In this episode of our BryghtCast edition of the Managing Uncertainty Podcast, Bryghtpath Principal & CEO Bryan Strawser and Consultant Bray Wheeler take a look at three current risks and upcoming events:
- Audio Deepfakes: Axios reveals recent information released by Symantec where audio deepfakes were used to swindle money out of large organizations.
- Iran’s seizure of a UK Tanker in Gulf as a major escalation between Iran and Western Powers
- Boris Johnson wins the race to be Tory Leader and becomes UK Prime Minister
Bryan Strawser: Welcome back to the Managing Uncertainty podcast. This is Bryan Strawser, Principal and CEO at Bryghtpath. And with me today is the one and only Bray Wheeler.
Bray Wheeler: Good morning.
Bryan Strawser: This is our Bryghtpath episode for the Week of July 22nd. We did not have episodes last week due to some travel and poor planning on our part, but we’re back now in that we’re back in our usual rhythm of two episodes a week – the Bryghtcast episode focused on current events and what they mean for your business, and a deeper dive episode, which will come out later this week.
Bryan Strawser: So we’re going to start by talking about an article that was in Axios’s newsletter on July 19th in an article by Jennifer Kingson about the coming deep fake threat to business. I’m just gonna read the opening paragraph and then tie this back to something I heard last week at a conference that I was at.
Bryan Strawser: So from the article, “In the first signs of a mounting threat, criminals are starting to use deep fakes, starting with artificial intelligence and generated audio to impersonate CEOs and steal millions of dollars from companies which are largely unprepared to combat them. Why does this matter? Nightmare scenarios abound as deep fakes grow more sophisticated. A convincing forgery could send a company’s stock plummeting or soaring, extract money, or ruin its reputation in a viral instance. For example, imagine a convincing fake video or audio clip of Tesla CEO Elon Musk disclosing a massive defect the day before a big Tesla launch. The company’s share price would crumble. For all the talk about deep fake videos, it’s deep fake audio that has emerged as the first real threat to the private sector.”
Bryan Strawser: The article goes on to describe an incident that Symantec identified, and last week I was at the Aspen Security Forum at the Aspen Institute in Aspen, Colorado. One of semantics lead security architects described the scenario that’s highlighted in the article that they saw. They have seen three successful deep fake audio attacks on businesses, and not small businesses, big business. In each of these, a company’s CEO called a senior financial officer to request an urgent money transfer except it wasn’t the CEO. It was deep fake audio generated by sampling the CEO’s voice from earnings calls, investor presentations, interviews on the news.
Bray Wheeler: Even TED Talks they were saying, too, right?
Bryan Strawser: TED Talks. That’s right.
Bray Wheeler: YouTube videos. Anything.
Bryan Strawser: Anything you think about the number of times that a Fortune 500 CEO is on audio or video somewhere where that video could be extracted and then reassembled using AI machine learning. This was a part of a cybersecurity panel at the Aspen Security Forum last week, and it was scary. It was scary.
Bray Wheeler: Well, it’s almost one of those things where the bigger company you are, the more at risk you are for that because you’re remote, you’re using all sorts of technology to be able to conduct business that smaller businesses are, ‘hey, we’re sitting across from each other. We can do that in-person versus over the phone, voicemails,’ all sorts of stuff.
Bryan Strawser: Think about how much more advanced this is from what we saw before as the kind of spearfishing type of attempts to do money transfers. I mean when I was interim chief security officer for a Fortune 500 company back in 2017, we had an outside email that looked like it was from our CEO, but it was not from the CEO, that was sent to the controller to make a wire transfer and fortunately said controller was a very smart lady who looked at that and said, ‘He’s never asked me to do this before. This seems weird,’ and called me. I got the CSO involved, and we very quickly identified that that email was fake. It was coming from an outside email address disguised to look like the CEO. So not overly difficult to detect. This sounds almost impossible to detect that this is fake.
Bray Wheeler: Well yeah, especially if you, … the topics that they’re talking about in these interviews too, it probably doesn’t take much for the AI and the software to be able to piece some of this stuff together and make it sound legit.
Bryan Strawser: Make it sound legit. So the challenge for businesses is this needs to be, I think immediately become part of the education around social engineering and fraudulent attempts, particularly with folks that have wire transfer authorization, ACH transfer authority, within a company in the finance or accounting areas. This needs to be part of some immediate awareness communication.
Bray Wheeler: Oh yeah. It’s almost one of those things you have to almost go back to kind of some rudimentary, even security precautions where it’s saying, ‘Hey, here’s the word of the day or none of this is done over the phone. It’s all done in person. If you get any of this stuff over the phone, over email, any of that kind of stuff that it’s not legit.’
