The Tampa Bay Business Journal published an interview with FBI Special Agent Lawrence Wolfenden.
Wolfenden is a 25-year veteran of the FBI, the lead agency for investigating cyber attacks by criminals, overseas adversaries and terrorists. Based in the Tampa office, he’s part of the FBI cyber squad, and his team is tasked with addressing network intrusions of a criminal nature as well as potential threats to national security.
He said: “Accept that a breach is going to occur, the issue is, what do you do about it.” That in itself is nothing new, but here are some interesting numbers:
The FBI has about 800 cyber agents, including 600 agents who conduct investigations, so the agency doesn’t have the ability to address every attack, and must triage the most significant ones.
By law, a $5,000 loss must occur before the FBI can get involved in a case, but as a practical matter, the U.S. Attorney’s Office wants to see about $50,000 or more in losses before the FBI get involved, and the agency itself generally wants to see $100,000 to $200,000 of loss before it can justify spending investigative resources, Wolfenden said.
In other words, if you get infected with ransomware and the ransom is less than 100-200K, you are on your own. Good thing to know.
Wolfenden said there are three ways businesses can be prepared for a computer breach:
1: Compartmentalize.“The system should be designed in a fashion so that when someone gets in they are limited in what they can do. Not if, but when they get it, they are limited in how far they can go,” he said. There may be a loss, but not a total loss. “Maybe we lose a computer, maybe we lose a server, maybe we lose a department, but we’re not going to lose the entire business.”
2: Be proactive. Look for problems before they occur. If it’s a big enough company, have a dedicated team constantly trying to intrude and find weaknesses in the system, to see if someone else has found those weaknesses, and then to address them and mitigate appropriately. (We all know that employees are the weak link in IT security, so as a proactive measure, step them though new-school security awareness training).
3) Have a contingency plan. Identify a team that can address problems and have contacts with law enforcement already pre-established, “so that on Wednesday afternoon before Thanksgiving on Thursday you’re not trying to figure out who to call at the FBI, you already know who you need to call and we can begin to address it,” Wolfenden said.
Battling cyber crime is a shared responsibility, Wolfenden said. “Individuals, the private sector and government agencies all have vital and complementary roles in protecting the nation from malicious cyber activity,” he said. Despite the need, there is a widening gap between the demand for cyber professionals and the supply of them, putting businesses at risk.
Since email is the #1 malware infection vector, and attacks are getting through your filters too often, getting your users effective security awareness training which includes frequent simulated phishing attacks is a must.
For instance, KnowBe4's integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!
See it for yourself and get a live, one-on-one demo.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: