level of basic cyber hygiene, which 0:13:33.630 --> 0:13:36.900 is recognized by the cyber essentials Mark. Beyond the cyber 0:13:36.900 --> 0:13:39.910 essentials Mark, there's also the cyber trust Mark. This is 0:13:39.910 --> 0:13:43.160 meant for larger enterprises, those which more resources where you 0:13:43.160 --> 0:13:46.709 can aim for a higher level of excellence in cybersecurity. 0:13:46.720 --> 0:13:49.910 So help is available for smes, but it's also about 0:13:49.910 --> 0:13:53.510 a mindset change, isn't it? David, The nature of cyber 0:13:53.520 --> 0:13:57.620 is perhaps unfamiliar to many of us. Many of us 0:13:57.630 --> 0:13:59.819 instinctively know how to deal 0:13:59.840 --> 0:14:04.250 with physical security dangers. We know that when we leave 0:14:04.250 --> 0:14:06.610 our homes, we lock the door, we close the windows. 0:14:06.620 --> 0:14:09.570 If we drive, we'll lock our cars. You are careful 0:14:09.570 --> 0:14:11.949 not to leave your wallet, your handful in your purse 0:14:11.950 --> 0:14:14.190 lying around. You know how to take care of this. 0:14:14.200 --> 0:14:16.650 If you're walking late at night, you'll be a bit 0:14:16.650 --> 0:14:21.070 more careful if it's unsafe part of the place. Where 0:14:21.070 --> 0:14:23.479 do we get all of these instincts? We got this 0:14:23.480 --> 0:14:26.050 as we were growing up, our parents taught us. 0:14:26.260 --> 0:14:28.910 But when it comes to cyber, we don't have these instincts. 0:14:28.920 --> 0:14:31.320 Our parents didn't teach us anything. If anything, we're teaching 0:14:31.320 --> 0:14:34.150 our parents what to do to be safe on cyberspace. 0:14:34.160 --> 0:14:37.070 So as it were, we haven't had a chance to 0:14:37.070 --> 0:14:40.080 hone these instincts of what needs to be done? What 0:14:40.080 --> 0:14:43.040 is natural, How do we be more cautious? We're using 0:14:43.040 --> 0:14:47.740 digital devices, but we haven't got those instincts yet. I'm 0:14:47.740 --> 0:14:51.020 not a digital native. I speak the language. Perhaps I 0:14:51.020 --> 0:14:52.350 speak the language and an accent. 0:14:52.640 --> 0:14:56.730 My Children are digital natives. They will grow up having 0:14:56.730 --> 0:15:00.710 much more instincts of what is safe. What is natural 0:15:00.720 --> 0:15:03.850 and how to look out for science, which perhaps things 0:15:03.850 --> 0:15:06.680 don't add up. So because we don't have these instincts, 0:15:06.690 --> 0:15:08.580 we need to build them up. We need to train 0:15:08.580 --> 0:15:09.200 our employee. 0:15:09.215 --> 0:15:11.385 We need to train ourselves when we are on e 0:15:11.385 --> 0:15:14.785 commerce sites, how to be more careful how to watch 0:15:14.785 --> 0:15:18.255 for signs of fishing, how to look for telltale signs 0:15:18.255 --> 0:15:21.635 that this perhaps may not be a legitimate website or 0:15:21.635 --> 0:15:24.335 this is asking for things which you shouldn't be putting 0:15:24.335 --> 0:15:25.775 out on the net. 0:15:26.070 --> 0:15:29.430 How would a typical cyber attack take place? It typically 0:15:29.430 --> 0:15:33.080 begins with a phishing email so someone that's still the 0:15:33.090 --> 0:15:36.780 vast majority of the start of cyber attacks so they 0:15:36.780 --> 0:15:40.290 send out emails that entice the employee or the individual 0:15:40.290 --> 0:15:43.440 to click on. It Sometimes could be a free offer. 