SEC URIT Y F E AT URE
THE SLOWEST BUFFALO IN THE HERD By Simon Pollack, Security Professional
You know that moment in a wildlife documentary, the one where the lions identify the slowest buffalo in the herd, then launch their attack. Have you ever stopped to consider what it’s like to be that buffalo? You weren’t always the slowest. Once upon a time, there were other, slower buffalos, however they’ve been picked off over time, or they’ve become smarter, or faster, till the only thing standing between those lions and their lunch is your ability to escape. Cyber Security is a lot like that, with cyber criminals targeting whichever industry makes for the easiest pickings, and as various industries improve their security posture, the criminals move onto to the next easiest targets. Right now, real estate seems to be the slowest buffalo in the herd.
Before that construction, maritime, and healthcare were being targeted until they improved their security posture. In the attacks currently targeting real estate and conveyancing, cyber criminals are inserting themselves in the middle of email conversations and online transactions to modify bank account details when settlement funds are being transferred. The process isn’t all that complicated, or all that sophisticated, the attacker takes control of the conveyancer or selling agent’s email account, creates a rule to move any emails relating to a particular transaction then modifies bank
account details and responds as though they are the conveyancer. The funds get deposited into the hacker’s bank account and the crime is only detected when the funds fail to appear in the receiver’s bank account. Be it because we’re hidden by the rest of the herd, or because there are juicier targets than us, the physical security industry has been relatively untouched by targeted cyber-crime thus far. As an industry, there tends to be a lack of understanding of cyber risk, a general failure to consider ourselves to be a target for attack and a “she’ll be right mate” attitude. All of this has left us well and truly stuck in the cyber dark ages. The buffalo model has three components – the lion, the buffalo, and the delicious buffalo steak dinner, or said another way, an attacker, a victim, and a prize. THE LION Like the lion, financially motivated cyber criminals don’t really care who their target is, their concern is the size of the payoff, the amount of effort required to achieve that payoff, and the risk of harm. There’s some great work being done by law enforcement and government to take down criminal
About the Author: Simon Pollak is a security professional with more than 25 years’ experience in physical and cyber security, smart buildings and automation systems. A licensed security consultant and CISSP, he holds a Masters of Cyber Security, a Masters of Business Administration (Technology), and is an ASIAL Fellow.
30 S EC U R I T Y I N S I D ER | AU G/ SEPT 201 8