GREENVILLE – All businesses are potential victims of cyber crime and the threat will continue to grow, business leaders learned during last week’s Darke County Chamber of Commerce annual meeting.
Supervisory Special Agent Kevin P. Rojek, the supervisor of the Cincinnati FBI field office’s Cyber Squad, was the keynote speaker during the Chamber’s annual meeting at Romer’s Catering in Greenville. Outreach to individuals and business leaders is essential to the FBI’s mission of combating crime, Rojek said, and the Chamber of Commerce event was a great way to reach business leaders in Darke County.
“It’s critical,” Rojek said of the importance of community outreach. “As I said in the presentation, the idea of getting the word out to the individual users on their home systems, on their business systems to really understand the threat because I talked about networks are hard, people are soft. It’s the individual user who is the most prominent attack victim so the bad actors be it nation-state actors or criminal actors are going to attack that weakest link, and that’s the individual user. It’s going to be with that phishing so the more that people are educated on the threat and understand how the threat is executed, the better chance that we have of mitigating the threat.”
Over a three-year period from 2013 to 2016, American businesses lost more than $5 billion in cyber crimes. Last year alone more than $1.41 billion was lost in ransomware attacks.
Threats can come in several varieties including national security threats who aim to disrupt government and businesses, criminals who seek to profit off cyber crime and hacktivists who aim to promote causes though financially motivated hacking is the most prevalent.
All forms of hackers present unique challenges, Rojek said, but state-sponsored hackers are the most difficult to combat and often will never see the inside of a courtroom.
“They both present very unique challenges, but by far the state-sponsored actors because they have unlimited resources, unlimited budgets,” Rojek said. “They’re much more sophisticated in their attacks. It’s much more difficult and challenging.”
In May the FBI warned Americans to reboot their routers as a defense against Russian-linked malware that was discovered. Being aware and listening to those warnings is one of the best tools Americans have to avoid becoming victims of cyber crime.
Rojek also encouraged business leaders to take preventative measures. The FBI discourages individuals and businesses from paying hackers in ransomware attacks so the best defense is to have files backed up before an attack occurs.
Another tactic is to verify information before acting. Rojek said in one instance a hacker impersonated a company’s CEO and asked a secretary for the tax documents for the company’s employees, causing a major security breach. In another instance hackers gained access to a company’s email accounts, waited until a business deal was set to be completed and then inserted their banking information. Confirming information by phone or in person can help businesses avoid those issues.
Businesses also need to be aware of who has access to their online networks. Hackers will target the path of least resistance, Rojek said, and that tends to be an individual. Even if all their employees are well-versed in security, someone less knowledgeable about security including outside contractors who have temporary access to systems can provide weaknesses that hackers can exploit.
Companies and individuals also should take steps such as shredding documents and monitoring credit statements.
One case Rojek never anticipated was working with the Cincinnati Zoo on a denial-of-service attack following the death of the gorilla Harambe in 2016.
“You never know what you’re going to see on a daily basis,” Rojek said. “You come into work thinking you’re going to do one thing and one email, one phone call completely changes your day and your focus and what you’re going to be working on.”
The Cyber Division is relatively new at the FBI, but it’s duties are quickly growing. It used to be that homes had a computer, but now they often have numerous laptops, tablets, cell phones, gaming systems and other devices connected to the internet. Now even appliances are coming equipped with wi-fi access, creating new potential security breaches.
Nationally the FBI has approximately 35,000 employees, including 13,500 agents. Less than 10 percent of the agents – about 1,200 of them – work in the Cyber Division.
Rojek oversees the Cincinnati Cyber Squad, which is responsible for Ohio’s lower 48 counties including Darke County. He supervises seven agent investigators, three computer forensic experts and two computer scientists. He also is responsible for supervising the Cincinnati FBI’s SWAT Team.