7 Sobering Cybersecurity Realities From A Former FBI Agent

Also: “How come the FBI isn't doing more to arrest these people?”

Samara Lynn
clock • 4 min read
7 Sobering Cybersecurity Realities From A Former FBI Agent

Scott Augenbaum has seen it all and pulls no punches. The retired FBI agent, formerly of the Cyber Crime Prevention; Supervisory Special Agent, Cyber Crime Fraud Unit, shared his years of experience in his closing keynote address, "The Unseen Battlefront: Proactive Cyber Defense Strategies for Midsize Organizations," at the Midsize Enterprise Summit IT Security.

Augenbaum spoke of the countless cyberattacks he's investigated over the years, many involving ransomware. There are some truths about cyber incidents that many organizations seem to be in denial about, and he shared some realities they should know.

1. Throwing money at the problem is not helping organizations stay safe

"We keep spending more and more money to stay safe. We keep buying more products, more services, more insurance. But what does it mean? If we keep spending more and more money to stay safe, and the problem get worse, what does that mean to you?" he said. 

Augenbaum acknowledged there is a need to spend some money on security defenses but emphasized it's important to spend on the right tools and on the value of end-user security awareness of the myriad cyber scams out there. 

2. No one expects to be a victim

"None of my victims ever expected to be a victim," he said. "Why would anybody want to target me, is what organizations would say. My favorite line: I'm a smaller mid-sized business. I'm not as big as the big players. I don't have anything of value that anyone would want. And I'm here to tell you, cyber criminals do not care who you are. They want access to your stuff and every organization has stuff," he added. He said in his experiences, it's the smaller and mid-sized business that really suffers after a cyber attack.

3. You're not getting your stuff back

"The bad guys get into your network; they steal your stuff. What is your stuff? Your intellectual property. Your stuff is your data … access to your cloud-based accounts. Because today we hear so much talk about the perimeter but where is all of our information? Bad guys are getting into it or when your organization gets hit with ransomware and you contact law enforcement, law enforcement does not have a magic wand … you're not getting your stuff back," he said. That realization, Augenbaum said, is "very upsetting" for organizations. 

4. Bad guys typically won't get arrested

Cyber criminals are mostly located overseas, Augenbaum said. "They're located in Russia, they're located in China, they're located over in Iran, they're located over in North Korea. I always got the question, ‘Scott, how come the FBI isn't doing more to arrest these people?'"

He said that the challenge isn't just that threat actors are mostly overseas but when law enforcement does arrest one, "another one comes back. Happens all the time," he said. 

5. There is a good reason not to pay ransom

Paying a ransom demand can make you "a target again," Augenbaum said.  "I've seen companies pay the ransom on Monday, they didn't fix the vulnerability, and they got hit by another group on Wednesday," he said. 

6. You do need security tools

"We need tools," he said.  "You need those pieces of technology. You can't just sit here and go, hey, I'm going to have a great mindset and we're going to train our people." He also stressed the importance of multi-factor authentication (not just in business but also using it in our private tech lives) and that organizations should ensure that any third parties they deal with are also using MFA. 

"What happens when your third-party vendor does not have two-factor authentication on their network? Bad guy gets in the middle," he cautioned. 

7. Cyber incidents are mostly preventable

Augenbaum said that almost 90 percent of what he has dealt with during his law enforcement career "could have been prevented with the right end-user education and awareness." 

Falling prey to cyber attacks can be part of a "mindset problem within organizations," he added. 

Augenbaum also advised organizations to identify their local FBI office. "Ask to speak to someone from the cyber squad. The FBI is a great resource. It's good to know who these people are because we were sharing information on a regular basis with people," he said. 

You may also like
Large Vendors Are Not Held Accountable Enough For Security Breaches: Opinion

Column

Microsoft, recently, was little more than puppy smacked by a U.S. cybersecurity agency for a major breach

clock 04-10-2024 • 2 min read
Executive Career Coach: Here's How To Recruit And Retain IT Talent

Transformation

Recruiters should shift their mindsets in order to attract and keep talent, especially with younger people entering the workforce

clock 04-09-2024 • 4 min read

MES Midmarket 100 Awards

MES Midmarket 100

The MES Midmarket 100 Awards recognizes vendors that have proven themselves to be forward-thinking technology providers with product and services offerings.

More on Security

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Samara Lynn
clock 04-18-2024 • 6 min read
Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

More users, more devices, more certificates to manage.

Samara Lynn
clock 04-17-2024 • 2 min read
Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

“In the biggest global election year in history, democracy is the primary target of nation-state threat actors," the co-founder of cybersecurity firm Armis says.

Samara Lynn
clock 04-16-2024 • 3 min read