Scott Augenbaum is a special agent for the Federal Bureau of Investigation, assigned to computer intrusions and counter-intelligence investigations in Nashville, Tennessee.
Scott started his career at the FBI in 1988 in the New York Field Office as a support employee in the Financial Management Section. In 1994, he went to the FBI Academy in Quantico, VA and became a Special Agent. His first office was the Albany, New York Field Office, Syracuse Resident Agency. He was assigned to work domestic terrorism, white collar crime and all computer crime investigations.
When I came to the FBI in 2006, the agent assigned to intrusion matters was the Maytag repair man of the group. Nobody ever called.
Fast forward 10 years, and we have 5 full-time investigators assigned to cyber intrusion matters. One is assigned to national security-foreign intelligence services from Russia or China, our non-friendly affiliates that are into critical infrastructure, manufacturing, academia, and lately even healthcare. Two agents work transnational criminal enterprises-individuals tied to computer intrusion for profit. And the last agent works the "hacktivist" threat.
With this huge evolution of the cyber security threat, there are three things we've learned that stand true.
While crime used to be a localized problem, cyber threats allow the majority of our suspects to commit these crimes safely, from overseas, far out of our reach.
By the time an organization contacts us with an issue, or even a concern, it's usually too late.
90 to 95% of cases we work on could have been prevented.
Unfortunately, corporate and private hacking are really one in the same. The "bad guys" are attacking the weakest link in an organization-the end user, the individual logging in from their home computer, the same computer they do their internet banking on and the same computer they log onto their corporate network with. "Bad guy" steals the login information and, if there's nothing else in place to secure the network, they're in.
I hate to say it; it's as simple as that!
You can buy the best firewall in the world and the best intrusion detection system, but if your user is logging into a corporate environment from a home computer with no multi-factor identification, no tool on the market is going to stop the bad guys. Companies today are throwing mounds of money at the problem but not addressing the key elements. And beyond that, our adversaries are getting better at what they do.
"I've made peace with insecurity… Because there is no security, of any kind." -Dick Van Dyke
The most important question to ask, when you get ready to implement a new solution, is "What percentage of risk are you looking to eliminate in the equation?" If you don't know the answer to that, you probably don't really think it's going to happen to you, and that's part of the problem.
The best advice I can give you? Find the most key, critical piece of information your organization has and build a defense mechanism that protects it.