The holiday season is coming up, so Michael D. Moore, founder and CEO of Southlake-based cybersecurity firm M3 Networks, wants businesses to be extra vigilant.
“If you take your eye off the ball so much as to buy Christmas presents for your kids and don’t pay attention to your business, your bank account, your invoices, your email, or any number of things that you need to pay attention to, the bad guys are going to be doing their business on you,” he said.
According to the FBI’s Internet Crime Complaint Center, the agency received a total of 800,944 reported complaints, with losses exceeding $10.3 billion in 2022. While the total number of complaints decreased by 5%, the cost of those losses increased significantly by 49%. The FBI reported that phishing schemes were No. 1 with 300,497 complaints. Phishing schemes are emails that appear to be from a legitimate source but are seeking a company’s or an individual’s data. For the first time, investment schemes reported the highest financial loss to victims.
In Texas, the FBI reported the top cybercrimes reported were personal data breaches, non-payment or non-delivery of goods or services and extortion.
This year may be particularly difficult as cybercriminals are getting smarter, using artificial intelligence tools like ChatGPT to increase their effectiveness, according to Moore.
“The hacker could have a fifth-grade education on how to code, but I could have a doctorate level implementation of it, because I can use chat GBT or other AI tools,” he said. “That makes the job of somebody who’s out there trying to defend people much more difficult. And it makes the job of somebody out there trying to destroy people much easier.”
The other trend that Moore has noticed is that hackers are getting more patient.
He recently worked with a company that lost an estimated $4 million through a hacker or group of hackers that spent months setting up fake domain names and reading company emails until they knew how to siphon off more funds.
“It wasn’t like they hacked in, took something and left,” Moore said. “It started with a very simple thing as they did not have multi-factor authentication enabled on every single system, including they didn’t have multi-factor authentication enabled on their email.”
The hackers created alternative accounts and, in a coordinated attack, gained access to $4 million, not just from the company, but from the company’s employees and vendors.
“It’s taken us months, but we’ve got them up and running again, but a lot of companies couldn’t have survived something like that,” said Moore. “This is the new age. The criminals are more patient than the company.”
So far in 2023, there have been an estimated nine high-profile data breaches. Moore cited the mass hack of the file transfer tool, MOVEit, that impacted more than 200 organizations and 17.5 million individuals as one that could still impact businesses.
“This was a major attack, and this was a file-sharing tool that was used at multiple federal agencies and in many education systems as well,” Moore said.
A ransomware organization affiliated with Russia has claimed responsibility for the attack. That, Moore said, is another reason he sees cybersecurity issues increasing.
“A lot of these state-backed, state-affiliated groups are out there,” he said. “It’s an entire cyber-attack army trying to do as much damage to small business as they can.”
Moore said the average company owner he meets with thinks they have a good computer security plan with antivirus software and a firewall.
“That’s from the early days of computing,” he said. There’s still this thought process, that the technology that would help you from the 1980s is still the same technology that would help you in 2023 and beyond. And that’s just not true.”
Michael Moore’s advice for cybersecurity
- Do a risk assessment at least once a quarter on your business. “Even if you don’t have a business, you need to be doing that type of thing on a regular basis and keeping your antenna up.”
- Don’t be a happy clicker. “Be skeptical of that ad. Be skeptical of that link. Don’t just click everything and hope things are going to go well.”
- Use complex passwords everywhere. “Use a different password everywhere, use multifactor authentication (a multi-step login process that involves more than just a password) when you can.”
- Enable people that you can trust to help. “Find someone, like us, good at cybersecurity, to influence you and help you change your behavior so these things don’t happen in the future.”
Bob Francis is business editor for the Fort Worth Report. Contact him at firstname.lastname@example.org.
At the Fort Worth Report, news decisions are made independently of our board members and financial supporters. Read more about our editorial independence policy here.