We spoke with Tim Murphy, former COO of the FBI, about the state of cybersecurity and how businesses can vastly reduce their risk of damaging cyber-attacks
While the nightmares that keep company鈥檚 chief security officers up at night may be many, fears of cyberattacks and data security breaches are usually near the top of the list, according to , a former deputy director and chief operating officer of the Federal Bureau of Investigation (FBI). We spoke with Murphy about the state of cybersecurity and ways that businesses can protect themselves. Murphy will also be speaking on a panel titled, How to Be a Cyber Fighter: Defending Against Cybercrime Threats at the upcoming .
Think about what you鈥檝e heard about cyber-breaches in the news. North Korean hackers during the meetings between President Trump and North Korean leader Kim Jong-un. Iranian cyber-thugs use to paralyze a 20-foot-tall New York dam as a possible practice run for a more disruptive invasion of our nation鈥檚 power grid. Special Counsel Robert Mueller (who also happens to be Murphy鈥檚 former boss), indicates that Russians engaged in an during the 2016 presidential race. Does that make you nervous? It should.
鈥淚 rate this (cyber-attacks) as the number one threat facing this country,鈥 Murphy says. 鈥淐yber-crime has always been there 鈥 financial institutions and other corporate teams are just more aware of it now, with better public-private partnerships and private-private partnerships working together to mitigate this risk.鈥
One of the main reason for the growth of cyber-hacking is the balance of power. Stealing data is a great equalizer for certain militarily disempowered groups ranging from organized crime syndicates, , or even the Edward Snowdens of the world. Data theft 鈥 whether corporate trade secrets or data stolen and then released to influence elections 鈥 pose a serious threat and have national security implications. We need to stand up and pay attention to these malicious cyber-strikes and understand their inception, Murphy explains.
Insider Threats Examined
Threats don鈥檛 come in one flavor, Murphy adds. It is a complex issue, originating from both inside organizations and outside.
For example, malicious, insider threats see current or former employees or even third-party vendors acting with nefarious intent. They are out to steal intellectual property or funds or simply to create havoc. The danger in these employee-related crimes is that they have inside information concerning the organization’s security practices, data and computer systems. Third-party vendors can also disrupt the supply chain. 鈥淎 lot more work has to be done around screening third-party vendors if you are bringing them in and partnering,鈥 Murphy says.
But there is a more serious issue looming. Workplace violence is also a rising insider threat, whether coming from the lone gunman, the disgruntled employee, or the dangerous person who has no reason left to live and wants to inflict harm on others.
鈥淧eople are stealing. People are dying. Our intellectual property is leaving. Our democracy is suffering,鈥 Murphy warns.
Some of the best ways to combat the attack, he says, is to respect citizen鈥檚 privacy, but also to learn how to create an insider threat program and analyze external risk indicators found in electronically available public information and open source data to help detect, prevent, and respond to insider incidents.
鈥淚 rate (cyber-attacks) as the number one threat facing this country. 鈥淐yber-crime has always been there 鈥 financial institutions and other corporate teams are just more aware of it now.鈥
Basically, this means a continuous monitoring of an individual鈥檚 public, online activity as well as the internal, network activity in order to detect changes in behavior. If an employee goes from posting pictures of their dog on Instagram to suddenly posting pictures of guns and making threatening comments about their co-workers, we should pay attention.
Pattern of Behavior
Often, cyber-attackers have patterns of detectable behavior and network activity which can provide indicators of risk, assist in early detection, and speed up response time of an actual incident including:
-
-
- 聽聽聽聽聽聽 What are employees doing on the network? Who are they doing it with?
- 聽聽聽聽聽聽 Are employees leaving with data and files?
- 聽聽聽聽聽聽 Are employees sharing sensitive and even classified information with outsiders in聽 聽 聽 聽 violation of company policy?
-
Also, monitoring an individual鈥檚 external exchanges such as social media posts or any other pre-attack indicators in the public record could identify an event in a person鈥檚 life which may lead to violence. Murphy was clear, this is about balancing privacy concerns with saving citizens鈥 lives.
鈥淚f you are analyzing the right behavior patterns, you might be able to intervene and get people the help they need before they do the unthinkable,鈥 Murphy adds.
The 鈥淯nintentional鈥 Insider Threat
Then, there are employees who through negligence or simple carelessness, fall into a security breach by, for example, carelessly clicking on a link in a random email. This scenario is , and can lead to data breaches, more phishing emails, and ransomware 鈥 they are all interrelated.
There are ways to mitigate the threats, however, Murphy says, including:
-
-
- 聽聽聽聽聽聽 Use employee and contractor training;
- 聽聽聽聽聽聽 Understand the threat presented by an insider;
- 聽聽聽聽聽聽 Continuously monitor employee and vendor networks;
- 聽聽聽聽聽聽 Update and upgrade software immediately, including application white listing and operating system patching;
- 聽聽聽聽聽聽 Encrypt, encrypt, encrypt; and
- 聽聽聽聽聽聽 Establish multi-factor authentication.
-
If employers take these steps, a number of studies have shown they can reduce 80% of the most common cyber attacks and risks to their organization, Murphy says.
