3 minute read
“DANIELA IDENTIFIES
FOUR MAIN FACTORS: SOCIAL ENGINEERING, SUPPLY CHAIN VULNERABILITIES, CLOUD EXPLOITS AND ARTIFICIAL INTELLIGENCE (AI)”
that maturity – we understand the need for innovating and for transforming to be digital first and we get technology to work for us. However, let's not forget about the colleagues that are actually people and they are targets like any other person and I'm very proud that we've built that resilience.”
But what are some of the most pressing security concerns that Tinka considers threats to consumers and stakeholders?
Daniela identifies four main factors: social engineering, supply chain vulnerabilities, cloud exploits and artificial intelligence (AI).
“Social engineering is on the top because it can be used either towards the customer, by impersonating Tinkans somehow, trying to defraud our own employees for immediate financial gain or they will try and get data that is for immediate financial gain or to weaponise data.
“Credit information is very sensitive and of course very profitable in underground markets, so I think that's the top threat.
“Second, correlated to that, we have supply chain vulnerability. For clarity, this is not that we fear that our supply chain will attack us, but it's the fear that attackers might leverage our supply chain to get to us if they compromise a partner.
“Third we have cloud exploits. As we are digitally driven and cloud-first, hostile attackers might exploit the services that we work with as a company. We work with big players like Google, and we build trust relationships with those services. But it is an increasingly common way of compromising one cloud service to get to another cloud service and performing that movement across services is something we are also cautiously concerned about.
“Lastly, something else that has been coming up, of course, is AI and deep machine learning.
“These are threats because they make the simplest attack more sophisticated. They offer ways of counteracting and evading already existing security systems. For instance, AI can learn how to evade antivirus systems because it will study how they work. So let's say an
“WITH THE BLENDING OF HIGHLY ADVANCED AI MACHINE LEARNING AND ATTACKS THAT YOUR SYSTEMS MAY NOT BE ABLE TO DETECT AND REPORT ON TIME, YOU THEN MUST RELY ON THE HUMAN TO DETECT, SPOT AND COUNTERACT IT” attacker runs a scan and he finds out that the anti-spam system of your e-mail will block any e-mail that isn't coming for more than 50 people at night. So what the machine will do is send 49.
“So AI and deep learning are adaptive in terms of the security systems and it's allowing for more flexibility in protections and responding to new threats. But the threat actors are already two or three steps ahead. So indeed, it's both a benefit and an unknown risk that we are still experimenting with.
“If you join AI and social engineering together, you have a very powerful attack to deal with.
“You have advanced technological ways to perform an attack combined with old school delivery techniques, like a social engineering attack. Phishing, vishing, smishing, all those acronyms that mean one thing: people being deceived or being exploited by exploiting their willingness to help or because people are exhausted or people are distracted, so it exploits what some call ‘human weakness.’”
But Daniela rejects the overused phrase ‘human weakness.’
“Some of my peers see the human as the weakest link,” says Daniela. “I personally hate that mentality because the human can actually be the strongest link. With the blending of highly advanced AI machine learning and attacks that your systems may not be able to detect and report on time, you then must rely on the human to detect, spot and counteract it.”
“So that's why I don't believe that humans are the weakest link. They may be the strongest link in fact. Humans are the only safeguard we have if we enter the age of quantum computing. We need to realise this and focus on the human element – it is very important.”
Scalabilitypartners
With these innovative and robust security policies and governance systems in place, Tinka is now looking to scale its operations.
Some immediate priorities at Tinka include scaling its human resources and technical assets to complement their work from anywhere policy.
Crucial to these endeavours is Levi9.
“Levi9 provides us with expertise for SMEs especially in the development area throughout the organisation and with their human resources we can maintain Tinka as an assetlight organisation,” says Daniela.
“We have benefitted from the expertise and resources that are available from Levi9 and the relationship works very well. Sometimes it is difficult to understand where Tinka ends and Levi9 begins because we work so well together that it is hard to understand who is internal and who is external. We have a five-year relationship with them, and it is not common to have that informal and very close collaboration for so long.
