Updated on: August 16, 2024
Information is the new gold. Whether you’re a business or an individual, cybercriminals are always finding new ways to breach your security defenses and steal your sensitive data.
It takes one data breach to compromise your financials and personal information.
So, how can you secure your online privacy and security beyond the mainstream advice found all over the internet, that hackers already know as much as you do?
In this new interview series by Safety Detectives, we bring you exclusive insights from top executives and leading cybersecurity professionals. Join us as they share expert tips, real-world experiences, and untold truths about protecting and securing your valuable information.
Our guest today is Wilson Wong, Managing Director at Condition Zebra.
With over 21 years of work experience in management, information security, network security, and marketing, Wilson co-founded Condition Zebra with the aim of reducing operational, legal, and financial threats. He has held various leadership positions at Condition Zebra (M) Sdn. Bhd. and Wordware Distributors, specializing in IT security services and cybersecurity.
Condition Zebra offers Information Security training programs for IT teams from various industries and security testing (pentest) on company networks, mobile, and web applications. They have been accredited by CREST for Penetration Testing services in 2020 and won Cyber Security Education And Training Provider of The Year 2015.
To start, can you share the story of what inspired you to pursue your professional path?
When I was pursuing my cybersecurity certifications business, I noticed a significant gap in the market. Many of my clients, after receiving training, expressed a need for comprehensive cybersecurity services to protect their systems and data. Recognizing this demand, I saw a tremendous opportunity to expand my offerings. This realization inspired me to dive deeper into the field and establish a business dedicated to providing robust cybersecurity solutions. It’s been incredibly rewarding to help organizations secure their digital environments and navigate the complex landscape of cyber threats.
What are all the pain points you solve and for whom? Explain it in simple terms.
We address the critical need for comprehensive cybersecurity solutions for businesses of all sizes. Our services, including vulnerability assessments and penetration testing, identify and mitigate potential security risks, ensuring that companies can protect their sensitive data and maintain trust with their customers.
By proactively identifying weaknesses, we help businesses prevent costly data breaches and ensure compliance with industry regulations.
What was a pivotal moment in your life/career that shaped your views on cybersecurity and privacy?
A pivotal moment was witnessing the aftermath of a significant ransomware attack on a client’s business. The disruption and financial loss they experienced underscored the importance of proactive cybersecurity measures. This incident reinforced my commitment to helping organizations fortify their defenses and educate them on the evolving threat landscape.
What are the most overlooked cybersecurity and online privacy threats that you see affecting end users? Why are these threats particularly concerning?
One overlooked threat is the rise of social engineering attacks, where cybercriminals manipulate individuals into divulging confidential information. These attacks are concerning because they exploit human psychology rather than technical vulnerabilities, making them harder to defend against. Additionally, the increasing use of IoT devices presents new security challenges due to their often weak security protocols.
💸 According to IBM’s 2022 Cost of a Data Breach report, social engineering attacks cause an average loss of $4.55 million and they are part of 90% of all cyber attacks.
Two recent examples:
- MGM lost $100m plus a ransom in September 2023. The compromised data includes names, contact details, date of birth, and driver’s license numbers of end users.
- Similarly, Caesars paid a $15 million ransom around the same time of MGM.
What common cybersecurity beliefs and practices do you passionately disagree with? Why?
I disagree with the belief that antivirus software alone is sufficient for security. While important, it’s just one layer of defense. Relying solely on antivirus software neglects other critical aspects of cybersecurity, such as regular software updates, strong password policies, and employee training on recognizing phishing attempts.
People should also STOP using the same easily guessable passwords across multiple sites. This practice makes it easier for cybercriminals to gain access to multiple accounts if one password is compromised.
Recent statistics* show that a majority of people are still relying on easily guessable, short, and reused passwords, putting their online accounts and data at significant risk:
- 75% of people globally don’t follow expert advice and keep using weak passwords instead
- 64% use easily guessed phrases or minor variations on go-to options
- “123456” was the most common password, used 4 out of 5 times in 2023
- 17 of the 20 most popular passwords can be cracked by hackers in less than one second
Lastly, clicking on links or downloading attachments from unknown or suspicious sources should be avoided to prevent phishing attacks and malware infections.
