GettyImages-763163649.jpg

Premium Members

 

The FT Tech for Growth Forum is supported by HCLTech and Lenovo, our premium members, who help to fund the reports.

Our members share their business perspective on the forum advisory board. They discuss topics that the forum should cover but the final decision rests with the editorial director. The reports are written by a Financial Times journalist and are editorially independent.

Members’ views stand alone. They are separate from the FT and the FT Tech for Growth Forum.

 
 

Why your culture is your best shot against deepfakes and other advances in social engineering

Doug Fisher, senior vice-president and chief security officer, Lenovo

Cybercrime today is a seriously lucrative business. It is hardly surprising that criminal organisations are employing specialist developers and social engineering experts to deploy cutting-edge strategies that can exploit any gap in your defences. 

This means it is impossible to keep an organisation 100 per cent secure. That challenge is becoming more pronounced now that hackers have turned to AI and other new technologies. 

Since AI became widely available, some employees have been tricked into transferring millions of dollars into fraudsters’ banks. They were taken in by deepfakes in video-conferences and believed that their managers wanted them to move the money.

Sadly this is only a taste of what is to come. If there is money to be made, hackers will continue to come up with new and sophisticated means of attack.

If you can’t stop an attack, what should you do? Put simply, you should make the hackers’ job as time-consuming and unprofitable as possible. If you undermine their return on investment, your business is significantly less attractive as a target. 

At Lenovo, we have a security-minded culture that extends across the entire enterprise. Recognising that human error is to blame in at least 68 per cent of cyber incidents*, we make it mandatory that every employee completes a thorough cyber-awareness programme – no excuses! 

If we find someone who is not compliant, or who has not added the latest security upgrades to their PC, we shut off their access until they are up to speed, no matter their seniority. Lenovo’s leadership has embraced this mindset and we have achieved near-total compliance.

We extend zero-tolerance to our supply chain. Because hackers could compromise the electronic components in our devices, it is our responsibility to do everything we can to make the manufacturing process secure. 

We own many of our factories so we can control physical security and who gets access. We also vet the security processes at 1,100 suppliers. We have joined with Intel and AMD to produce a supply chain platform that lets customers see all active component elements in a product. They are then able to ensure that none has been tampered with since the unit left the factory. 

Although AI is being used by hackers it is also a powerful security tool. We use the technology to enhance threat detection, incident response and vulnerability management. It can also be adapted for training, to simulate threats and to find holes in existing protocols.

Cyber-crime is not going away. A rigorous, consistently enforced culture is no guarantee of resilience but it is an extremely good start.

*Verizon 2024 Data Breach Investigations Report