In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.
Cybersecurity
Bank Manager Tricked into Handing $35m to Scammers Using Fake ‘Deep Voice’ Tech
Authorities in the United Arab Emirates have requested the US Department of Justice’s help in probing a case involving a bank manager who was swindled into transferring $35m to criminals by someone using a fake AI-generated voice. The employee received a call to move the company-owned funds by someone purporting to be a director from the business. He also previously saw emails that showed the company was planning to use the money for an acquisition, and had hired a lawyer to coordinate the process. When the sham director instructed him to transfer the money, he did so thinking it was a legitimate request.
But it was all a scam, according to US court documents reported by Forbes. The criminals used “deep voice technology to simulate the voice of the director,” it said. Particularly as cashed-based businesses, cannabis organizations could be increasingly susceptible to scams that try to get funds or product fraudulently transferred to criminal actors. Several months ago we reported on scams that were targeting Colorado dispensaries, and the use of deep fake technology could be the next iteration of such scams.
October is Cybersecurity Awareness Month!
As we reported last week, October Is Cybersecurity Awareness Month—previously known as National Cybersecurity Awareness Month—which helps to raise awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are using the overarching theme:
“Do Your Part. #BeCyberSmart.”
This week’s theme has been “Explore. Experience. Share.” In the spirit of sharing, we want to highlight an article from SC Media titled “DoJ wants to know: What are the impediments to working with law enforcement?” During a cyberattack, there is value in contacting the FBI, including recovering ransoms, as the department was able to do in the Colonial Pipeline attack, and being able to pursue encryption keys so victims do not have to pay in the first place. The FBI obtained the keys in the Kayesa attack, providing a universal decryptor weeks after the attack. That being said, it can be a leap of faith for the private sector to involve the FBI, particularly for the cannabis industry that has rightfully earned trust issues with the federal government.
A huge benefit to information sharing organizations is the ability to help facilitate a flow of information between the public and private sector. There are benefits that the public sector can provide from a preparedness and incident response framework, and a primary role of the Cannabis ISAO is to help get those resources to the private sector when needed.
For more on how to raise your organization’s cybersecurity awareness, check out this blog from Gate 15 with some Tips from the Pros!
Physical Security
Data Center in Columbus, Ohio, Evacuated After Bomb Scare Hoax
A data center in Columbus, Ohio, was evacuated last night over a bomb scare. Such bomb threats are not to be taken lightly in light of other recent incidents. Officers reportedly searched the building but didn’t find anything dangerous, and are now investigating the source of the original hoax call. This incident was one of several across the U.S. within the past few days, all of which so far have proven to be hoaxes.
While it is a good reminder to review organizational procedures if you happen to receive a bomb threat (more here) it a good opportunity for your organization to consider what you would do if a bomb, fire, earthquake, cyberattack, or any other event took your data centers offline. How would your operations proceed? Do you have a business continuity plan to address the situation? A key component of business resiliency is thinking through these questions before you have to, and giving your organization proper time to prepare and minimize potential downtime.
Cannabis Security: Combating Internal Theft Amid Adult-use Expansion
As cannabis companies vie for state licensure in Connecticut, Matt Gifford, director of sales for legal cannabis at Bethel-based CustomVault, believes they’ll have to keep a sharp eye on internal theft, as they also protect against external threats. Similar to the situation in medical marijuana, internal loss prevention will likely be the focus of cannabis security systems, Gifford said. Security systems focused on internal theft usually include two redundant and separate alarm systems, card access and video surveillance. By having all these layered systems work in sync, it is possible to diagnose breaches in security, said Gifford. In one internal issue his company dealt with, they were able to audit the systems together to track exactly who was taking the product. An MJBiz Daily article that was updated in April of 2020 cited security experts who work within the cannabis industry when stating that roughly 90% of financial and product loss in the marijuana industry can be chalked up to employee theft. To learn more about insider threats, check out our recently published Library Card Series blog on the topic.
Natural Events
Global Earthquake Safety Movement “ShakeOut” Includes More than 30 Million Participants in 2021
Great ShakeOut Earthquake Drills, a worldwide earthquake safety movement, encourages people to annually practice how to protect themselves during shaking to reduce injuries and even loss of life. In 2021, 30 million people are participating in ShakeOut, with more than 15.5 million holding drills on International ShakeOut Day which happened yesterday, October 21. If you missed it this year, it’s never too late to ensure your business and employees are prepared for the next natural disaster. If you need help developing an earthquake plan for your business, check out Ready.gov’s “Prepare Your Organization for an Earthquake Playbook“.
Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!
Check out the latest blog highlighting issues important to cannabis security!
Tweet