21st century cybersecurity: People are the first step
FBI Special Agent Jamil Hassani specializes in fighting cybercrime, and he told a gathering of lawyers and judges at the ABA Annual Meeting in San Francisco that because of their profession, stature and potential to poke back, he skipped something he often does just before such an appearance.
He typically sends a “spear-phishing” email to some of the people with whom he’s about to meet. “They get an ominous screen saying: ‘I just spear-phished you’ and a follow-up saying “Just kidding.”
His story illustrates the first level of security, which is people—those in the audience, employees of companies and others. He has found that when he uses the stunt, “one in 20 click on the link.”
The presentation titled “Effective Cybersecurity in the 21st Century: Privacy, Policy & Protocol,” was sponsored by the ABA’s Litigation Section.
With all the talk of cutting-edge malware, the tools that were used when he started in this work in 2004 “are virtually identical to the ones they’re using today,” Hassani said. But now the internet is much bigger. He pointed out that he managed to get into a major hotel’s computer system through the smart refrigerator in a guest room.
Companies need to do more than prevent cyberintrusions to protect themselves and their customers; they also need to comply with federal requirements for security.