Cybersecurity training for the Board of Directors in the hospitality industry

The program is beneficial to the Board of Directors and the CEO.

Duration

One hour to half day, depending on the needs, the content of the program and the case studies.

Delivery format of the training program

a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.

Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Terms and conditions.

You may visit: https://www.cyber-risk-gmbh.com/Terms.html

B5. Deception, disinformation, misinformation, propaganda, and the role of the Board.

Overview

Misinformation is incorrect or misleading information.

Disinformation is false information, deliberately and often covertly spread, in order to influence public opinion, or obscure the truth.

Propaganda is a broader and older term. Propaganda uses disinformation as a method. While the French philosopher Jacques Driencourt asserted that everything is propaganda, the term is most often associated with political persuasion and psychological warfare.

Psychological warfare is the use of propaganda against an enemy (or even a friend that could become an enemy in the future), with the intent to break his will to fight or resist, or to render him favorably disposed to one's position.

In deception (according to Bell and Whaley), someone is showing the false and hiding the real. Hiding the real is divided into masking, repackaging, and dazzling, while showing the fake is divided into mimicking, inventing, and decoying.

People are remarkably bad at detecting deception and disinformation.

They often trust what others say, and usually they are right to do so. This is called the “truth bias”. People also tend to believe something when it is repeated. They tend to believe something they learn for the first time, and subsequent rebuttals may reinforce the original information, rather than dissipate it.

Humans have an unconscious preference for things they associate with themselves, and they are more likely to believe messages from users they perceive as similar to themselves. They believe that sources are credible if other people consider them credible. They trust fake user profiles with images and background information they like.

Citizens must understand that millions of fake accounts follow thousands of real and fake users, creating the perception of a large following. This large following enhances perceived credibility, and attracts more human followers, creating a positive feedback cycle.

People are more likely to believe others who are in positions of power. Fake accounts have false credentials, like false affiliation with government agencies, corporations, activists, and political parties, to boost credibility.

Freedom of information and expression are of paramount importance in many cultures. The more freedom of information we have, the better. But the more information we have, the more difficult becomes to understand what is right and what is wrong. The right of expression and the freedom of information can be used against the citizens. We often have the weaponization of information.

The Internet and the social media are key game-changers in exploiting rights and freedoms. In the past, a secret service should work hard to get disinformation in the press. Today, the Internet and the social media give the opportunity for spreading limitless fake photos, reports, and "opinions". Many secret services wage online wars using Twitter, Facebook, LinkedIn, Google+, Instagram, Pinterest, Viber etc. Only imagination is the limit.

Social media platforms, autonomous agents, and big data are directed towards the manipulation of public opinion. Social media bots (computer programs mimicking human behaviour and conversations, using artificial intelligence) allow for massive amplification of political views, manufacture trends, game hashtags, add content, spam opposition, attack journalists and persons that tell the truth.

In the hands of State-sponsored groups these automated tools can be used to both boost and silence communication and organization among citizens.

Over 10 percent of content across social media websites, and 62 percent of all web traffic, is generated by bots, not humans. Over 45 million Twitter accounts are bots, according to researchers at the University of Southern California.

Machine-driven communications tools (MADCOMs) use cognitive psychology and artificial intelligence based persuasive techniques. These tools spread information, messages, and ideas online, for influence, propaganda, counter-messaging, disinformation, espionage, intimidation. They use human-like speech to dominate the information-space and capture the attention of citizens.

Artificial intelligence (AI) technologies enable computers to simulate cognitive processes, such as elements of human thinking. Machines can make decisions, perceive data or the environment, and act to satisfy objectives.

The rule of the people, by the people, and for the people, requires citizens that can make decisions in areas they do not always understand. When citizens understand the online environment, they will be way more prepared to protect their families, their working environment, and their country.

Target Audience

The program is beneficial to the Board of Directors and the CEO.

Duration

One hour to half day, depending on the needs, the content of the program and the case studies.

Delivery format of the training program

a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.

Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Terms and conditions.

You may visit: https://www.cyber-risk-gmbh.com/Terms.html

B6. Cyber espionage, intellectual property theft, and the role of the Board.

Overview

Intelligence is the collection of information that have military, political, or economic value.

Intelligence refers to both:

- information that is collected by clandestine means,

- information available through conventional means.

Espionage is a set of intelligence gathering methods.

The Oxford’s English Dictionary defines espionage as “the practice of spying or of using spies, typically by governments, to obtain political and military information.”

The Merriam-Webster's Dictionary has a slightly different opinion. Espionage is “the practice of spying or using spies, to obtain information about the plans and activities especially of a foreign government or a competing company.”

The U.S. Federal Bureau of Investigations (FBI) defines economic espionage as "the act of knowingly targeting or acquiring trade secrets to benefit any foreign government, foreign instrumentality, or foreign agent."