0:15:43.450 --> 0:15:46.160 Sometimes it could be a warning. Your bank account is 0:15:46.160 --> 0:15:48.160 not working. You need to click on this in order 0:15:48.160 --> 0:15:49.410 to reactivate it. 0:15:49.590 --> 0:15:54.220 So it prays on human psychology, our greed or our 0:15:54.220 --> 0:15:57.530 fears and then entices you to then click on this 0:15:57.540 --> 0:16:00.290 when your guard is let down, then you do this 0:16:00.290 --> 0:16:01.400 and then you make a mistake, 0:16:01.550 --> 0:16:06.270 even when that happens, one shouldn't panic. It doesn't happen instantaneously. 0:16:06.280 --> 0:16:10.150 You may result in the attacker gaining access to your device, 0:16:10.160 --> 0:16:12.720 but even then you can call the bank, you can 0:16:12.720 --> 0:16:16.600 call the company involved, the credit card company to then 0:16:16.610 --> 0:16:20.850 cease operations increasingly that is something that we've been educating 0:16:20.850 --> 0:16:21.890 the public to do. 0:16:22.040 --> 0:16:24.590 But then if you're not aware that this has happened, 0:16:24.600 --> 0:16:27.200 then in the company, for example, an employee makes a mistake, 0:16:27.210 --> 0:16:31.150 what then happens? The attacker comes in, he then gains 0:16:31.150 --> 0:16:35.030 access to one computer. That's not good enough because yes, 0:16:35.030 --> 0:16:37.610 you've taken over one computer. But actually his goal is 0:16:37.610 --> 0:16:40.750 to take over the entire company's network. So he actually 0:16:40.750 --> 0:16:45.000 needs to employ some sophisticated technical means to then gain 0:16:45.010 --> 0:16:45.820 access to the 0:16:45.830 --> 0:16:49.970 one computer and then from there move sideways into the network. 0:16:49.980 --> 0:16:54.250 So if the company has well designed system, if the 0:16:54.250 --> 0:16:58.250 company has a well designed security, then he can detect 0:16:58.260 --> 0:17:02.360 the adversary in his networks. The conceptual equivalent of an 0:17:02.360 --> 0:17:05.450 employee left the door open, someone comes into your office, 0:17:05.460 --> 0:17:08.290 then the next question is, can he wander around your 0:17:08.290 --> 0:17:09.620 entire office at will, 0:17:09.630 --> 0:17:12.350 can you walk into the Ceo's office and steal the 0:17:12.350 --> 0:17:15.139 money that's in the safe? So the question that I 0:17:15.140 --> 0:17:18.869 would ask, sme leaders is that are your digital assets 0:17:18.880 --> 0:17:22.990 kept in the safe, just like your physical assets are kept? 0:17:23.000 --> 0:17:27.150 Have you identified what are your digital crown jewels in 0:17:27.150 --> 0:17:29.419 the physical world? We know what's important. We keep it 0:17:29.420 --> 0:17:32.710 in the safe is your office all open for anyone 0:17:32.710 --> 0:17:33.420 to walk it 0:17:33.710 --> 0:17:37.430 probably not. Probably they can walk into the reception area, 0:17:37.440 --> 0:17:39.800 but then if they want to come to the senior management, 0:17:39.810 --> 0:17:43.720 there's someone to check. There's another layer of doors etcetera. 0:17:43.730 --> 0:17:47.550 And the most valuable things are kept in the safe. 0:17:47.560 --> 0:17:50.500 The kind of thinking the kind of instinct, the kind 0:17:50.500 --> 0:17:53.640 of layout that we have for physical security should be 0:17:53.650 --> 0:17:58.419 implemented in the digital space, ransomware evolved out of phishing attacks. 0:17:58.420 --> 0:18:00.700 What do you think will be the next big cyber 0:18:00.700 --> 0:18:01.750 threat out there? 