Ex-FBI Agent On Cyberattacks: ‘How Do We Get People To Understand The Threat Is Real?’

‘A majority of the victimizations that I’ve dealt with could have been prevented if my end users were only armed with a couple of key pieces of information,’ says retired FBI agent Scott Augenbaum.

Don’t count on law enforcement agencies to ultimately solve the cybersecurity crisis confronting public and private organizations around the world, said a former FBI specialist in cybercrimes.

Appearing at this week’s XChange NexGen 2022 conference in Orlando, Fla. hosted by CRN parent The Channel Company, Scott Augenbaum, a retired FBI agent who spent decades battling cybercriminals, said there are just too many cybercriminals located overseas—and beyond the jurisdictional reach of the FBI, Secret Service and other law enforcement organizations in the U.S.—to make a major difference.

“They’re located in China. They’re located over in Russia. They’re located over in West Africa, all over the place, outside of our jurisdiction and it becomes very challenging,” said Augenbaum. The FBI and the Secret Service do an amazing job, he added.

“We are not going to arrest our way out of this,” Augenbaum bluntly told a roomful of attendees at XChange NexGen.

Though Augenbaum initially appeared to be pessimistic about the fight against cybercriminals, he told audience members that he firmly believes most cyberattacks can be thwarted—under the right conditions.

“It’s all about prevention,” he said. “It’s all about behavior changes.”

Ultimately, it’s about convincing leaders of organizations that the security threat is real to their company or nonprofit and that they have to take steps to prevent cyberattacks, he said.

But too many leaders think they’re too small or too insignificant to attract the attention of cybercriminals so they don’t take the necessary security steps to reduce their vulnerabilities, Augenbaum said.

“There’s always a different excuse,” he said. “We deal with this on a regular basis.”

He added: “We’re dealing with behavioral change. We’re dealing with how do we get people to take things seriously. How do we get people to understand that the threat is real?”

Even if leaders accept that they’re vulnerable to cyberattacks, they then have to take the necessary steps, and not the minimal amount of steps, to shore up their defenses.

Augenbaum told channel players that the “No. 1 indicator” that a customer will be a victim of cybercrime is whether they have two-factor authentication within their security defenses.

The bottom line: Social engineering tactics remain, and will remain, the top cyberattack vector for hackers and organizations need to shore up those defenses, Augenbaum said.

“A majority of the victimizations that I’ve dealt with could have been prevented if my end users were only armed with a couple of key pieces of information,” he said.

Danny Perry, managing partner of Houston-based ITCubed, agreed that there’s “not much law enforcement can do” to prevent cyberattacks as well as bring hackers to justice.

In some cases, law enforcement officials are so busy they won’t even look at cyberthefts valued at $50,000 or less, he said.

So Augenbaum is right: It all comes down to education, prevention and changing behaviors, Perry said.

He said recent high-profile ransomware and other cyberattacks have raised awareness about the need for security.

“It’s still a battle to convince people, but it’s not as much of a battle as it used to be,” he said. “There has been a shift [in attitudes].”