According to the 2019 Situation Report of the Swiss Federal Intelligence Service (FIS): "Espionage is driven by a variety of different motives and has more than one aim. For example, states strive, using information obtained by their intelligence services, to gain a fuller picture of the situation in order to improve the effectiveness of their actions.

It can furthermore be observed that information is increasingly being procured with the aim of influencing (in so-called influence operations) or damaging the actions of rivals. Both can be achieved through the selective publication of information. The aim of such activities is often to weaken the cohesion of international groups or institutions and thereby to restrict their ability to act."

Cyber is a prefix used to describe new things that are now possible as a result of the spread of computers, systems, and devices, that are interconnected. It relates to data processing, data transfer, or information stored in systems.

With the word cyber we also refer to anything relating to computers, systems, and devices, especially the internet.

The prefix cyber has been added to a wide range of words, to describe new flavors of existing concepts, or new approaches to existing procedures.

Intelligence gathering involves human intelligence (HUMINT - information collected and provided by human sources), signals intelligence (SIGINT - information collected by interception of signals), imagery intelligence (IMINT), measurement and signature intelligence (MASINT), geospatial intelligence (GEOINT), open-source intelligence (OSINT), financial intelligence (FININT), etc.

HUMINT is the oldest form of intelligence gathering. Cyber-HUMINT refers to the strategies and practices used in cyberspace, in order to collect intelligence while attacking the human factor.

Cyber-HUMINT starts with traditional human intelligence processes (recruitment, training, intelligence gathering, deception etc.), combined with social engineering strategies and practices.

Cyber espionage includes:

- unauthorized access to systems or devices to obtain information,

- social engineering to the persons that have authorized access to systems or devices, to obtain information.

Cyber espionage involves cyber attacks to obtain political, commercial, and military information.

Cyber espionage and traditional espionage have similar or the same end goals. Cyber espionage exploits the anonymity, global reach, scattered nature, the interconnectedness of information networks, the deception opportunities that offer plausible deniability.

Economic and industrial espionage, including cyber espionage, represents a significant threat to a country’s prosperity, security, and competitive advantage. Cyberspace is a preferred operational domain for many threat actors, including countries, state sponsored groups, the organized crime, and individuals. Artificial Intelligence (AI) and the Internet of Things (IoT) introduce new vulnerabilities.

Cyber economic espionage is the targeting and theft of trade secrets and intellectual property. It is usually much larger in scale and scope, and it is a major drain on competitive advantage and market share.

According to Burton (2015), cyber threats can be classified into four main categories: Cybercrime, cyber espionage, cyberterrorism, and cyber warfare.

Cybercrime is crime enabled by or that targets computers. Criminal activities can be carried out by individuals or groups who have diverse goals such as financial gain, identity theft, and damaging property. Usually cybercrime is financially motivated.

Cyber espionage activities are conducted by state-sponsored cyber attackers "for the purpose of providing knowledge to the states to obtain political, commercial, and military gain" (Burton, 2015).

According to Denning, cyberterrorism is “the convergence of cyberspace and terrorism" that covers politically motivated hacking and operations intended to cause grave harm such as loss of life or severe economic damage.

Cyber Warfare involves the use of computers and systems to target an enemy’s information systems. The use of cyber power in military operations is an important force multiplier. Since the armed forces are highly dependent on information technologies and computer networks, disruption of these systems would provide great advantages.

Cyberspace is regarded as the fifth domain of warfare after land, sea, air, and space. NATO Secretary General Jens Stoltenberg announced in June 2016 that “the 28-member alliance has agreed to declare cyber an operational domain, much as the sea, air and land are”.

According to the 2019 Situation Report of the Swiss Federal Intelligence Service (FIS): "Espionage operations which have come to light reveal that cyber tools and other communications reconnaissance instruments are being used in parallel and in interaction with human sources.

Depending on the objective, information is also being procured exclusively via cyberspace. The latter has gained in importance insofar as the use of cyber-based information-gathering tools has proven successful for many actors.

Cyber espionage is difficult to detect, the perpetrators can hardly be successfully prosecuted, as the purported country of origin does of course not help to elucidate the affair and determination by the means of intelligence of the origins of the cyber-attack (ʻattributionʼ) can simply be denied based on the lack of provability."

A major challenge today is the lack of awareness and training. Many organizations and companies continue to believe that cyber security is a technical, not a strategic discipline. They believe that cyber security involves the protection of systems from threats like unauthorized access, not the awareness and training of persons that have authorized access to systems and information.

Target Audience

The program is beneficial to the Board of Directors and the CEO.

Duration

One hour to half day, depending on the needs, the content of the program and the case studies.

Delivery format of the training program

a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.

Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Terms and conditions.

You may visit: https://www.cyber-risk-gmbh.com/Terms.html

B7. Steganography in business intelligence and intellectual property theft, and the role of the Board.