0:18:01.950 --> 0:18:04.640 All those threats are still around, we still see viruses, 0:18:04.640 --> 0:18:07.560 we still see worms, we still see phishing ransomware is 0:18:07.560 --> 0:18:10.300 just the very final payload. Now in the past it 0:18:10.300 --> 0:18:13.880 was more about defacement or notoriety and there was some 0:18:13.880 --> 0:18:17.000 monetization of hosts. So if if you got infected by 0:18:17.000 --> 0:18:19.880 a botnet for example, you could then get resold and 0:18:19.880 --> 0:18:23.169 get those hosts resold to send spam that might sell, 0:18:23.170 --> 0:18:25.910 you know Viagra or fake Viagra in this case. Right. 0:18:25.920 --> 0:18:28.409 But I think some of the scams that are coming 0:18:28.410 --> 0:18:30.570 up are related to some of the newer technologies that 0:18:30.590 --> 0:18:33.959 we're seeing things like deepfakes. So according to the FBI 0:18:33.970 --> 0:18:37.480 business email compromise or also known as ceo fraud where 0:18:37.490 --> 0:18:40.830 basically you're tricking somebody into sending money to your account 0:18:40.830 --> 0:18:43.560 instead of your distributors account. That is one of the 0:18:43.560 --> 0:18:46.399 bigger crimes out there. Far dwarfs in terms of just 0:18:46.400 --> 0:18:51.080 monetary value. Far dwarfs, ransomware and that crime works by 0:18:51.090 --> 0:18:55.060 Impersonating somebody. And so when we've got these deepfakes now 0:18:55.060 --> 0:18:59.210 that are getting so convincing, both the voice models that 0:18:59.230 --> 0:19:01.369 where somebody calling you over the phone or even the 0:19:01.380 --> 0:19:05.439 video models, it's going to really impact that side of 0:19:05.440 --> 0:19:07.820 the crime as well. So we're talking about really high 0:19:07.820 --> 0:19:11.300 tech cutting edge technology that is going to supercharge and 0:19:11.310 --> 0:19:15.330 already very big, big crime. In addition to things like 0:19:15.330 --> 0:19:18.410 business email compromise, we're seeing a lot more crypto scams 0:19:18.410 --> 0:19:22.209 now that are involving personalities that are being created by 0:19:22.210 --> 0:19:25.200 hand by people. So they are creating fake instagram accounts 0:19:25.200 --> 0:19:27.850 and all sorts of different fake personalities. Now with deep 0:19:28.230 --> 0:19:31.300 you don't have to actually hand create them. You can 0:19:31.310 --> 0:19:34.700 let the machines create the personalities for you. And as 0:19:34.700 --> 0:19:38.190 the technology matures and gets better, we kind of envision 0:19:38.200 --> 0:19:41.000 a world where these technologies will be able to interface with. 0:19:41.000 --> 0:19:44.689 You hold basic conversations and perpetrate fraud on a scale 0:19:44.690 --> 0:19:45.840 that we've never seen before 0:19:45.990 --> 0:19:50.230 as technology evolves. So too will the threat from cyber criminals? 0:19:50.240 --> 0:19:52.980 One major type of cyber attack that's on the rise 0:19:52.990 --> 0:19:56.480 is ransomware cases reported in Singapore have risen 0:19:56.500 --> 0:20:01.000 Over 50% and businesses big and small are at risk. 0:20:01.010 --> 0:20:03.649 What makes such attacks tricky to trace is that they 0:20:03.650 --> 0:20:07.600 often cross border, which means that solutions will also have 0:20:07.600 --> 0:20:11.639 to be transboundary, there's help available for businesses to scale 0:20:11.640 --> 0:20:16.129 up their defenses. But in addition to stronger cyber protection protocols, 0:20:16.140 --> 0:20:20.429 a mindset change is also needed. Now, that's because cybersecurity 0:20:20.440 --> 0:20:25.140