Scammed in Nigeria
I always thought of myself as a seasoned traveler and quite capable of avoiding any major incidents and disasters when on the road. That is, until recently, when I was trying to get on a plane from Lagos, Nigeria to Rwanda!
In the space of 90 minutes I potentially had my two corporate cards, my own personal card and my phone compromised. I could see all of the risks unfolding in front me and even having a good understanding of cyber security and how vulnerable we all are, I still fell into a big trap.
I was so desperate to get an airline ticket, I disregarded all common sense and good cyber practices.
Our African leg of the trip took us to Nigeria, Rwanda and South Africa. Prior to the trip we got the appropriate visas for Nigeria and Rwanda. However, due to the timing of the trip, my Rwandan visa expired the day before I was due to travel there. My travel companions, being from the US and UK had no issues as they could buy a visa on arrival. Being an Irish citizen, I could not.
Never one to be deterred from a challenge, I thought that I could use my charm, my years of sales experience and talk my way onto the plane. My optimism was soon dashed as the chap on the desk referred to a very large manual which listed all the countries that could buy visas on arrival in Rwanda. Ireland was not on the list and he was not going to allow me onto that flight.
So, I waved goodbye to my colleagues and agreed to meet them in Johannesburg a few days later. There was a flight nine hours later, all I needed to do was buy a ticket - that should be easy I thought.
As I was standing trying to find the right airline desk, a knight in shining armor appeared behind me, like he was dispatched by my guardian angel. As it turned out, he wasn’t so much of a knight in shining armor!
As the flight was over 9 hours until departure, the airline desk was not open. But my new-found friend took me to a kiosk at the end of the terminal where I could buy a ticket. The girl behind the desk confirmed the flight and there were seats available.
Excellent news I thought as I handed over my card to her. For some reason, the card was declined on her machine so she tried her other card reader. It also was declined. She tried it several times on each machine but to no avail.
I then gave her my other corporate credit card and got the same result, declined.
I phoned both banks and they confirmed that there was ample credit on the cards and no transactions had come through on their side. As you can imagine, I was starting to get worried at this point. I tried to use my phone to book the ticket but the 3G connectivity in Nigeria is very poor.
At this point my new-found friend is still by my side and trying to help me and he has another fantastic idea...let’s get some cash and he can get me connected to his Wifi hot spot in the airport.
As I was starting to get desperate, I went along with his idea and went to the ATM. I tried both of my corporate cards and they were declined. Nigeria is notorious for credit card fraud but feeling really under pressure to get a flight, I used my personal card and got enough cash to pay him for a password for his Wifi.
Unfortunately, his Wifi hotspot was not working and he somehow disappeared, nowhere to be found. As I looked around at the others in the hotspot I realized that I may have been the victim of a scam. Were these other people logged into my phone? It only takes two minutes to access a mobile device, if you have the skills. I quickly disabled the Wi-Fi on my phone.
For a brief moment, I felt like the Tom Hanks character Viktor Navorski in the movie Terminal - Was I going to be in this airport for a very very long time?
Never one to admit defeat or perhaps in sheer desperation, I went to try and find somewhere to get a better signal on my phone. I eventually did and phoned our HQ in Chicago where one of my colleagues booked the flight for me.
To date, one of my cards has been compromised. I am not sure if that is a result of my experience at the airport or from somewhere else.
Some very good lessons learned and a lot of schoolboy errors that were made in a state of panic by this pro!
Always be CyberAware...
John McGlinchey is the Executive Vice President of Global Certification for CompTIA
Should we all go back to pen and paper?
You will be surprised to hear that I was playing golf at the weekend. As always over the duration of a round, we discussed all manner of things.
On Sunday, one of my playing partners brought up cyber security and how insecure he felt about his personal information and bank details.
He suggested going back to pen and paper and taking all his banking offline, because it's more secure.
We all agreed that this was a silly idea but in truth its not that silly unless we personally get very serious about our online security and staying up to date and ahead of the game.
In relation to our cyber security, we are all feeling insecure at the moment. But I'd like you to think about a time in your lives when you felt most secure. Go ahead and close your eyes for a moment.
