That New Guy: Helper Or Hacker? Keep Your Camera On In Teams Meetings
The security reason you should keep all cameras on in Team meetings is one that may seem straightforward, but its implications are far-reaching and unsettling. The recent cyberattacks on major UK retailers, including The Co-Operative Group, Marks & Spencer, and Harrods, have left half a billion pounds wiped from M&S' value and Co-op stores with empty shelves. While the details of the hackers are still unclear, it's clear that these attacks have exposed vulnerabilities in the IT departments of these companies.
Perhaps the attackers were North Korean remote workers who had obtained their positions with fake resumes? Or maybe they were sophisticated cybercriminals who infiltrated the IT departments through coordinated schemes to secure remote overseas jobs for foreign nationals. Whatever the case, it's clear that the hackers used social engineering tactics to gain access to the systems.
The UK National Cyber Security Centre (NCSC) has warned firms to reassess how their IT help desks authenticate staff members before resetting passwords, especially senior employees with access to high-level parts of an IT network. This is a classic example of a social engineering hack that has been used countless times in the past.
A Simple Solution? Biometric Authentication
So, what can be done to prevent these types of attacks? One solution is to use biometric authentication, such as facial recognition, voice analysis, and behavioral biometrics. This technology can detect AI fakes until those fakes get better.
However, instead of investing in AI to outsmart the attackers, we should focus on using tried and tested technologies that cannot be faked: digital signatures. Digital signatures are a secure way to verify the identity of individuals and ensure the authenticity of transactions.
The Problem with Cameras
Many companies have recently ordered employees to keep their cameras on during remote work meetings, as part of their response to these types of attacks. However, this may not be enough to prevent hackers from sitting in on internal meetings and gaining valuable information about internal systems.
Ai-generated video feeds can already fool co-workers and has been used for nefarious purposes for years. For example, Arup lost $25 million to fraudsters who used an AI to impersonate the company's chief financial officer during a video conference call.
The Deepfake Threat
Deepfakes like this are becoming increasingly pervasive and not just limited to banking and retailing. The owner of a London art gallery lost £30,000 after spending months negotiating an exhibition with a fake Pierce Brosnan. In another UK case, a woman was arrested after allegedly dressing up in a series of wigs and disguises to take citizenship tests on behalf of at least 14 other people using "doctored ID documents" to evade detection.
A Solution for the Future
So, what can we do to stay ahead of these types of attacks? Firstly, we need to invest in digital signatures and verifiable credentials with strong biometric authentication. This will ensure that transactions are secure and that the identity of individuals is verified.
Secondly, we need to prioritize two-factor authentication over passwords. This will make it much harder for hackers to gain access to our systems.
Lastly, we need to focus on storing sensitive information in tamper-resistant storage solutions, such as encrypted and digitally-signed transcripts, and ensuring that cryptographic keys are securely stored in mobile phones.
The Red Queen's Race
The problem is that it's a red queen's race. The hackers will always try to stay one step ahead of us by using the latest technology to fake their identities and gain access to our systems. But we can't keep playing catch-up with AI.
We need to evolve our use of tried and tested security infrastructure to thwart the modern hacker armed with deepfakes. By investing in digital signatures, verifiable credentials, and two-factor authentication, we can stay ahead of these types of attacks and ensure that our transactions are secure.