Why Cybercrime Is Evolving Faster Than You Think
Recognised among the UK’s leading Cyber Security speakers, Graham Cluley has been at the forefront of the industry for over two decades, helping businesses, governments and media understand the real-world implications of cyber threats.
A former spokesperson for antivirus giants Sophos and McAfee, Graham has earned international acclaim for making complex cybersecurity topics both accessible and engaging.
In this exclusive interview with The Champions Speakers Agency, Graham shares eye-opening insights into how cybercriminals are now using deepfake technology, bribing employees, and exploiting everyday devices to infiltrate organisations.
He explains why ransomware is just the tip of the iceberg, the hidden dangers of insider threats, and what leaders must do to build a truly cyber-resilient culture.
Q: We often hear about common cyber threats, but from your perspective, what are some of the most surprising or advanced techniques attackers are using today?
Graham Cluley: “I think some of the types of cyber-attack which really fascinate people now are the way in which technology can be used to dupe people—to socially engineer them. And of course, we are now living in the era of artificial intelligence, where you can use deep fake technology. So we’ve seen attacks where companies have been targeted by a criminal who is pretending to be the CEO of the company.
“And you are there on a video call with someone, interacting with them. It looks like your CEO. It sounds like your CEO. Your CEO is telling you to transfer $15 million to a Hong Kong bank account, and you’re thinking, “Well, I suppose I better do it.”
“So things like that are really, I think, surprising to many people. The other thing is, we all understand that we’ve got computers and phones which can be hacked, but it’s also the case that your fridge could be hacked—or even your toaster, or your CCTV camera.
“And criminals are targeting the Internet of Things when they are conducting their cyber-attacks. Often, those sorts of devices are vulnerable to attack, and can be exploited in order for the criminals to potentially make a lot of money.”
Q: With threats evolving rapidly, what do you consider the most critical cybersecurity risks businesses are facing today—and how should they be proactively addressing them?
Graham Cluley: “The threat which most people are worried about right now—because it’s the one which is in the news the most—is ransomware. This is where the criminals break in, they encrypt your data, they leave you a ransom note. And even if you’ve got a backup, it may still be a problem because they’ve now got your data and they’re threatening to leak it.
“So criminals have made hundreds of millions of dollars through that particular tactic. That’s a big threat. I actually think, though, that there’s a bigger problem—and one which the security companies don’t like to talk about so much—which is the insider threat.
“The threat is that you may have a rogue employee inside your company who either has got a bit of a chip on their shoulder because you haven’t been looking after them well enough, or they want to get better paid somewhere else, or they know that they’re on their way out. And they may steal data. Or, in some cases, criminal gangs actually target your employees and bribe them.
“We saw a case, for instance, where a Tesla employee was offered $1 million by a Russian hacking gang to plant malware on Tesla’s network. Now, fortunately, that was stopped in that particular instance. But that’s the kind of money these gangs have available to them. And can you honestly say that none of your staff would fall for an attack like that?
“So you have to worry about your staff as well as the external hackers. Your staff have already been given the passwords. You’ve given them access to the database and the sensitive information which they might be trying to steal.
“There’s a variety of ways in which your company can protect yourself. You obviously want multi-layered protection defences. You want best practices. There’s a place for staff training as well. I know people think, “Oh, we’ve been doing this for years and years.” But certainly it’s really good to get in front of your employees on a regular basis and make them feel like they’re part of the security component of your company.
“And you may want to do things like adopt a zero trust attitude, which is where everything which comes into your company—every network connection—is not trusted until it is verified, rather than having a more laissez-faire attitude. But it’s complicated protecting businesses, particularly now, as we usually are a hybrid workforce—working from home, working on the road, as well as in the office.”
Q: Building cyber resilience goes beyond IT—it’s a company-wide effort. How can business leaders foster a culture of awareness and engagement around cybersecurity?
Graham Cluley: “So what I recommend is making cyber security really relatable, and use real-world examples. Tell stories—that’s what I love to do. I tell stories of hacks. I tell stories about how the cybercriminals have broken into a network, the goofs that the hackers have made sometimes and which have caused them to get caught, and the mistakes which companies make as well.
“So give people examples of how things can go wrong. Make it fun. Make it entertaining. Put some energy into it. No one wants death by PowerPoint. You know, I’ve been to too many presentations where I want to stick a fork in my eyeball. You know—”I can’t bear this any longer”—and I’m supposed to be interested in the subject!
“So make it interesting for your audience. Make it relatable. Train people—and obviously put the technology in place as well to act as a safety net to further protect them.”
This exclusive interview with Graham Cluley was conducted by Mark Matthews of The Motivational Speakers Agency.
The post Why Cybercrime Is Evolving Faster Than You Think appeared first on European Business & Finance Magazine.
