FBI Special Agent Darren Mott

IT 4 the Planet recently hosted a lunch and learn conference at the Wynfrey where FBI Special Agent Darren Mott spoke on cyber security.

Agent Mott, who has been with the FBI for 18 years and works in counterintelligence, began by reviewing some of the notable events in cyber security history.

One of the first worms distributed via the internet was the Morris Worm which infected 2000 computers within a few hours in 1988 and resulted in the first felony conviction in the USA under the Computer Fraud and Abuse Act.

As connectivity increased, so did the potential for damage, which was exposed in 2008 when eastern European criminals hacked into the Royal Bank of Scotland and took $10 million out of RBS accounts within 24 hours.

That same year, the entire Department of Defense system was compromised when Russian foreign intelligence operatives dropped thumb drives in parking lots at military facilities. Curious employees picked up the drives and stuck them in the computer resulting in the infection.

One of the most frequent threats today is ransomware where hackers lock up your machine and demand money to free it. Backup can protect you from ransomware provided your backup files are isolated from your network. This is important because some attackers search through a network to find backup systems to lock too.

According to Mott, cyber threats come from several sources. Hacktivists will break into your site to promote political or social causes. They rarely do much damage. If your web site is supported by a third party vendor, you can quickly correct it because it’s not connected to your network.

Nation-state actors conduct system intrusions to steal proprietary information from companies. They also have a use for personal information. For example, if a foreign interest finds John Doe’s mother is in the hospital with heart surgery for which John owes $200,000, the foreign agency may offer John the money in exchange for information.

The two biggest cyber threats to private businesses and medical practices come from criminals and insiders.

Criminals want money and/or information. Much of the personal information stored in medical accounts can be of great use to them.

Mott says that your biggest concern, though, comes from within your practice. A disgruntled employee might take information to a competitor or use it to harm you. In this case, it pays to be aware of suspicious activity. For example, is an employee printing more than usual? Is an employee who works 8:00 to 5:00 suddenly coming in on weekends?

Of course, disgruntled employees are only part of the internal problem. Happy employees can make a mistake that compromises your network. Several years ago, the CEO of a company in Cleveland decided to test his employees by created a bogus link to the company’s web site. He changed one letter in the company’s URL, something you had to look at close to notice. He sent out an email telling employees to check the new website. 33 percent of the staff clicked on it. Afterwards he explained to employees what he had done and pointed out the mistake. Three months later, he did the same thing and 20 percent of employees clicked the link.

Medical practices need to take actions to minimize these risks. Mott recommends using methodologies like package filtering to review and filter email before it accesses your network. It is also important to develop a risk management framework that pinpoints your vulnerabilities and puts controls in place. Likewise, a computer use agreement is imperative. The FBI can’t prosecute someone who steals data without an agreement in place.

Mott recommends using multi-factor authentication, which requires multiple methods for identification, wherever possible.

As for the future, Mott expects hackers to begin targeting more mobile phones and tablets. And medical devices could be at risk, as more instruments like pacemakers are connected to the internet. Then there is the internet of things. How much of your personal information does a smart refrigerator need to send your order to Publix? Voice activated personal assistants like Alexa can begin recording if you say something that sounds like “Alexa.”

Ultimately, as long as there is technology there will be bad actors looking to exploit it. With this in mind, we have to know our risks, prepare and stay one step ahead.