Scott Augenbaum has seen it all and pulls no punches. The retired FBI agent, formerly of the Cyber Crime Prevention; Supervisory Special Agent, Cyber Crime Fraud Unit, shared his years of experience in his closing keynote address, "The Unseen Battlefront: Proactive Cyber Defense Strategies for Midsize Organizations," at the Midsize Enterprise Summit IT Security.
Augenbaum spoke of the countless cyberattacks he's investigated over the years, many involving ransomware. There are some truths about cyber incidents that many organizations seem to be in denial about, and he shared some realities they should know.
1. Throwing money at the problem is not helping organizations stay safe
"We keep spending more and more money to stay safe. We keep buying more products, more services, more insurance. But what does it mean? If we keep spending more and more money to stay safe, and the problem get worse, what does that mean to you?" he said.
Augenbaum acknowledged there is a need to spend some money on security defenses but emphasized it's important to spend on the right tools and on the value of end-user security awareness of the myriad cyber scams out there.
2. No one expects to be a victim
"None of my victims ever expected to be a victim," he said. "Why would anybody want to target me, is what organizations would say. My favorite line: I'm a smaller mid-sized business. I'm not as big as the big players. I don't have anything of value that anyone would want. And I'm here to tell you, cyber criminals do not care who you are. They want access to your stuff and every organization has stuff," he added. He said in his experiences, it's the smaller and mid-sized business that really suffers after a cyber attack.
3. You're not getting your stuff back
"The bad guys get into your network; they steal your stuff. What is your stuff? Your intellectual property. Your stuff is your data … access to your cloud-based accounts. Because today we hear so much talk about the perimeter but where is all of our information? Bad guys are getting into it or when your organization gets hit with ransomware and you contact law enforcement, law enforcement does not have a magic wand … you're not getting your stuff back," he said. That realization, Augenbaum said, is "very upsetting" for organizations.
4. Bad guys typically won't get arrested
Cyber criminals are mostly located overseas, Augenbaum said. "They're located in Russia, they're located in China, they're located over in Iran, they're located over in North Korea. I always got the question, ‘Scott, how come the FBI isn't doing more to arrest these people?'"
He said that the challenge isn't just that threat actors are mostly overseas but when law enforcement does arrest one, "another one comes back. Happens all the time," he said.
5. There is a good reason not to pay ransom
Paying a ransom demand can make you "a target again," Augenbaum said. "I've seen companies pay the ransom on Monday, they didn't fix the vulnerability, and they got hit by another group on Wednesday," he said.
6. You do need security tools
"We need tools," he said. "You need those pieces of technology. You can't just sit here and go, hey, I'm going to have a great mindset and we're going to train our people." He also stressed the importance of multi-factor authentication (not just in business but also using it in our private tech lives) and that organizations should ensure that any third parties they deal with are also using MFA.
"What happens when your third-party vendor does not have two-factor authentication on their network? Bad guy gets in the middle," he cautioned.
7. Cyber incidents are mostly preventable
Augenbaum said that almost 90 percent of what he has dealt with during his law enforcement career "could have been prevented with the right end-user education and awareness."
Falling prey to cyber attacks can be part of a "mindset problem within organizations," he added.
Augenbaum also advised organizations to identify their local FBI office. "Ask to speak to someone from the cyber squad. The FBI is a great resource. It's good to know who these people are because we were sharing information on a regular basis with people," he said.