Overview

Steganography is the art and the science of concealing a message, image, or file within another message, image, or file, and communicating in a way that hides the existence of the message and the communication. For example, a message can be hidden inside a graphic image file, an audio file, or other file format, in a way that it is difficult for steganography experts and impossible for all the others to find it.

The word steganography comes from the Greek words στεγανός (covered or concealed) and γράφω (write). Payload is the data that has been hidden, and carrier is whatever (like a file) hides the payload.

Steganography is different from cryptography. Cryptography is the art of secret writing, it makes a message unreadable by a third party, but it does not hide the existence of the message. Steganography is about concealing the message.

It is relatively easy to identify an encrypted file, but it is usually not so easy to decrypt it. The analysts might be able to identify the encryption method by examining the file header, identifying encryption programs installed on the system, or finding encryption keys (which are often stored on other media).

With steganography, everything is more complex and difficult. The analysts must first find the file that hides another encrypted file (looking for multiple versions of the same image, identifying the presence of grayscale images, searching metadata and registries, using histograms, and using hash sets to search for known steganography software), then the analysts might be able to extract the embedded data, and they still have to find the encryption key (as the hidden file is usually encrypted too).

Steganography can be very useful. Using digital watermarking, an author can embed a hidden message in a file so that ownership of the intellectual property can be proved. Artists can post artwork on a website, and if others claim the ownership of the work, the artists can prove ownership as they can recover the watermark. Steganography has also a number of nefarious applications. Criminals can easier hide records of illegal activity and financial crimes, and terrorists can easier exchange messages.

Steganalysis is the analysis of steganography, and involves the detection of hidden data, the extraction of the hidden message, and sometimes the alteration of the hidden message so that the recipient cannot extract it, or receive a different message.

Many steganalysis tools are signature-based (similar to antivirus and intrusion detection systems). There are also anomaly-based steganalysis systems, more flexible and better for new steganography techniques.

New complex steganography methods continue to emerge. Spread-spectrum steganography methods are similar to spread-spectrum radio transmissions (where the signal is spread across a wide-frequency spectrum rather than focused on a single frequency, in an effort to make detection and jamming more difficult). In spread-spectrum steganography, small distortions to images are less detectable in bright colors, so the hidden message is stored in bright colors only, not each color. You can also check the Biosteganography link at the top of the webpage.

Case study, steganography used in espionage, organized crime, and terrorism.

Consider the following scenario. Every Friday afternoon (for the target's time zone) a member of a foreign state-sponsored group puts an item for sale on eBay, and posts a photograph of the item. The item for sale is real, and it will be sold according to the rules of eBay. Bids are accepted, money is collected, and items are delivered. The photograph of the item hides a message, but this is just one from so many millions of photos that can be found at eBay. Anybody in the world can download the photo, but only members of the same foreign state-sponsored group know how to extract the encrypted message and how to decrypt it.

What can we do?

Corporate security and acceptable use policies, that detail what employees are authorized to do within the corporate environment, can always help and must be in the first line of defense. Awareness training for all employees, that explains the reasons they have to respect policies and includes the modus operandi and risks of steganography attacks is of paramount importance.

User policies explain what is prohibited, and they provide an organization with the legal means to punish or prosecute violators.

We must clearly explain in policies that every line of code or piece of software that is not approved, is strictly prohibited. In this way, we will avoid most of the following:

- anti-forensics tools (used to thwart digital forensic investigations, like drive wiping tools, cache and history erasers, file property and time alternators, VPNs, e-mail, and chat log erasers),

- encryption or steganography tools (there are over 1,000 free steganography tools online, most of them very dangerous for everybody that downloads the "free" tool, or even visits these websites. In some websites we read: "This application does not require installation. You can copy the program files to an external data device, so as to run it on any computer you can get your hands on, with just a click of the button. It is not adding new items to the Windows registry or hard drive without your approval, as installers usually do, and it will not leave any traces behind"),

- exploit kits (programs designed to exploit a known vulnerability in a piece of software or online resource. They are often distributed as a package, which will enable attackers with limited knowledge to launch a sophisticated attacks),

- toolkits (that enable unsophisticated users to construct new malware applications, sometimes not detectable by standard signature-based virus scanning engines),

- keyloggers (designed to covertly monitor keystrokes on a device. Once a device has been compromised, all keystrokes, including passwords, can be monitored, and recorded),

- password cracking tools (designed to break password-protected files and accounts),

- sniffers (that capture and analyze network traffic. Many protocols, including FTP and chat, are not encrypted. These programs obtain cleartext information, and also collect packets that can be used to crack network passwords and find protected files, servers, and user accounts),

- spyware tools (for industrial espionage, unauthorized monitoring, and collection of proprietary data),

- piracy tools (that allow users to bypass copyright protection in various forms of media, making illegal copies, and saving to a storage medium).

