Cyber crime has become an increasing priority for the Federal Bureau of Investigation.
Richard T. Jacobs, assistant special agent in charge for the FBI, spoke at length during a seminar hosted by the Securities Industry and Financial Markets Association in New York on Tuesday about cybersecurity threats and how firms can better protect themselves.
“Cyber has been one of the most challenging environments for me to operate in, and because of that complexity and level of challenge, our director has made cyber a priority for the FBI,” Jacobs says.
Jacobs, who has been in the bureau for close to 17 years, supervised a high-profile securities fraud team, which successfully handled the investigations of Bernard L. Madoff and Galleon Group.
In 2014, he helped establish the Financial Cyber Crimes Task Force, a multi-agency initiative operated out of the FBI’s field office in New York that targets financially motivated cyber-criminals and technology-based fraud schemes. This task force was one of 56 that the FBI established in field offices nationwide as part of the Next Generation Cyber Initiative, which focuses on combating the growing threat of cyber crime.
Jacobs believes it’s a whole nation’s responsibility to defend against cyber-adversaries, which is why he stresses the importance of collaboration between the private sector and the FBI.
“I realize that for many of you one of the first calls you’ll make is a third-party security and forensic company — obviously they’re very good at what they do,” he says. “Once you’ve sat at the table and determined what your next step is going to be, we should be one of the first phone calls where we can talk about what we think should be done and how we can work with you.”
Before a breach in cybersecurity even happens, there are things that can be done to better protect a company’s security. Here are four tips gathered from Jacobs’ recent speech in New York:
1. Be aware of the four different type of attackers.
The FBI’s first goal when investigating a cyberattack is to try to attribute the perpetrator. The FBI categorizes attackers as either “state-sponsored,” “criminal,” “hacktivists” or “insiders.”
State-sponsored actors are groups that are acting on behalf of a foreign power to cause harm or gain political, economic or military advantage, Jacobs says.
“They do that either by stealing sensitive information they can use in the future or engaging in something more destructive – deleting your data, as we saw in the Sony case and many others; conducting denial-of-service attacks that make your networks basically inoperable; and we’re also seeing an increase in cyberterrorism.”
Meanwhile, someone who would be considered a criminal actor is typically motivated by profit, Jacobs says.
“Many of these criminal groups are equally as sophisticated, if not more sophisticated, than some of the nation-states out there,” he adds. “Because of that, many of these criminal actors are actually recruited by foreign governments to help them with their operations. So the lines between the two are not very clear. If we investigate a breach and it’s a very sophisticated criminal actor it may give the appearance of a nation-state. Sometimes it takes a lot more research to determine: Is this breach criminal or is it national security?”
Meanwhile, “hacktivists” are individuals who hack in order to send a political message, Jacobs says.
“They’re not looking for profit,” he adds. “They’re looking to harm a particular industry, expose a particular company or simply get their message out. Most of the hacktivists are not terribly sophisticated.”
They engage in low-level attacks, like a “simple” malicious website or doxing. Doxing is when someone searches for and publishes private or identifying information about a person (often high-profile like an executive or a government, military or law enforcement official) on the Internet, usually on a criminal forum.
The most common type of breach comes from an unintentional insider. There are two kinds of insiders, according to Jacobs.
“One is the malicious insider who intends to cause harm and has access to your resources and the other is the unintentional insider who just does something silly,” he says. “They open up an email they shouldn’t open up. They click on an attachment, a website they shouldn’t and now they’ve affected your network. That happens quite often.”
2. Make sure your employees are aware.
Employees are “the weakest link in your security chain,” Jacobs says, adding that employees and personnel are a “very big problem to manage.”
“How do you stop an employee from doing something stupid?” Jacobs said. “Awareness and training, it helps. That’s probably the best you’re going to be able to do, but at the end of the day if a very skilled and well-crafted spear-phishing email comes their way, there’s a good possibility someone is going to open it.”