Where are you? Are you a child? Are you with a parent or a trusted friend?
Remember how it felt to feel safe and content at that moment in time.
For me it was growing up in Donegal, in the northwest of Ireland. It’s also, by the way, the area National Geographic recently named as "the coolest place on the planet” (I'm so proud of Donegal - You must visit!!)
For me this was a great time, it was a safe time and it was a time when I felt secure.
And now - like when I remember seeing a storm roll in from the Atlantic Ocean back in my childhood home - we live in a time that can feel a lot less secure, don't we?
Consider the U.S. Elections and the alleged meddling by Russia and the hackers reportedly breaking into computer networks of companies operating the United States nuclear power stations, energy facilities and manufacturing plants, according to a new report by The New York Times.
It’s not just companies and organizations that are vulnerable - every person, place and every online device in the world is potentially vulnerable.
I don’t know about you, but back in the 90’s, whenever I used to hear about hackers and viruses, I tuned out.
But now, in the news, it seems we are hearing this happening on a daily basis - we're getting bombarded about the cyber-crime reality that we live in. It can make you feel anything other than secure.
An article in Chief Security Officer Magazine, predicted that damages from cyber-crime will cost the world six trillion dollars a year. The threat of cyber-crime will more than triple the number of unfilled cyber security jobs, which is predicted to reach 3.5 million by 2021.
So that's exactly why we need to become more dedicated to getting not just IT workers, but every worker, involved with protecting and defending apps, data, devices, infrastructure and people.
Cyber-crime is a very real and very scary threat, but I also see this as an opportunity if we embrace it - to help us all feel more secure, to be committed in helping everyone with their cyber responsibilities - to become good cyber citizens and have superior processes in place before a cyber breach is threatened.
We are all imperfectly human and hackers are very skillful at tracking human beings, not computers, and taking advantage of our vulnerability, our weaknesses.
Human error is still the most likely reason for a hack.
Going back to pen and paper is definitely not an option but becoming more aware of our cyber responsibilities is.
John McGlinchey is the Executive Vice President of Global Certification for CompTIA
Uber Effective Communication
A big thank you to Mark Plunkett, one of my valued colleagues at CompTIA for being my guest blogger this week.
John McGlinchey
I count myself very lucky in my role at CompTIA to be able to travel and see some very interesting places in the world.
Recently, within a 5 week spell, I spent only 3 days in Chicago, where I now live. That was a little too extreme. I spent time in California, Seattle, Wisconsin, London, Dubai, Abu Dhabi and Riyadh.
Now these are all pretty different places, there is no doubt about that but I wanted to link them all in some way, and to be honest there are many similarities. One personal to me is that I used Uber in every country and city. As well as this, I managed to engage in some fantastic and interesting conversations with strangers in each place. This is something that is easily done, regardless of language if you are prepared to reach out and put a little effort in.
Now because I work in the Technology industry, it fascinates me to see how people engage with tech around the world, their thoughts around it and how they use it. As you can imagine during the many Uber rides, the subject of technology comes up a lot. Not always driverless cars or new cutting edge innovative ideas, but general everyday questions.
Also, I find people want to know about me and I like to get to know information about them. Many drivers don’t think they are savvy on the subject of technology, yet they still understand the basics and use technology as part of their daily lives. Most have their smart phones showing them directions and getting live traffic updates.
There is something very rewarding about talking to a stranger and finding mutual interests or being educated in areas of potential interest. I used to continually be on my phone in an Uber when travelling, checking email, reading news articles, making calls etc. I now make a conscious effort to have a chat with my driver. You never know where the conversation might go, or what you both may get out of it.
Recently whilst in Seattle, I had a great ‘tech’ conversation. The gentleman driving me was very interested in what I do, and more importantly why I do what I do. So I gave him various facts, and shared some of the stories from my travels and how we’d been able to help various individuals around the world to get a foot in the door in IT, through our certifications.