Bryan Strawser: Right Yeah. I mean and your wire transfer, your controls around financial transfers, and remittance payments need to be such that a simple phone call or email does not authorize such payment of any type of any amount. It needs to be through a controlled process that’s internal to the company. Those are things I would look at and have a central place. We always talk about having a central place for companies to report, or your employees rather, to report this kind of behavior when it comes up. Even if it’s they just want a place to check out if this is legit or not.
Bray Wheeler: Yup. Oh yeah, because it’s the better safe than sorry.
Bryan Strawser: For sure.
Bray Wheeler: You’re almost better taking the time to say, ‘Nope, that’s legit. That actually is coming from us,’ versus the one that gets through.
Bryan Strawser: Totally.
Bray Wheeler: I think even too, the example they give of having Elon Musk report something out, even the reputational problems. So kind of the financial piece aside, even having a process and revisiting some of the ways that we make announcements, the way that messages come through, that it is firm. You do have a standard process that it’s not case by case basis as you’re making these different announcements. That it has to be within a process because that’ll help you manage your reputation. It will let it not escalate into something that’s different. It’ll let you double-check yourself, so to speak, as a company.
Bryan Strawser: What’s next? What’s our next challenge?
Bray Wheeler: So what’s next? The Strait of Hormuz, some more stuff happening in the Gulf. So we’ve talked about Iran a little bit in the past related to their own strikes and things like that. What’s happened over the last couple of weeks, and the last week, in particular, late last week Iran has been a little bit more active in the streets.
Bray Wheeler: They ended up capturing a British oil tanker. It was flagged UK, has a diverse kind of multinational crew aboard it. But Iran said it was conducting itself in ways that violated interim international maritime law. It was seized, UK, US, other countries have said it was in international waters. Iran says it was in Iranian national waters. So needless to say Iran his kind of confiscated that vessel taking the crew, seized them. They’re showing them photographs and videos of them still on the boat.
Bray Wheeler: But the big case here is it’s escalated tensions, and it’s made the issue more complex because the US and UK aren’t necessarily aligned and applying pressure to Iran for the nuclear aspect of the situation. This is more international trade route. So there’s a little bit of who’s helping who, and when are we going to help each other, and who’s going to get involved? It’s made it a little bit more complicated, but there are reports of six to 10 more oil tankers, British UK flag oil tankers still stuck in the Strait of Hormuz. They can’t move them. It’s really kind of unsettled, the straits over there over the weekend here.
Bryan Strawser: There’s a number of foreign policy issues. I think that this raises that play into how companies should be processing this. Again, as I mentioned in the last segment, I was at the Aspen Security Forum last week and this action along with the challenges, foreign policy challenges with Iran; the pretty hot topic of conversation to say the least.
Bray Wheeler: I bet.
Bryan Strawser: I think the consensus on Iran’s strategy right now is that they’re attempting, given President Trump’s challenges with maintaining and building alliances, they are attempting to split the United States from other countries by forcing them down different paths of action. I’m not sure that strategy will be successful. The Brits and the US have typically supported each other down the line in foreign policy and militarily when it comes to things like this. But the ball’s right now is really in the UK’s court on how they want to proceed. They have been clear they want their tanker returned, but there’s probably less pressure internally at the UK because the crew are not British. No one on the crew is a British citizen. There are some tough choices ahead for the UK.
Bryan Strawser: I did note that the US took a number of actions last week. They put armed aircraft overhead of US commercial vessels that were moving through the Strait of Hormuz in order to defend them, but there were no attempts to interfere over the weekend. We’re also apparently deploying up to 10,000 Air Force, Navy, Army, to Saudi at the invitation of the Saudi King. That gives us a significant increase in air coverage and maritime surveillance capability. We’re moving a carrier from outside of the Persian Gulf into the Persian Gulf. Of course, that’s 75 square yards square or 0.75 square miles of sovereign US territory with a propeller and an air wing, a big air wing.
Bray Wheeler: Big air wing.
Bryan Strawser: So there’s a lot of capability. I think we’re moving there to have more options. The challenge for businesses I think is what we’ve been talking about, which is this is the current kind of conflict hot spot. So if you operate in the Gulf, you’re dependent upon Gulf shipping, or you have travelers or others in the UAE, Saudi, Kuwait Qatar, countries that are US allies, that are safe to operate in. There’s a higher potential conflict, military conflict in the area than before. All that said, I don’t think Iran is looking for a war. This is a power play.
Bray Wheeler: Yeah. This is them exerting themselves. I think it … everybody defaults to … and obviously the oil prices, oil stockpiles, things like that. So if your companies are dependent on the oil that’s coming out of that area, that’s certainly something to consider, and have some more conversation about because of this will likely kind of tit for tat kind of seizing of different takers and disrupting, and all this kind of stuff. It hasn’t gone away in a couple of months, that this is probably gonna continue. Now if you’re reliant on probably more US-based or South American, or something like that, then you’re in a little bit better shape. But yeah, this is definitely an Iranian kind of power play on a bunch of different fronts in terms of different policies and topics.