* Sources:
https://securitytoday.com/articles/2023/06/22/three-in-four-people-at-risk-of-being-hacked-due-to-poor-password-practices.aspxhttps://nordpass.com/most-common-passwords-list/
What are some things that people should START doing today that they’re currently not doing to protect their information?
- Individuals should start enabling multi-factor authentication (MFA) on their accounts. MFA adds an extra layer of security by requiring not only a password but also a second form of verification.
- Regularly updating software and systems to patch vulnerabilities is also crucial.
- Staying informed about the latest cybersecurity threats and best practices can help individuals and businesses better protect themselves.
I personally use a combination of MFA, a password manager, and encrypted communications to ensure my online privacy and security. Regularly updating my devices and software, as well as being cautious about the information I share online, are also integral parts of my personal cybersecurity practices.
Are there any common cybersecurity practices you believe are overrated or not as effective as commonly thought? Why?
One overrated practice is relying solely on automated security tools without human oversight. While these tools are valuable, they can’t replace the nuanced understanding and adaptability of a skilled cybersecurity professional.
Relying too much on automated security systems without people checking can be risky in many ways:
- False sense of security: automations can’t possibly catch every threat, especially now that new ones are being developed so fast. Thinking that a software can catch everything will make you rest on your laurels.
- False positives/negatives: Even the smartest AI makes mistakes. Sometimes they say something is bad when it’s not, and other times miss real threats.
- Missing zero-day threats: Automations follow old rules. They won’t help you keep up with new dangers. In particular, as they only look for problems they already know about, new vulnerabilities can get past them.
Human judgment is essential in interpreting and responding to complex threats that automated systems might miss. Consider also the interoperability issues, costs and management resources that integrating too many automated tools can cause.
What are some lesser-known strategies for ensuring online safety and privacy that you’ve found particularly effective? Why is no one talking about them?
One effective strategy is implementing a robust data backup plan and regularly testing it. While often overlooked, having reliable backups can be a lifesaver in the event of a ransomware attack or data breach. Additionally, using a password manager to create and store strong, unique passwords for each account can significantly enhance security.
What has been your most memorable experience dealing with a cybersecurity threat in your career? Can you describe what happened and the lessons learned from this experience?
A memorable experience was mitigating a sophisticated phishing attack targeting a client’s executive team. The attackers had crafted convincing emails that mimicked internal communications. We quickly identified the breach, contained it, and educated the team on recognizing similar threats. The key lesson learned was the importance of continuous education and vigilance against social engineering attacks.
What are some of the most creative or sophisticated online scams you’ve encountered in your career? How do you advise to prevent them?
One sophisticated scam involved a business email compromise (BEC) where attackers spoofed the CEO’s email address and requested a wire transfer. Preventing such scams involves implementing email authentication protocols, training employees to verify unusual requests through multiple channels, and setting up internal procedures for approving financial transactions.
What cybersecurity technologies or trends do you believe will have the biggest impact on your industry in the next 5-10 years? How can they affect people if they don’t adapt?
Tools and technologies have significantly improved, offering end users better security options like MFA, encrypted communications, and advanced threat detection. However, continuous improvement is needed in user education, making security tools more user-friendly, and ensuring that privacy settings are easy to configure and understand.
Artificial intelligence (AI) and machine learning will have a profound impact on cybersecurity by enhancing threat detection and response capabilities. However, if businesses don’t adapt to these advancements, they risk falling behind in protecting against increasingly sophisticated cyber threats.
Additionally, the rise of quantum computing poses both opportunities and challenges, necessitating new encryption standards.
How can our readers follow your work?
Website: www.condition-zebra.com
LinkedIn: https://www.linkedin.com/company/condition-zebra/mycompany/
X: https://x.com/ConditionZebra