Running Headfirst Into a Breach The pandemic changed the fortunes of many organisations. Perhaps none so much as Zoom, which has found itself becoming a noun synonymous with any form of video call.
H
owever, its meteoric rise has not been without some hiccups along the way. There have been many cases of people not securing their meetings, leading to many cases of ‘Zoombombing’ in which unauthorised people join video calls with the intention of sharing lewd, obscene or otherwise distasteful content. There was also the case of investors wanting to jump on the Zoom bandwagon who inadvertently purchased stock of Zoom Technologies, a small Chinese company which had nothing to do with Zoom, the video chat platform. Errors and mistakes aside, criminals have also been quick to notice the trend and have been quick to capitalise by registering thousands of fake domains designed to impersonate Zoom and other video conference brands. They have also been using them to send out
phishing links. With the majority of office employees working remotely, receiving Zoom invites or even seeing reminders in their calendar for upcoming Zoom meetings has become a daily occurrence. It is not just phishing via email that has taken off. People working from home usually have several communication channels they use to interact with colleagues, customers, partners and friends. These encompass everything from messaging apps to social media and everything in between. Pulling on Emotions Criminals are very good at crafting messages in a way that pulls on people’s emotions. This can be fear, greed, curiosity, urgency, helpfulness or any other emotion. One of the biggest reasons for this can be understood by Daniel Kahneman who stated in his book, “Thinking, Fast and Slow” that there
Stuart Walsh
Chief Information Security Officer at Blue Stream Academy As part of the supply chain of the NHS and the healthcare industry in general, we recognise our role in securing our users’ data. With the everevolving and rapidly changing threat landscapes we are now faced with, we strive to continually review our security posture to ensure that our employees are our first line of defence against such threats. Using KnowBe4’s Security Awareness Training gives us the assurance that our employees are issued with up-to-date guidance that is relevant to their role, and that their understanding is regularly checked and tested. To learn more about KnowBe4’s Security Awareness Training; please visit www.knowbe4.com and quote: BSAToday 20
are essentially two types of thinking the human brain undertakes. System one is referred to as fast thinking and largely works automatically and effortlessly via shortcuts, impulses and intuition. It is fast, but also error prone. System two is also known as slow thinking. It takes time to analyse, reason, solve complex problems and requires people to exercise self-control. It is slow, but reliable. A good criminal pulls on emotions because it is a surefire way to get people into system one thinking, where they will carry out an action before thinking about it. Think about it. When was the last time you received a scam or phishing attack and the sender was polite and ended with, “please respond whenever is convenient, there’s no rush”? It’s why an inflammatory Tweet or Facebook post receives so much attention and so many responses, even though we often know we should just ignore it. It just presses our emotional buttons and we need to say something. So, it becomes difficult to reign people in - even the most security conscious people can be fooled by a WhatsApp message which pops up saying, “Why aren’t you in the meeting? We’re all waiting for you. Click here to join.”