There are unlimited methods of steganography, only imagination is the limit. We usually learn about encrypted messages hidden in large files (images, sound files, videos etc.), and nothing more. Although steganography is usually considered a technical problem, it is not. It is also a business intelligence (or just intelligence) problem. If we do not know where to look for hidden messages, it is very unlikely to find them. Only the cooperation of the public and the private sector can protect against these security threats.

Target Audience

The program is beneficial to the Board of Directors and the CEO.

Duration

One hour to half day, depending on the needs, the content of the program and the case studies.

Delivery format of the training program

a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.

Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Terms and conditions.

You may visit: https://www.cyber-risk-gmbh.com/Terms.html

B8. Cyber Proxies and the role of the Board.

Overview

The word proxy is interesting. In Latin, procuro means manage, administer - from pro (“on behalf of”) and curo (“I care for”).

Today a proxy is a person or entity who is authorized to act on behalf of another person or entity.

Countries expand their global intelligence footprint to better support their growing political, economic, and security interests around the world, increasingly challenging existing alliances and partnerships. They employ an array of tools, especially influence campaigns, to advance their interests or undermine the interests of other countries. They turn a power vacuum into an opportunity.

Countries use proxies (state-sponsored groups, organizations, organized crime, etc.) as a way to accomplish national objectives while limiting cost, reducing the risk of direct conflict, and maintaining plausible deniability.

With plausible deniability, even if the target country is able to attribute an attack to an actor, it is unable to provide evidence that a link exists between the actor and the country that sponsors the attack.

According to Tim Maurer, proxy is an intermediary that conducts or directly contributes to an offensive cyber operation that is enabled knowingly, actively or passively, by a beneficiary who gains advantage from its effect.

Cyber proxies are valuable actors in political warfare. This is the employment of military, intelligence, diplomatic, financial, and other means, short of conventional war, to achieve national objectives. It encompasses the exploitation of computer networks and platforms, electronic warfare, psychological operations, and information operations.

For some countries, the main battlespace is the mind. With information and psychological warfare, these countries can morally and psychologically depress the enemy’s armed forces personnel and civil population.

In 2019, the United States spent $732 billion on defense, compared to Russia’s $65.1 billion. It is obvious that Russia and other countries in similar position will try to find less expensive means to counter big, expensive U.S. weapons and systems. Cyber espionage is especially economical when countries conduct activities through proxies.

Countries actively create fertile grounds for malicious activities to occur. Cyber actors (which include cyber criminals, hacktivists, and political, economic and religious groups) are continually operating from within the sphere of influence of the sponsoring country with the understanding that their illegal activities will be tolerated, as soon as they will also support the objectives of the sponsoring country.

As John Carlin, former Assistant U.S. Attorney General for National Security has stated, what you’re seeing is the world’s most sophisticated intelligence operations when it comes to cyber espionage, using the criminal groups for their intelligence ends, and protecting them from law enforcement.

Cyber threats posed by cyber proxies must be managed, and the laws must be changed in this area. Publicly attributing malicious cyber activity to a country in a timely manner and holding that country accountable is difficult, but necessary. If international law is unable to solve these problems, national policies will ignore international law and confront cyber adversaries through rapid attribution and offensive countermeasures, to deter future aggression.

COVID-19 and cyber proxies

The COVID-19 pandemic has disrupted life worldwide, with far-reaching effects that extend well beyond global health to the economic, political, and security spheres. The economic and political implications of the pandemic will ripple through the world for years. It is raising geopolitical tensions, and many countries try to take advantage of the situation and increase their influence.

The economic fallout from the pandemic is likely to create or worsen instability in many countries, as people face challenges that include economic downturns, job losses, and disrupted supply chains. Some hard-hit developing countries are experiencing financial and humanitarian crises, increasing the risk of surges in migration, collapsed governments, or internal conflict.

The COVID-19 pandemic is prompting shifts in security priorities for countries around the world. As the public and the private sectors try to cut budgets, gaps are emerging in training and risk management. These gaps are likely to grow.

Cyber proxies consider the Covid-19 pandemic a major opportunity to spread a cyber pandemic and infodemics (disinformation campaigns that use the pandemic as a vector). They can influence citizens around the world to question the policies in many countries and divide the population. They can also attack the health care sector and the institutions involved in the management of the crisis, to make governments weaker in responding to the crisis.

Cyber proxies love the new "work from home" policies, and the exponential digitalization of our lives for work, education, communication and entertainment. Moving activities online creates new opportunities for malicious actors.

Target Audience

The program is beneficial to the Board of Directors and the CEO.

Duration

One hour to half day, depending on the needs, the content of the program and the case studies.

Delivery format of the training program

a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.

Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Terms and conditions.

You may visit: https://www.cyber-risk-gmbh.com/Terms.html