Incidentally this gentleman’s brother was working in IT and had become siloed within the company and consequently lost his job due to changes. He was now at the cross roads in what to do next and how to make himself more employable. There are so many courses and certifications in the market and it can be quite confusing determining which is most relevant and worthwhile.
I proactively offered up my suggestions and we connected on LinkedIn during the Uber ride.
He has contacted me since and we’ve followed up back and forth, I believe his brother is now interested in pursuing his career in information security and is studying CompTIA’s Security+ and plans to gain the certification as a part of his retraining. This really is just one of many examples of these types of conversations I’ve had and I often wonder what would happen if they didn’t, would people find their natural route anyway, or would they not?
I think everyone needs help, advice, support and information.
Call me old fashioned but I still believe the best way to communicate is to talk to each other. Trust me there are some very good, kind and interesting people out there, but you’ll never know if you don’t look up from your phone more often!
Being able to communicate effectively is that skill that covers pretty much every job, industry and country out there.
It’s so easy to practice too, so next time you are in an Uber or you have the chance, give it a go!
Start talking ..
Mark Plunkett
Mark Plunkett is the Regional Director for Emerging Markets at CompTIA
Cyber Threat or Cyber Opportunity?
News of the most recent high profile cyber breach, that the concession stands in Madison Square Garden were compromised, has just been released.
But it’s not the fact that they were compromised that’s concerning but that the breach was in place for over a year before they even knew about it. This is a trend we are seeing more often this year.
It started me thinking about how organizations look at cyber security - it’s almost always in a negative way. The fear of the hack, the stigma associated, how will my business recover and most importantly my customer’s information will be widely available on the internet.
Behind all this fear and distress there is a genuine opportunity for businesses to move beyond this “roll the dice” conundrum.
Business owners, CEO’s, CIO’s should be considering how they can be the ‘first in class’ with their cyber security and to make that a selling point, a unique selling proposition, a reason why you should trust them and do business with them.
A business who views Cyber Security as the “Gold Standard” will probably have superior customer service, better products and respect your business a lot more. A business that can demonstrate and validate that their systems are impenetrable, could use this standard/benchmark to win contracts, a real way for their business to differentiate themselves from the competition.
As we enter the most intensive shopping periods of the year, either online or in store the pressure among traders and the anxiety among customers will increase. Almost every time I use my card, I think about whether the retailer has sufficient cyber security measures in place and do they have adequately trained and certified cyber technicians to protect my data?
As I have explained in previous posts, this is as much a people issue as it is technology, so are they promoting good cyber citizenship among their employees?
To achieve this “Gold Standard” is not impossible, but consider the peace of mind and the opportunity for the businesses that implemented and achieved that state of nirvana. They would have, the perfect infrastructure, all technicians trained and certified, proper risk management and governance in place, all staff would be aware of their cyber responsibilities and be good cyber citizens and have superior processes in place when a breach is suspected.
We need to come to terms with the reality of our situation, embrace the perspective the situation provides and re-frame it in our mind.
Out of adversity and challenges, opportunities are abound for those with the right cyber security mindset.
Carpe Diem !
John McGlinchey
John McGlinchey is the Senior Vice President of Global Business Development & Products for CompTIA
The long term cost of data breaches
I am just back from a whirl wind tour of India, China and Japan and one topic seemed to dominate every conversation - Cyber Security!
If I was to summarise the points that were raised by all of our colleagues. partners and clients in our many conversations:
- Security breaches are a wake-up call for many organizations
- Usually they do not update their cyber security infrastructure and keep rolling the dice waiting to be hit
- Instead of waiting, organizations must initiate a mechanism of threat sharing
- Cyber threats must be immediately shared so that appropriate security measures can be taken in time
- The stigma of being attacked must be removed
- Government must step up and set best practices for cyber security
- We can’t solve this problem with technology alone
- Essentially it’s a human problem.
- Almost all of the attacks we see are a result of human error
- We all need to become better cyber citizens
When I returned from this exhausting but exhilarating trip I was reading the data from the 11th annual Cost of Data Breach Study (sponsored by IBM), which is recognised as being the industry’s gold-standard benchmark research, independently conducted by Ponemon Institute.
