Day: January 13, 2017

Lightning may not strike twice, but cybercrime certainly does. The latest example: A year after the major hack of the U.S. Office of Personnel Management (OPM), cyber criminals are again targeting individuals impacted by the OPM breach with ransomware attacks.

In the new attack, a phishing email impersonates an OPM official, warning victims of possible fraud and asking them to review an attached document—which, of course, launches the ransomware.

OPM attack part of bigger trends in ransomware
The new round of attacks could come from two sources—both are part of trends in ransomware.

• The long con: The first scenario is that the same individuals that executed the original OPM hack are now launching these ransomware attacks. If this is the case, it at least alleviates some concerns that the OPM hack was state-sponsored cyberterrorism and/or a sign of a new kind of “cold war.” But the trend toward this type of “long con” is scary in its own right. Users are already more likely than ever to “click the link”—now patient cyber criminals are using hacked data to deploy extremely authentic phishing scams.
• The “kick ‘em while they’re down” attack: It’s more likely that the OPM ransomware attack is just an example of enterprising cybercriminals seeing vulnerability in the already-victimized. This is another unsettlingly effective trend—like “ambulance chasing” for cybercriminals: Follow the headlines to find organizations that have recently been hit with a cyberattack (of any kind), then swoop in posing as official “help” in investigating or preventing further damage. Clever cybercriminals know they can prey on the anxiety, fear and uncertainty of users in this position.

How can you get ahead of evolving ransomware?
Though we’ve said it a thousand times, it’s more true than ever: Ransomware is evolving at an incredible rate and it is overwhelming traditional data security tools. Paying the ransom becomes an appealing option to unprepared businesses, and this steady cash flow only fuels the problem.

Want to see where ransomware is headed next and understand how you can snuff out this threat? Read our new report, The ransomware roadmap for CXOs: where cybercriminals will attack next.

Jeremy Zoss, Managing Editor, Code42

[Cloud Security Alliance Blog]

Much of Phillimon Zongo’s youth was spent walking or running great distances barefoot, sometimes en route to school, other times scouring the township for empty cola bottles he could sell for change. Whatever the distance, Zongo was determined to find a way to afford food to fill his belly and knowledge to fill his brain.

Zongo’s first pair of shoes came when he was 12, prompting months of adjusting his steps to acclimate to the new sensation. But with or without footwear, in warm or wintry conditions, traversing the roads of rural Zimbabwe often was preferable to being home, where he and his large family lived in poverty.

His living conditions deteriorated further as a teenager. Needing affordable housing closer to his new school, Zongo moved away from his family at the age of 14 and shared a bleak, squalid structure – lacking water, electricity and with a makeshift door that would not lock – with fellow tenants who often became embroiled in jarring verbal and physical clashes with visitors.

During his youth, Zongo hid his living conditions from friends for fear of being bullied. Now that he has ascended to remarkable heights – personally and professionally – the ISACA member revisits his upbringing with pride.

“It’s not painful at all,” Zongo says. “Like so many kids, we were born into these situations. It was never our choice. My parents were loving and supportive, and I greatly appreciate that. They were also born into poverty, but they did all they could so that we would lead better lives. Would I have loved to get my first pair of shoes much earlier in life? Of course, yes, but that was beyond my control. What matters is I managed to make do with what I had, and I am here now.”

These days, here is Sydney, Australia, where Zongo is a successful cyber security consultant in the financial services industry. In October, Zongo was honored by the ISACA Sydney Chapter as Best Governance Professional of 2016, reflecting recognition from industry peers about the thought leadership he has contributed to the profession. That includes a 2016 article on managing cloud risk in the ISACA Journal; another ISACA Journal article, this one on opportunities and risks of automation, published this January.

“I have accomplished so many other things, but this is close to my heart given the importance of education to my life and how ISACA opened so many doors to me,” Zongo says. “I feel so privileged to be able to give back.”

Zongo’s life story, he says, “is not complete without ISACA.” His successful pursuit of Certified Information Systems Auditor (CISA) certification bolstered Zongo’s qualifications for his first position as an enterprise risk services consultant with Deloitte.

“Pursuing my CISA qualification was one of the most game-changing decisions I ever made,” Zongo says. “It afforded me the opportunity to work for some of the most respected global brands and connected me with a global network of highly accomplished professionals. Mostly importantly, it instilled in me high ethical standards, essential to retain the high levels of trust and confidence the society places on our profession.”

The Deloitte opportunity helped Zongo grow into a polished professional, as he quickly adjusted to corporate dress codes and navigating the etiquette of taking clients out for lunch.

“The problem is that society gives people labels, and these I have had to actively resist,” Zongo says. “If you are from the country they call you unpolished, in a way that suggests you can never attain polish. These, if left unchecked, can precipitate self-hate or undermine your confidence.”

Two years after starting with Deloitte, Zongo accepted a consultant position at PwC Australia in 2007. Zongo arrived in Australia with only $300 Australian in his pocket, but he was unfazed, having known much greater financial hardship throughout his life. The ability to anticipate a reliable paycheck outweighed the intense homesickness that marked his first several months in Australia.

Just as Zongo maintained laser focus on his education during his tumultuous youth, he did not allow his new environs to deter him from his career goals. He joined a prominent Australian financial services company as an IT risk manager in 2011 and now is a security consultant there. In recent years, Zongo has become particularly passionate about raising the profile of cyber risk among business leaders.

The resolve he summoned as a youth continues to serve him well. Zongo emphasizes that no matter how much he struggled during his youth, he never felt alone. While some acquaintances from his childhood were able to rise above their difficult circumstances, many, he says, remain “trapped in despair and hopelessness.” Securing a more fulfilling future required a tenacious desire to break the cycle of poverty that afflicted his family for generations.

“I believe we are all born with innate abilities to persevere and overcome life challenges,” Zongo says. “But passion by itself accomplishes nothing; to succeed you need a great deal of stubbornness. Especially where I grew up, you have to overcome these challenges over a long period of time. Perseverance and courage are virtues you nurture through practice.”

About a year after his move to Australia, Zongo married his fiancée from Zimbabwe. He and his wife, Fadzi, have two children – daughter Nyasha Valerie, 3, and a baby boy, Mukundi Christian. In addition to the joy he finds in his work and family commitments, Zongo likes to play golf – a largely unaffordable pastime in Zimbabwe – both for fun and for networking. He is skilled enough to have won several local club competitions, but is more proud of a golf fundraiser he organizes annually to raise money to repair dilapidated infrastructure at his old high school in Zimbabwe, pay fees for underprivileged kids and meet other special needs.

In addition to having earned the CISA, Zongo has passed the Certified Information Security Manager (CISM) exam, and remains grateful that ISACA “has helped me turn my story into one of determination, hard work and passion.”

“The odds were stacked against me, but if I made any excuses – or felt sorry for myself – I would never be speaking to you today,” Zongo says. “I had clear goals in mind, to eventually be able to live a dignified life and support my family, and nothing mattered more to me. I also was fortunate to have individuals who supported me and advocated for my success, and as I walked through the filthy township streets, I knew one thing for certain: I would never let them down.”

Editor’s note: ISACA’s family of more than 140,000 members and certification holders consists of truly outstanding individuals who are making significant contributions to the profession and the world. Watch for more stories like Phillimon’s coming soon, and contact jschwab@isaca.org if you have a member story you’d like to share. If you are not a member, consider joining our community. View the ISACA Member Advantage here.

[ISACA Now]