Did you know that the lingua franca used by hackers is Russian? That language, not English, is what cybercriminals of all nationalities use to share intelligence, recruit team members, and crow about their victories on the Dark Web. Just because the information is in Russian, though, that doesn’t mean the players are actually Russian.
That’s one of the insights from the opening keynote panel at the Global Press & Analyst Summit on Sept. 28, held in Silicon Valley. The panel was moderated by Alan Zeichick, Principal Analyst at Camden Associates. Three top cybersecurity law enforcement experts made up the panel: MK Palmore of the FBI’s Cyber Branch in San Francisco; Dr. Ronald Layton, Deputy Assistant Director of the U.S. Secret Service; and Michael Levin, Former Deputy Director of the U.S. Dept. of Homeland Security, and today the CEO of the Center for Information Security Awareness.
The panel differentiated between different types of hackers – and thus, different motivations. There are state-sponsored actors, seeking to steal intellectual property or prepare for cyberwar. There are criminals, both small-scale and organized, looking to steal money, or for assets to sell. There are activists, seeking to make political points or support causes. And there are insiders, looking to harm or steal from their employer.
Law enforcement wants to know who those are criminals are, so they can attempt to run them down and arrest/prosecute them. For everyone else, it doesn’t matter. Simply look to protect yourself from attacks – and that includes having practices to make it harder to breach, and also having the vigilance to detect if you have been breached, so you can take countermeasures before too much damage has been done.
The panel’s advice for protection: Do the basics! Get rid of default or easy-to-break passwords, which are frequently overlooked. Install patches and fixes. Get rid of back doors into software or systems, which might be unguarded. Train employees not to click on every email or web link – because if they do, breaches will occur, no matter what security you have.
Yes, it’s low-hanging fruit. But if you have default passwords, or don’t install patches and fixes, that’s where the bad actors will get in. Cyber-criminals are lazy, said the speakers. So if you have good protections, and your employees are well trained, criminals will often go find an easier target.
All three speakers talked about the importance of establishing a good relationship with local cyber-security law enforcement for organizations of all sizes. The Secret Service and FBI have field officers and cyber task force agents all over the country, who don’t only want to offer timely information, but are available to business owners, CISOs and IT managers. Just like you should know the phone number of your fire department, and make sure you have working smoke detectors, you should know who to call – and they should know you, too.
In other words, they are from the US government, and they are here to help you. Let them.