Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
From my presentation to the Financial Crime Forum, I discussed a critical issue and oversight in global Cybersecurity and Cybercrime: Attribution, Liability, and Mitigation (AML).
Unlike it’s more familiar namesake, Anti-Money Laundering, ALM in Cybersecurity looks at Attribution, Mitigation, and Liability. Money Laundering may also come into the mix.
This situation is specifically illustrated through a recent harrowing case of a woman who lost her entire savings while purchasing a house and featured on Channel 5 TV. Cybercriminals intercepted email exchanges, altered bank details, and orchestrated a seamless scam, leading to a loss of £120,000.
However, whilst the pain is being felt by all involved, none more so than the unfortunate victim, a chilling fact: the mail servers of the supplier, the victim, and even the bank are all compromised. The servers, maintained by a tech giant, harbour insecure and blacklisted IPv4 addresses. The Access and attack could have exploited any or all servers and parties.
Consequently, the supplier lost a sale, the victim lost her life savings, and the bank now face legal challenges for merely executing a payment request.
Surely, someone must be liable and someone is to blame? 3rd 🥉 party cyber insurance Gerry Kennedy.
This scenario underscores a pervasive issue: the profound lack of competence and understanding in security in the first place closely followed by those investigating such Cybercrimes, namely Attribution, Mitigation, and Liability which are all too often obscured, leaving the true culprits unscathed.
Instead, symptoms are addressed in a futile game of Digital Whack-a-Mole, with false attributions abounding. Legal outcomes become a game of chance, devoid of real knowledge or facts.
This recurring scam highlights a dire need for greater understanding, knowledge, and change.