Imagine you get a message on social media from a trusted friend asking for help with a cause, like helping war refugees in Ukraine or helping hurricane victims. “Just go to this link,” the message says.
Only he is not your trusted friend, but an internet scammer. And instead of going to a reputable charity’s site, you’ve given the scammer access that they can use to steal information, break into bank accounts, or disable your computer — or your company’s network — until you pay a ransom.
Amid the Russian military invasion of Ukraine, cybersecurity experts are on high alert for a rise in scams and cyberattacks, said Zach Eikenberry, co-founder and CEO of Lakeland-based cybersecurity firm Hook Security Inc.
“With any big problem or tragedy that comes along, there will be a series of scams that will immediately hit the market,” he said. “Unfortunately, there are professional scam organizations and they expect this kind of thing.”
There are about 30,000 daily cyberattacks in the US, and that equates to 30 million cyberattacks a year, “among the most common crimes globally,” according to a blog by Hook Security. The “phishing” scam described above, in which a scammer disguised as a trusted friend or company tricks someone into giving them critical access to their network, is one of the most common.
And there is a shortage of the good ones. A July 2020 International Association for Information Systems Security report indicated that 70% of organizations are affected by a shortage of cybersecurity professionals.
This leads to “security professionals suffering from excessive workloads, inadequate skill levels, high turnover, and acute shortages, especially in the areas of security analytics, application security, and cloud security,” according to the report.
‘A bull in a Chinese store’:Audits haven’t been kind to the leader of Polk’s business incubator plan
Co-working space:COhatch plans new workspace in downtown Lakeland, a sign of post-COVID times
‘For the high rollers’:The Florida Lottery now has a $50 Scratch-Off. Who is buying?
Businesses on high alert
In February, before Russia invaded Ukraine, an FBI report obtained by Newsweek magazine urged the US private sector to be prepared for possible state-sponsored cyberattacks to be launched by Russia.
In March, President Biden also warned of cyberattacks in posts on the websites of the White House and the US Cybersecurity and Infrastructure Security Agency. Those websites also post resources to combat disinformation campaigns, another way online handling.
“Russia is going to try to disrupt and disrupt the US economy and other Western state economies, and they’re going to do it through a number of things,” Eikenberry said.
“You will see an increase in what are known as phishing attacks or fake emails, where they are trying to get someone to click on something,” he said. “They try to get their credentials, then they try to get someone to download something because their whole intent is to fail and respond against things like sanctions.”
Hook Security’s core offering is training for employees of companies that provide information technology services to other companies or managed service providers.
“Companies, largely managed service providers (a contractor that remotely manages IT services for another organization), engage with us to train their employees to recognize tampering and also to achieve certain levels of compliance with your organization,” he said.
Hook Security’s clients include Sittadel, a network and computer security company in Lakeland. Co-founder and CTO Joshua Sitta manages information systems for physicians and attorneys in Central Florida, protecting HIPAA privacy regulations for patients and attorney-client privilege.
He understands the threat from Russia amid economic sanctions, which he recalled were similar to the anticipated backlash after the United States began imposing sanctions on North Korea over its nuclear missile tests. At the time, he was working at a Lakeland-based bank to protect its digital infrastructure and customer accounts.
“What is a nation-state going to do when they are losing GDP just by existing? They are going to turn to their cyber weapons to try to steal from an enemy to try and recoup that lost revenue,” Sitta said.
Citing corporate boycotts such as the closure of outlets in Russia by US hamburger and coffee companies, he said: “This has never happened before, so Russia is under more economic pressure than any other country in the midst of conflict. “.
“Then naturally they will turn to cyber activity to get that back,” Sitta said.
The Cybersecurity and Infrastructure Security Agency recently provided a “Protect” notice with domains known for launching CONTI Ransomware (developed by a pro-Russian organization that vowed to retaliate against any US cyber attacks). But that notification doesn’t mean much to the average businessman, he said.
