There has been a sharp increase in cybercrime over the past year as most of us around the world have been forced to spend more time online — often on vulnerable networks — as a consequence of the COVID-19 pandemic. This has created a challenge for individuals and corporations that are serious about protecting themselves and their employees from cyber criminals and online scams.
In 2020, the FBI’s Internet Crime Complaint Center, also known as IC3, recorded a nearly 70 percent increase in cybercrime, according to David Ring, section chief of the FBI’s Cyber Engagement and Intelligence Section. Ring attributes this to the fact that “there is an increased attack surface” as people shifted to virtual formats by working from home. The more access points, the greater the threat, he explained.
Ring participated in a webinar hosted by Global Guardian on April 21 on “2021 Cybersecurity Trends: How to Protect Yourself and Your Organization.” He was joined in the discussion by Jeffrey Stutzman, chief information security officer at Global Guardian, and Dale Buckner, chief executive officer and president of Global Guardian. Mike McGarrity, vice president of Global Risk Services at Global Guardian, moderated the discussion.
Sources and Types of Cyber Threats
There are two primary sources of cyberattacks: nation states, primarily Russia, China, Iran, and North Korea, and cyber criminals. Ring said the bulk of the incidents can be attributed to cyber criminals.
Ring described Russia as a “full-scope cyber actor” that is “intent to steal everything and are very skilled at it, and that includes commercial and political infrastructure sectors, not just U.S. government and military secrets.”
On the other hand, China, Ring said, is focused on economic espionage. “They are out there to steal trade secrets and copy those,” he said.
He described Iran and North Korea as using malicious cyber tactics to forward their priorities and political objectives.
While acknowledging a proliferation in cyberattacks, Ring said ransomware attacks and business email compromise are the two most severe and effective forms. “Bottomline: in the past year, the level of ransoms that have been paid and requested from ransomware attacks has gone up over 200 percent,” said Ring. “Cyber actors are able to act in many cases without a fear of consequence…. People who are looking to do damage to others… feel they are able to do that in the cyber world with less risk,” he added.
While people are being charged and arrested for cyberattacks, one of the challenges is that a lot of these actors are in parts of the world where it is difficult for the U.S. government to reach.
Ring discussed the “over-the-horizon” threat posed by malicious actors who can use content like videos and photos to create deepfakes to threaten an individual or an organization. “I can promise you the horizon is getting closer and closer,” he warned, adding that the FBI is creating awareness of the threat in an attempt to equip individuals and organizations to better protect themselves.
How Global Guardian Can Help
While Global Guardian is normally consulted for incident response, Stutzman said: “We prefer to get brought in for cyber assessments to figure out what is going on.”
The advantage of engaging Global Guardian at the cyber assessment stage, Stutzman explained, is that “it is an easy process to go through, we can fix things. If we get brought in for incident response, it is going to cost you a lot of money, you are not going to like it very much. And it costs you about as much to prevent things than to actually respond to them, maybe even less.”
Global Guardian’s areas of expertise include:
- Ransomware
- Physical security systems
- Smart home systems
- Personal cyber security
“In every case where we deploy… we find out that the physical security, the smart home system, they are compromised — 100 percent of the time,” said Stutzman. “If you are a CEO and you are getting hacked at work, you are also going to get hacked at home,” he added.
Stutzman pointed to the vulnerability of typical internet connections that come through a modem and then into a wireless device or a switch — they lack a firewall. “Eighty percent of the places that we go into has this architecture and every one of those 80 percent have been hacked,” he said.
Stutzman outlined the basic architecture Global Guardian deploys to enhance personal cyber security:
- Managed anti-virus software on every computer.
- Anti-evasion countermeasures to prevent a hacker from bypassing security on the machine.
- Next-generation firewall.
- Everyone logs in through a VPN when they are traveling.
- Two-factor authentication.
- 24x7 monitoring and protection.
Buckner emphasized that there is no “one-button solution” to the threat posed by cybercriminals. “If you want to do this well, you have to commit to time and you have to commit to a spend to protect your business and/or protect your family. There is no way of getting around that,” he said.
Buckner listed some questions for corporate leaders to consider:
- If you have an enterprise security solution do you focus on the end user? Is every desktop, laptop, and cellphone used by your work force that is working remotely monitored in real time?
- What is your policy on WiFi, Bluetooth, and tracking?
“When we asked those very simple questions, we find out that there are very complicated answers,” said Buckner.
What to Do If You Are a Victim of a Cyberattack?
In the event that you are a victim of a cybercrime, Ring suggests calling the FBI. “Cybersecurity is a team sport…. The more information that the FBI is able to collect in an evidentiary format, the more we are able to go after those actors and impose risk and consequences on them and create a more risky space for them to operate in,” he said.
Ring suggested contacting the local FBI field office in the event of an incident.
