Cybersecurity Awareness: Insights from FBI and CISA Experts

This October is Cybersecurity Month. Understand cybersecurity awareness with insight from FBI and CISA experts and stay vigilant to protect your business.

In today’s digital age, the landscape of cybersecurity has become increasingly complex. With the constant emergence of new threats and vulnerabilities, staying vigilant is imperative.

In honor of Cybersecurity Awareness Month this October, we had a conversation with Special Agent Angelica Lee of the Federal Bureau of Investigation (FBI) and Mike Kingsley of the Cybersecurity and Infrastructure Security Agency (CISA). Their expert insights into the world of cybersecurity suggest ways for individuals and organizations to enhance their cybersecurity awareness.

The Exploitation of Human Vulnerabilities

We know that cybercriminals are adept at exploiting human vulnerabilities through social engineering techniques. According to Kingsley, these tactics range from using social platforms to engaging in phishing attempts. They may also attend IT conferences to gather information from potential targets.

The goal of cybercriminals is to gain access to networks, often by impersonating trusted individuals, and then move laterally within those networks.

It’s essential that organizations and individuals be aware of these techniques and implement robust training programs. “Being aware of the fraudulent emails and attempts that are coming to inboxes is essential,” says Special Agent Lee. “Especially those in your businesses that have higher-level access like system administrators, finance teams, human resources, and so on.”

Emerging Technologies and Trends

Although the field is constantly evolving, both experts acknowledge that technology alone may not be the ultimate solution.

“For us,” Kingsley explains, “It’s still about making sure defenses are properly in place and that people are trained and are aware of the kind of schemes out there.” He emphasizes the importance of training staff as a front-line of defense.

While AI and other emerging technologies hold promise, they primarily benefit attackers by making their operations more efficient. As technology adapts, so do cybercriminals.

Often, the best way to stop cybercriminals is still user awareness and intelligence. Kingsley stresses the enduring importance of fundamental cybersecurity practices, such as regular patching, multi-factor authentication, and thorough training.

The Blame Game: Technology vs. Human Error

A recurring question in cybersecurity discussions is the extent to which technology is to blame compared to human error.

Kingsley cites a statistic suggesting that 90% of attacks involve human factors, particularly phishing. This underscores the importance of education and awareness as a primary line of defense.

With this knowledge, organizations should focus on educating employees about the latest threats and conducting targeted phishing exercises to increase awareness.

Patterns in Cyberattacks

Cyberattacks often seem indiscriminate, but there are patterns to be discerned. “Cybercriminals often cast a wide net, targeting various industries by exploiting vulnerabilities in common software or devices used across those sectors,” Kingsley explains. Trends he sees often involve attacks against a specific technology rather than a specific industry or business.

“It’s called phishing for a reason,” he shares. “They throw out a net and they pull back whatever’s in that, be it small, large, medium-sized. Then, they take that information and actually sell that to others who want to take on that bigger entity that they find within that net.”

Weak technologies, software, or user systems are vulnerabilities. Understanding this approach can help organizations prepare more effectively. Ensure your systems are up to date and offer reliable safety features and stable connections.

The Complexity of Cybercrime Operations

The complexity of cybercrime operations varies widely. Special Agent Lee mentions that cybercriminals can range from teenagers experimenting with hacking to highly sophisticated criminal organizations. “There’s a sense of community in it,” says Kingsley. “These kids are smart, and they’ve got no fear when it comes to these things.”

In fact, both experts agreed that young attendees at events like DEF CON, an annual conference for computer security professionals, can exhibit remarkable skills in understanding technology. “There is a positive, ethical side to learning how to navigate cyber systems and it’s important to steer young talent in the right direction,” Kingsley explains.

Recovering Stolen Funds

When it comes to recovering stolen funds after a cybercrime, time is of the essence.

Special Agent Lee underscores the importance of catching and reporting cybercrime as quickly as possible. “From our standpoint,” she says, “the chances of our ability to recover lost funds drops off significantly about 72 hours after the fraudulent transaction has occurred.”

She advises victims to contact their banks immediately to freeze accounts and then report the incident to law enforcement.

While there are no guarantees, swift action can improve the odds of recovering stolen assets.

Tracing and Convicting Cybercriminals

Tracing cybercriminals and securing convictions can be challenging but not impossible. Prompt reporting of incidents enhances the chances of identifying the perpetrators and bringing them to justice.

Cooperation between law enforcement agencies, organizations, and insurance companies is crucial during and after cyberattacks.

Collaboration with Insurance Companies

Challenges can arise in terms of communication and information sharing. Both experts emphasize the need to break down communication barriers to streamline the response process and protect the interests of all parties involved.

Additionally, Special Agent Lee shares the importance of engaging with legal counsel if you’ve been the victim of a cybercrime. “They’re an important component and will be able to advise in the event of an attack.” Incident response and legal costs are services commonly included within a comprehensive cyber insurance policy.

Protecting What Matters

Our conversation with Special Agent Angelica Lee and Mike Kingsley shed light on the ever-evolving world of cybersecurity. Their insights highlight the importance of proactive education, training, and awareness in the fight against cyber threats.

As we mark Cybersecurity Awareness Month, individuals and organizations should take heed of these valuable lessons and work together to bolster their defenses. By staying informed and vigilant, we can collectively strive to outsmart cybercriminals and safeguard our digital world.

For more information about cybersecurity, cyber insurance, or ways you and your business can stay vigilant, reach out to our office to speak with one of our Risk Advisors.