Deloitte partner Peter Gooch set out the nature of the threat that travel companies of all sizes face and what they must do to shore up their defences
Travo Cyber Summit: Criminals are preying on human vulnerabilities
Cyber criminals are often acting indiscriminately and are preying on human vulnerabilities rather than technological frailties, Deloitte partner Peter Gooch told the Travolution Cyber Summit.
The business consultancy giant has worked with many corporates in the travel and retail sectors following IT breaches, some of which have been potentially “extinction events” for the victim.
Gooch said even for technically minded people the nature of cyberattacks can be “confusing” and for executives at board level it can seem mindboggling, and even scaremongering.
But Gooch warned that the criminals are expert at taking advantage of human weaknesses, particularly when they are busy and are adept at tailoring their attacks to the victim.
“They are preying on human vulnerabilities, human weaknesses when we are all busy rushing to get something done. They know who you are, who your kids are. It’s incredibly difficult at the moment.”
Gooch cited a major attack on the shipping logistics business Maersk which Deloitte dealt with and which was almost an extinction event for the business.
Attackers targeted a vulnerable piece of software being used in Ukraine and the only reason the firm survived was a hard copy back-up for maintenance was physically available at a partner in Africa.
“It was a huge event that just stopped a lot of things happening,” Gooch said. “It showed how vulnerable big organisations are to big things happening.
“It can be, even for technically minded people, quite confusing. For people on the board it can be mindboggling. Also, it could seem to be scaremongering, a little bit.”
The source of attacks can be indiscriminate as criminals trawl for companies with IT weaknesses they can “take down”.
Some groups are particularly well-funded by hostile nation states like Russia and North Korea who have hundreds of people “sitting in a room hacking”.
Gooch said these groups are focussed and “incredible sophisticated and determined” to do a huge amount of damage but their targets are often just any company associated with the west.
There are also the organised crime gangs of hackers. One Russian Ukrainian gang was estimated to have made $2.5 billion in Bitcoin value out of its activities.
“Many people this this is just petty crime, just opportunities. But this is huge business. They have call centres and organisational structures. It’s like a business they are running. It’s astonishing.”
Some gangs even provide references when it comes to whether or not to pay when a company is hit by ransomware to offer them confidence that they will release back the data they’ve seized.
“These are organisations that can cause a huge amount of harm,” said Gooch. “Some just go after easy targets to make a quick buck and will spray ransomware everywhere, some are more targeted.
“It’s worrying how well-funded they are and how little recourse we have against them because they are faceless.”
Most non-state cyber criminals prefer “smash and grab” techniques to obtain data that they can sell on for financial gain on the black market to other criminal gangs.
Gooch warned companies are often targeted during mergers and acquisitions when a company might is most susceptible to bad publicity and is likely to pay if hit with ransomware.
At the lower end “script kiddies” trying to take down a website from their bedroom and earn a bit of money in the process are out there “trying their luck”.
“Many more medium sized businesses are being hit by this stuff. They know their market, they understand a target’s propensity to pay. It’s frightening to be honest.”
Gooch warned firms are always vulnerable to fraud committed by staff and this might become more of a problem during the cost-of-living crisis.
He warned it is “negligent” to trust people to do the right thing when so many people are surreptitiously trying to get them to do the wrong thing.
And firms must “put the right guard rails” around employees and ensure they are adhering to regulations like GDPR to avoid substantial fines and the disruption and reputational damage a breach will cause.
“The amount of work you have to do to restore confidence with your owners, your shareholders and your customers is enormous and it’s almost always unseen. It’s a long, painful process and we do not want you to go there,” said Gooch.
He added: “Do not think it will not happen to you because it’s not done so far. But there is a huge amount you can do from getting the basis right, getting your hygiene right, training your employees and understanding your environment and being proactive in terms of monitoring.
“It’s not all bleak, you have just got to take it seriously. You have to understand your threats, understand the kinds of people who are trying to attack you, understand the organisations and what makes you vulnerable.”