Cybersecurity expert sees North Korea as biggest threat
The world has been experiencing a cybercrime pandemic since March 2020, and things are only getting worse.
This came last night from Bermuda Captive Conference 2022 keynote speaker Rachel Wilson.
“It is a stressful time to be working in cybersecurity,” said Ms Wilson, managing director, head of wealth management data security and infrastructure risk at Morgan Stanley.
In a speech called Protecting your Assets and Information in the Digital Age, Ms Wilson said one of her biggest worries is North Korea.
“They have made it their national strategy to fund their government and their nuclear missile programme by hacking into banks and stealing,” Ms Wilson said. “We never expected to see a country take that on as a source of their gross domestic product.”
She recalled how in 2016, the North Koreans hacked into Bangladesh Bank, with the goal of stealing a billion dollars. Because of a typographical error they were “only” able to steal $81 million, over the course of a weekend.
“These are not trivial sums they are going after,” Ms Wilson said. “And this was not a one-off for the North Koreans.”
She said the North Koreans have had success to the tune of $3 billion over the last two years.
“That is terrifying from a fraud and financial point of view, but also when you think that money is going towards their nuclear missile programme,” she said.
Organised crime rings also concern her.
“They are using cyber to conduct criminal activity that boggles the mind compared to five years ago,” she said.
But she said some attacks that seem to be initiated by crime rings actually have countries such as Russia, lurking in the background.
She said three years ago 30 to 40 per cent of new bank accounts being created in America were fraudulent.
When Russia invaded the Ukraine in February that number shot up to 95 per cent.
“That doesn’t feel like criminal activity any more,” she said.
She said when many American banks decided to shut down their new account opening flow to stop the fraud, it also stopped Ukrainian refugees from opening new bank accounts in the United States.
“So the Russians accomplished an effective denial of service attack that was never attributed to the Russian government,” she said. “It just looked like well-established criminal activity.”
Previously, Ms Wilson spent 15 years working for the NSA, the American National Security Agency, leading a global enterprise in detecting and disrupting terrorist plots against the United States and its allies.
NSA Cybersecurity prevents and eradicates threats to US national security systems with a focus on the Defense Industrial Base and the improvement of weapons security.
She became the first head of cybersecurity for Morgan Stanley Wealth Management and Investment Technology in April 2017. She called her role at Morgan Stanley her “dream job”.
But she told Bermuda Captive Conference attendees they have to do more to defend themselves and their companies from cyber attacks. She gave several tips to reduce cybercrime incidents in a business.
1. Do not use the same password for every account.
2. Use a password managing app such as Dashlane, or Lastpass to create complex passwords, and then store them in a cryptographically sound way.
3. Install your electronic patches and updates as soon as they are issued.
4. Keep three copies of your data geographically dispersed, with one copy kept off the grid in a place that cannot be touched if someone gets access to your network.
5. Do not wait until you have a problem to look at how to restore your data. Practice restoring from back-ups on a regular basis.
“I have no hope that any of you will leave today doing all of these things,” she said. “My hope is that you will all pick one thing you will do differently. It is about not being the sickest gazelle in the herd.”
The Bermuda Captive Conference was launched by the local market in 2004 to promote, support and grow the island’s captive insurance industry.
The three-day conference is Bermuda’s largest and longest-running industry event, attracting more than 800 delegates, many from overseas.