“You must have an incident response plan practiced and in place prior to the actual cyber security incident occurring.”
Robert Villanueva, EVP, Q6 Cyber and veteran of the US Secret Service, specializing in international cybercrime, network intrusions, and identity theft breaches will be participating in CL@B 2017, the Financial Technology and Innovation Conference starting Augut 30th in Miami. Get a scoop at his insigths before you see him life.
What should we expect in the next 5 years? How is the environment going to change (crime and protection)?
During the next 5 years you should see more of the same types of targeted cyber-attacks, threats, malware proliferation and network intrusions that are conducted daily now on the private sector. Distributed Denial of Service Attacks (DDOS), Business Email Compromises (BEC) and Ransomware are a multi-Billion Dollar fraud industry for cyber criminals and they will not cease. I do see the private sector taking a more proactive approach in combatting and disrupting some of this targeted criminality on their networks.
What should a financial services corporation beware more of: domestic cybercriminals or big international networks?
International Eastern European cyber criminals are by far the principal and most significant threat to the Financial Infrastructure of the U.S.A. and the rest of the Americas. As the former head of the Cyber Intelligence Section for the U.S. Secret Service, I have seen an escalation of the professionalism and actual “hacker for hire” of this Eurasian miscreant online community throughout the years. Now, while working in the private sector at Q6 Cyber (an international cyber threat intelligence company), I am witnessing a substantial “uptick” of more transnational criminal collaboration and online communication between Eastern European and Latin American cyber threat actors via private forums.
Which are the industries most often targeted by cybercrime and why?
The Financial, Retail, Hospitality and Heath Care Sectors are the ones most often targeted by international cyber criminals. All these industries deal with payment cards, financial data and PII information and obtaining this information is usually a cyber criminal’s primary objective. Any sort of financial data (i.e online bank, brokerage or retirement accounts) is also frequently targeted by sophisticated malware for collection and sale on the Dark Web.
Which are the ones that spend the most in protection? How much should a company spend in protection?
Larger Financial Institutions, Retail Establishments and Fortune 500 Companies have more financial resources and therefore, will invest more in comprehensive cyber security and cyber intelligence programs. Every financial institution, company and/or business (no matter the size) should factor cyber security costs for prevention and security incidents into their yearly budget.
What percentage of cybercrimes could have been / can be prevented by protection, and what does that protection consist on?
Cybercrime can be mitigated and disrupted through cyber security planning and proactive cyber intelligence. Basic “cyber security hygiene” (antivirus, strong passwords and updates) are essential and just the start. Companies must hire well qualified/experienced individuals and vendors to enhance their cyber security posture to be more secure. The regular training of company staff as well as network penetration testing (by an external professional) should be a consistent and annual event.
The “weak link” of cybercrime mitigation is most frequently the end user (i.e. customer) who’s education level and cyber security awareness varies considerably. Often times, their financial information is compromised through malware infections on their personal computers. This stolen financial data (including online log in credentials) eventually winds up on the Dark Web and then is trafficked by international cyber criminals. This is where a reputable Cyber Intelligence vendor comes in and attempts to disrupt the criminal activity before the fraud is incurred by the financial institution.
Is the cooperation between corporations, cyberpolice, governments, other authorities good enough or it needs changes, and which ones?
I have seen an increase in collaboration between the private and public sectors during the past few years. It is getting better, but there is a lot of room for improvement in both sectors. Remember, often times cyber criminals are not targeting a specific company, but a sector. By working together, you can combine your knowledge and resources to be more prepared with the actual current trends affecting your business sector so you can take appropriate action before you become a target.
Cooperation between international law enforcement agencies that investigate cybercrime is usually very good. Although depending on the country, timely and complete cooperation is sometimes challenging. This also varies on the political climate, level of cybercrime knowledge/education and antiquated laws in foreign countries that do not recognize cybercrime yet as an independent offense.
Is the fight against cybercrime a priority in all the different countries and companies in the Americas?
Unfortunately, many countries and companies in the Americas lack the resources or are just reactive in properly securing their networks from sophisticated international malicious actors. It is important to seek assistance from qualified vendors with the expertise in the cyber security and cyber intelligence field. Please do your due diligence on all vendors prior to engaging with any of them.
You are participating at the CL@B conference in Miami. In your opinion, why are these events important to the financial community in Miami?
Events like the CL@B and participating in organizations like FIBA are very important to the local South Florida financial sector and community. Besides networking opportunities, the CL@B conference brings both education and awareness of the current areas of concern to members of the financial sector.
What is “the message” for our readers?
Take the time to properly evaluate your company’s cyber security plan and make cyber intelligence an important component of it. Be “proactive” and do not wait for any fraud issues or an incident to occur.
Remember, it is in not a matter of “if” you will have a computer network security incident, it is a matter of “when” it will happen. You must have an incident response plan “practiced and in place” prior to the actual cyber security incident occurring.
About Robert Villaueva
Robert Villanueva is a 25-year veteran of the US Secret Service, specializing in international cybercrime, network intrusions, and identity theft breaches. He is Founder of the US Secret Service Cyber Intelligence Section. He led a regional electronic crime task force, with more than 800 members of the private sector, academy and police forces. Robert is a member of the steering committee of several organizations and universities.