“So we have to figure out what we can do to support people who have no idea what a cybersecurity program looks like,” Sitta said. “That’s where a company like Hook Security can add a lot of value.”
Hook Security, which incorporated in 2019 in Delaware, was nominated for the third annual Entrepreneur of the Year Award held Jan. 12 at Catapult Lakeland, where the firm has an office. The company was recently accepted into Tampa Bay Wave’s inaugural CyberTech, X Accelerator program, which focuses on growing businesses in the cybersecurity space.
The company was named a High Performer in the Spring 2022 G2 Grid report, which listed Hook Security as No. adoption.
The company employs 10 people in the United States but expects to grow once additional venture capital funding is secured, which is anticipated in 60 days to six months, Eikenberry said.
She knows the risk; she can be killed’: Lakeland woman refuses to leave Ukrainian village amid Russian invasion
‘It can literally save someone’:Florida Southern helps Ukrainian student collect supplies
New training approach
An employee of a company can be afflicted with a paralyzing fear of worrying that they will be vilified if they unsuspectingly open a questionable email that brings the company’s servers to a standstill. That fear can affect employee productivity and stress.
Hook Security tries to overcome those fears. They focus on training employees in a way that ensures psychological safety comes first. This is the niche of the company: looking at cybersecurity in a positive and holistic way.
Hook Security is a “cybersecurity software company,” Eikenberry said. “We train people to recognize threats and manipulation. We are the next standard, the next generation of training experiences.”
By ensuring that employees feel safe in the workplace, companies can equip them with the necessary tools to identify cybersecurity threats and raise concerns.
Hook Security can also be considered a “behavioral and psychological science startup,” the company said. His training is designed “to help companies set policies for email and provide on-demand fake social engineering cyberattacks to employees” to help workers avoid falling victim to an attack.
The platform offers online security awareness training, employee phishing tests to determine their readiness for attacks, actionable security threat reports among other employee psychological safety and data reports.
“Psychological safety” is a well-established field of research that has been around for nearly 100 years, but is relatively new to commercial fields. The term applies to psychologically safe corporate cultures.
“Cybercrime wins when there is dysfunction,” said Hook Security co-founder Adam Anderson. The premise of Hook Security’s vision is based on a foundation of effective communication, understanding of the organization’s mission, use of people skills and practice of conflict resolution.
When these things are in place, practical implementation of cybersecurity training can take place, the company said. “Emotional intelligence should come first in any workplace.”
“If your employees are unhappy and ill-equipped to deal with cyber threats, a threat may be coming from within; Revenge cyberattacks are on the rise. And the downside of not having security awareness training: Your entire business is under threat,” Eikenberry said.
“The first thing an organization should do is analyze its culture. We have to go deeper into emotional intelligence and leadership,” he said. “When you decide it’s important to change something, you have to learn how to lead that change.”
The firm identifies three pillars in cybersecurity, Anderson said: “Address psychological security at the core system, address human beings within an organization, and learn from the mistakes we made during the birth of the Internet age.”
Cybersecurity Awareness Tips
In many ways, online scams are the same now as they were when the Internet first launched. The Federal Trade Commission offers the following signs that are often found in scams:
- Scammers pose as a government agency, organization, or charity you know, hiding under a false identity or using similar names and spellings.
- The scammers say there is a problem or a prize. They might say that you owe money or that you won the lottery.
- Scammers pressure you to act immediately before you have time to think, or threaten to arrest you, lose your license, or deport you, or say your computer is damaged.
- Scammers tell you to pay in a specific way, through a money transfer company or by putting money on a gift card, and then give them the number on the back. Or they send you a check, ask you to deposit it, and then send them the money.
There are several federal agencies that can be contacted if a person believes their computer is experiencing a cyberattack, from the FBI to the Secret Service. However, if a person could potentially be harmed by the attack, residents should call 911 to report the incident.
Paul Nutcher can be contacted PNutcher@gannett.com.