While it is important to report data to the FBI in the event of an incident, Buckner said: “If your firm gets hacked tomorrow, I don’t think you should expect that the FBI is going to parachute [in] and solve this for you or negotiate for you or get you through the ransom. It’s just not real.” This is an area where Global Guardian plays a critical role.
Ring agreed that the FBI is not a “remediation service,” but rather an investigative and intelligence agency.
Ransom: To Pay or Not to Pay?
The FBI does not have an official threshold for what constitutes a level of ransomware attack that it would respond to. “To be frank, the level of cooperation and interest by the victim to work with the FBI drives a lot of that response,” Ring said. Noting the importance of partnerships, he said “making sure that we have those established partnerships beforehand can certainly enhance the response after the fact.”
“Protecting the victim and not blaming the victim is part of our strategy,” said Ring, adding that the bureau seeks to track down ransomware actors rather than look at what led up to the incident.
Over the years, the consensus in law enforcement circles has shifted away from paying ransoms. Ring said that while the FBI does not recommend victims pay ransoms because it encourages cyber criminals to continue their activity, the FBI doesn’t investigate victims to who choose to pay ransoms, though there are potential regulatory issues.
In most ransom incidents that Stutzman has worked, the question of the legality of paying a potential terrorist organization has come up. The other side of that coin, Stutzman said, is the likelihood that a large number of employees could be out of work because the company is facing an “extinction event.”
In the event of a ransomware incident, Stutzman said it is important to first inform IC3 and then discuss with the company’s CEO the option of paying the ransom in order to save the company and its employees. Eventually, he said, it comes down to it being a business decision. “Legal or not, I believe that ransoms are going to be paid” by a CEO who has a fiduciary responsibility to their board and shareholders, or who is looking out for his employees, Stutzman said.
Buckner recalled an incident in which Global Guardian paid the ransom through bitcoin and the stolen data was promptly recovered. “This is a business. It is in their best interest to get you your data once they are paid,” said Buckner.
Once the ransom is paid, Stutzman said, “we want to make sure that we have the environment protected so we don’t get hit twice.”
How to Protect Virtual Meetings
The pandemic-related increase in working from home has meant online meetings… lots of them. Stutzman recommends the following measures to better protect these meetings:
- Ensure data is encrypted
- Create passwords
- Check that the person logging into the meeting is meant to be there
- Make participants wait in a virtual lobby before admitting them into the meeting
All of the virtual meeting platforms have made improvements over the past year. “I think we are in pretty good shape,” said Stutzman.
How to Protect Family Offices
Family offices manage the wealth and investment of wealthy families. Global Guardian supports many family offices.
Buckner said there is a lack of appreciation of the fact that family offices can easily be tracked through their wealth — private aircraft, yachts, homes, and their business footprint. “It is all out there now. There is no such thing as hiding,” he said.
Buckner recommends the following measures family offices can take to protect themselves from cyber threats:
- Focus on cybersecurity; cybersecurity is more than just the “IT guy.” Noting that 90 percent of corporations’ cyber budgets are focused on technology, Buckner said it is equally important to prioritize cybersecurity.
- Compartmentalize data to reduce the possibility of insider threats and critical data being leaked to the dark web.
- Pay attention to the vulnerabilities in security cameras. In March, more than 150,000 security cameras linked to hospitals, prisons, and schools were hacked. Telsa, Cloudflare, and the fitness company Equinox were among those affected. “What we find is that the entire camera surveillance industry has avoided the cyber conversation completely,” Buckner said.
CMMC: Why is it Important?
In response to growing cybersecurity risks and past issues with defense contractors not protecting data adequately or complying with government standards, which resulted in the compromise of sensitive defense information, the Department of Defense (DoD) created the Cybersecurity Maturity Model Certification (CMMC). This is required of any defense contractor or vendor that is, or wishes to be, working with the DoD.
Stutzman said with CMMC, a company has to prove it is compliant by going through a checklist of controls and an auditor then validates compliance. Citing past compliance issues, Stutzman said: “It has gone from being purely this voluntary program to now the government saying: ‘OK, we can’t trust you when you tell us that you are compliant, so now we are going to make you prove it.’”
Conclusion
It is important, Buckner said, for individuals and corporations to understand the extent of the cyber threat and the economic damage that can be done “if you don’t go the last mile.” Individuals and corporations should have the mindset that they are being targeted, especially if they are a corporation that creates wealth, he advised.
“If you don’t protect the end user, you’re going to have penetration and you’re going to lose. It won’t be good for your business and it won’t be good for your brand… it can be catastrophic,” Buckner warned.
STANDING BY TO SUPPORT
The Global Guardian team is standing by to support your security requirements. To learn more about our cyber security and customized security services, click below or call us at + 1 (703) 566-9463.