Bryan Strawser: Yeah, it’ll be interesting to see where this progresses given the next topic we’re going to talk about because I think the British course of action will depend upon what starts to happen beginning tomorrow. That is when a Queen Elizabeth will invite the winner of the Conservative Party’s leadership election, former foreign secretary, Boris Johnson, to be the next prime minister and to form a new government in her name. She will have that audience tomorrow morning, London time, with Boris. Boris was the winner of the Conservative Party’s leadership election, which was conducted via mail over the last three weeks, I believe it was.
Bray Wheeler: Yup.
Bryan Strawser: He and the finalist who, I don’t recall who that was. Johnson will have about 90 days to figure out an acceptable Brexit plan and get that plan through parliament or the EU is just going to throw the UK out is my understanding of the table stakes here right now.
Bray Wheeler: I think it’s that is a good possibility that you is not going to renegotiate because of Boris Johnson’s position on the issues and what he’s been the champion of this whole plan; that if he takes any kind of a hard line or can’t negotiate, the EU is just, … they’re done. I think if somebody else was in this office, there may be more of a conversation. There probably won’t be right now.
Bryan Strawser: Johnson, for those of you that don’t follow UK politics, is a populist. He’s definitely more along the lines of President Trump’s style in terms of action and perhaps lack of organization at times, as he goes through that. This is gonna definitely change the UK cabinet. The Chancellor of the Exchequer, the number two official in the cabinet has said he will resign. I imagine there’ll be other, I mean he gets to pick them. He’ll get to pick a new cabinet if he chooses to do so.
Clearly, the chancellor has said he’s not staying on.
Bray Wheeler: Yup.
Bryan Strawser: So we’re gonna see some pretty major administerial changes, but there are really two immediate crises facing Johnson as PM tomorrow morning. That is, how does he figure out the Brexit strategy that parliament will accept? And second, what does he do about the tanker? The British tanker being held by the Iranian Republican Guard.
Bray Wheeler: Yup. One, that’s not to bring it completely back to the tanker, but there’s a lot of conversation that’s come up that UK is facing a lot of different tankers and things like that, re-flagging themselves, of the UK flag in the Strait and going to other countries. That has an impact in a lot of different ways for the UK.
Bryan Strawser: It’s interesting because the strategy in the 80s was the opposite. It was that companies wanted to flag their tankers with members of NATO because the US made a huge deal out of re-flagging several tankers to the US flag. So the US navy would have more obligation to protect them, and that would make it less likely Iran or Iraq, or others, would attempt to screw around with those tankers. Now we’re going the other direction.
Bray Wheeler: Now we’re trying to mask ourselves with other countries that don’t, … that aren’t involved in some of these seizures of illegal Iranian oil, or they say illegal Iranian oil.
Bray Wheeler: Yeah. I think even long-term, one of the pieces that The New York Times called out to is that part of this breakfast Brexit plan, especially with the EU, is that Ireland issue, and being populous-
Bryan Strawser: The Northern Ireland and Irish border.
Bray Wheeler: Not having, … he’s not a huge fan of keeping goods free-flowing up there. That’s really been one of the major pillars of peace in that area, and that’s-
Bryan Strawser: The relatively open border,
Bray Wheeler: … the relatively open border.
Bryan Strawser: If it’s a hard border crossing, it’s going to cause problems up there.
Bray Wheeler: It will most likely revert back. That’s been part of the conversation that throughout this Brexit, but he definitely has a more hard-line on that; that, that border is important.
Bryan Strawser: So for companies, if you operate in the UK or Northern Ireland or Ireland, the Free State of Ireland, or the EU for that matter, now’s the time to start watching what happens. The next 60 to 90 days are gonna be critical for the Brexit strategy. They could leave. If they don’t figure it out, then they leave with no treaty, no agreement, hard borders. That’s going to be a real challenge for folks that for 30 some years have been used to free movements within the European Community, and that’s going to stop. A portion of that was gonna stop anyway, but they were trying to soften the impact of that change. Certainly, from a trade standpoint, it’s just going to be a mess if they don’t figure that out. There’s a lot to figure out.
Bray Wheeler: Yup.
Bryan Strawser: So that’s it for this edition of the Managing uncertainty podcast Bryghtcast edition for the week of July 22nd. We’ll catch you later in the week with our next episode. Thanks for listening.[podcast src=”https://html5-player.libsyn.com/embed/episode/id/11717051/height/360/theme/standard/thumbnail/no/direction/forward/” width=”100%” height=”360″ scrolling=”no” class=”podcast-class” frameborder=”0″ placement=”bottom” use_download_link=”” download_link_text=”” primary_content_url=”http://traffic.libsyn.com/bryghtpath/056-Bryghtcast07222019.mp3″ theme=”standard” custom_color=”” libsyn_item_id=”11717051″ /]