In 2016 alone we have seen breaches with Centene Corporation, the FBI, Seagate, Verizon, the IRS, and LinkedIn to name a few.
This year’s study found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million.
Over a 10-month period, Ponemon Institute researchers interviewed IT, compliance and information security practitioners representing 383 organizations in 12 countries: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (a consolidation of organizations in the United Arab Emirates and Saudi Arabia), Canada and for the first time, South Africa.
While the amounts of money mentioned are staggering and could easily wipe out most businesses there is another cost that many people may not take into account.
When a company suffers a data breach besides losing money they will also suffer huge reputational damage - unfortunately when a company is breached customers and stakeholders see this as a big weakness. Was the company careless, were they not operating proper controls, are they to be trusted?
Often people don't blame the hackers (the thieves) for the breach but they will point a big accusing finger at the organization for being so "careless" - it's your fault!!
This long term damage could turn out to be much more detrimental that the initial financial loss.
Based on the feedback from my "tour" it looks like in too many cases the cyber penny has yet to drop!
John McGlinchey
John McGlinchey is the Senior Vice President of Global Business Development & Products for CompTIA
The game has changed. Are you ready for the fight?
Serious conversations on cyber security are happening in board rooms across the world with many corporate leaders believing they have a strategy in place for dealing with an attack. Yet, conflictingly, further down the chain of command, those at the operational level are not so sure they have enough resources to be secure. How can we forget the last big systems breach when a large American corporation became the target of a foreign government - how humiliating!!
John Stewart, Cisco Chief Security and Trust Officer explains on Bloomberg how the modality of attacks has changed, increasing by a whopping 250% from last year. There is now a greater emphasis on targeting the user. Previously it was a volume play from one site. Some attacks failed but if one was successful, the hackers considered themselves effective. However, now we have two or three attacks from hundreds of different domains. A dramatic change in strategy by the hackers.
What has really helped those trying to exploit weaknesses in our computer systems and networks is that formerly we had a separation between personal and business devices. However, now with BYOD, the lines have morphed and CIO’s are more concerned about malware from private devices getting access to business networks.
Here at CompTIA, we are striving to make cyberspace a safer and more productive place. Security concerns associated with cloud computing and BYOD are covered in our Security+ exam. While more advanced IT security topics are included in CASP (CompTIA Advanced Security Practitioner). IT education and certification are critical in the ongoing battle against the hackers.
Copyright 2015 John McGlinchey. All Rights Reserved.
We are kidnapping your phone and holding it for ransom!!!
Before you dismiss this as a line from a Bond or Sci-fi movie, it’s actually happening here in real life.
Kelvin Mahaffey, CTO, at mobile security company Lookout discussed the threat to mobile phone users on Bloomberg. He emphasized the danger that arises from downloading “bad apps” from untrusted sources.
These apps take control of your phone and all the data you store on there. Even worse, it can take your phone hostage, figuratively kidnap your phone and hold it for ransom. Lookout are serving sixty million android users across the world and 7% of their users in the US have some sort of malware on their phones. The kidnappers then charge you $700 to release your phone .
Keeping your property safe often comes down to common sense, and your smartphone is no different than your PC or home. Taking basic precautions will go a long way toward saving you time and money.
Some simple, and effective advice: use a pin or password and never download apps from untrusted sources.
Copyright 2015 John McGlinchey. All Rights Reserved.
Why Cybersecurity MUST BE your new business priority.
It reads like something from a thriller movie trailer and yet it’s the headline of a recent article in Reuters highlighting what many political and business leaders fear most:
“Destructive hacking attempts target critical infrastructure in Americas”
What’s so remarkable about the most recent hacking attempts in the US, is that the hackers are no longer trying to steal data, instead opting to try to shut down computer networks, delete files or control equipment.
So great is the concern about this, that it was the driver for a recent executive order and proposed legislation to encourage greater information-sharing about threats between the private sector and government.
And yet, in spite of all the growing threat to Cybersecurity, only one in three HR professionals report providing Cybersecurity training to staff.
Is your organization doing everything it can to protect itself?Read more