Cyber Crimes and Security- Minutes with Adam Levin

The world has witnessed a significant rise in cybercrime in recent years, with malicious actors constantly evolving their techniques to exploit vulnerabilities. From sophisticated phishing schemes to ransomware attacks and supply chain compromises, cybercriminals have become adept at bypassing traditional security measures, posing significant threats to all industries and individuals.

As the cyber threat landscape expands, authorities and cybersecurity professionals have diligently worked to stay one step ahead. From increased collaboration between public and private sectors to developing predictive analytics and artificial intelligence-driven security solutions, authorities have been striving to thwart cybercriminals at every turn.

Today, we have Adam Levin with us for a brief discussion about evolving cyber crimes and their defense. Levin is a consumer advocate, author, and host of the podcast ‘What the Hack with Adam Levin.’ He is also the founder of CyberScout and the co-founder of Credit.com.

Levin also works as a print and digital journalism commentator in the New York Times, Associated Press, the Wall Street Journal, the Los Angeles Times, USA Today, and the Chicago Tribune.

Question 1: Hi Adam, we would first love to know the motivation behind working for cyber security with such dedication?

Levin: I worked in consumer advocacy and consumer protection long before cybersecurity was a concept; the Internet was in its infancy and computers were giant beasts that were housed in universities and government labs. As that same technology became nano-sized and ubiquitous in a wide array of products and services, it became clear that companies providing the tech weren’t motivated sufficiently to protect consumers, while at the same time criminals were very motivated to fleece them .

I’ve always believed that an informed consumer is a safer citizen. Education and commerce were always linked in every venture I’ve started. At the end of the day, economic security and productivity depend on good cybersecurity. These two basic facts were the starting point for both companies I founded in this space. Whether it was consumer credit, identity theft prevention to cybersecurity insurance or cyber protection programs offered as a perk of employment the goal has always been to teach folks how to be their own best protection against the vulnerabilities associated with digital life.

Moving from consumer protection to cybersecurity wasn’t really a move: Consumers are most in need of protection against all the new ways that their digital lives can be stolen, exploited or even used against them. You can’t stop crime, on- or offline, but education can harden the defenses of the people, places and things that criminals target.

Question 2: What role do AI and machine learning have in enhancing our cyber defense capabilities?

Levin: AI and machine learning already play a major role in cybersecurity and cybercrime. It helps training systems recognize and respond to incoming threats, and removes the weakest link in cybersecurity: people. AI will never be on a lunch break when unusual network or financial activity appears. While it will never replace humans entirely, it will do most of the heavy lifting.

AI is also used in the commission of online crime. Whether it’s used to generate more convincing email messages less likely to be recognized by anti-spam services and humans alike or sifting through potential targets to find the best mode of attack, criminals are becoming increasingly more adept at prompting AI bots into helping with their criminal activity. AI can also be used to figure out passwords. Likewise, a machine learning program can look at a list of compromised passwords readily available online and accurately guess what other variations their targets are likely to use on their accounts.

The digital equivalent of an arms race in the deployment of AI is well underway. Consumers need to be vigilant. Always expect the worst, and prepare for catastrophe. When nothing happens, you will have peace of mind knowing your defensive stance may be the reason.

Question 3: What is the first thing one must do being an incident response manager in case of a cyber attack?

Levin: The response depends on the target, but the first step will always be to understand the nature of the attack and the potential damage caused by it. The second step will always be containing the compromise as quickly as possible.  

Question 4: How are the cyber risk management efforts integrated into the organization’s overall business strategy and decision-making process?

Levin: Cybersecurity in general and risk management in particular needs full buy-in at every level of an organization. Humans can be an organization’s best defense and its biggest liability. Having safeguards in place and meeting IT compliance requirements is both time- and resource-intensive, but it needs to be prioritized. We’re talking about the prevention of extinction-level events. The stakes couldn’t be higher.

Question 5: What are your thoughts about Quantum cryptography and its use in future encryption available to common people?

Levin:

Question 6: How can threat intelligence sharing and collaboration between organizations and government agencies help stay ahead of cyber threats?

Levin: Intelligence sharing and collaboration between organizations and government agencies is essential because they’re facing the same threats. The SolarWinds and MOVEit vulnerabilities impacted both. Government agencies use software and equipment made by private entities, and private entities depend on law enforcement from government agencies, so there should be a lot of back and forth between the two.

Question 7: What role do you think encryption plays in safeguarding sensitive data, and are there any emerging encryption technologies that you believe are promising?

Levin: Encryption still plays a key role in protecting data; the push to implement SSL across much of the web was important. Financial transactions and communication rely heavily on encryption to maintain security and privacy. I have no doubt that the encryption technology for post-quantum life will work. That said, the encryption we currently rely on has the potential to be cracked. New algorithms to protect data against quantum computing should be the highest priority for researchers.

Question 8: How do you see the future of cyber crimes? What would be the most prevalent techniques used and sectors targeted?

Levin: We will continue to see the “as-a-service” syndicates, which open cybercrime to non-expert threat actors. I also worry about attacks on infrastructure; the security protocols aren’t where they should be and a potential attack on energy grids, water treatment facilities etc. could have both expensive and deadly consequences.