Blood in the water: FBI needs a bigger cyber boat

By Erin Ayers on March 4, 2015

SAN FRANCISCO–Fighting cyber crime is quickly becoming the FBI’s top priority, according to David Johnson, the FBI’s special agent in charge of the San Francisco division, who explained to a packed room here at Advisen’s Cyber Risk Insights Conference this week that the issue “crosses all the other things we do.”

David-Johnson-Headshot

David Johnson

The FBI counts among its beats terrorism, counterintelligence, corruption and more. Cyber crime has the power to influence and affect all of those risks, as well as presenting its own challenges.

“And we don’t know as much about this particular threat as we should, so we need to devote more attention to it,” said Johnson.

There is a famous scene in the 1975 movie “Jaws” in which Chief Martin Brody, somewhat skeptical of reports that a massive shark is preying on the residents of Amity Island, is prepping bait to lure the legendary creature. Then he sees it. Brody knows that they’ll need a bigger boat to catch the shark.

“When I think of cyber threats and risk, that’s what I think of,” Johnson told attendees of the conference. “We’re going to need a bigger boat.”

The cyber sharks are circling, and while the FBI is “uniquely situated” to fight these crimes from a national security and intelligence, Johnson emphasized that the federal agency needs the assistance from the public. He also expressed a need to “develop a sense of urgency” among the public, since it appears to be difficult to “visualize the significance of the threat.”

Johnston offered some big numbers to illustrate the problem. Cyber crime affects over 500 million victims annually, with an estimated 30,000 websites hacked daily. He added that there were 1,400 reported company or organization breaches in 2013. Among those, 465 struck the financial sector. The trends span 95 countries and six continents. Economic losses vary from $100 billion to $500 billion, he added.

“This is not going to diminish. It’s only going to increase over time,” said Johnson. Despite this, he said, the public, even law enforcement officials, appear to be “numb” to identity theft. Until they get hacked, of course.

“A couple of FBI agents in the office had their PII stolen. If you ever want to see people motivated to solve a crime…” Johnson said, allowing the audience to envision law enforcement officials on a personal mission.

Cyber crime increases in complexity by being an asymmetric threat, he observed. Criminals strike from all different directions, affecting all different people. The victims include anyone with an online presence. Cyber criminals include nefarious individuals, highly skilled, with diversified backgrounds and educational levels.

And whether the cyber incidents include distributed denial of service attacks, malware, Trojan attacks, social engineering, spear phishing, ransomware, virus/worm, Johnson encouraged reporting of any events to the FBI, both to begin an investigation or for assistance with determining the true nature of system disruptions.

“If your company’s networks are being scanned or you’re seeing intrusions that are hard to detect, there’s a pretty good chance that there’s more than meets the eye,” he said. The FBI might not be quite as communicative, Johnson warned. Many investigations are classified until carried through to successful prosecutions.

Johnson explained that the FBI and its fellow federal agencies have launched a “whole government approach to tackle this issue” to effect a “mindset change” for the public and private sectors, rather than focusing purely on prosecution. The agency intends to “use all resources” to mitigate cyber risk and has recruited employees “with the right skillset” to do so, he said.

“I’ve seen it get better over time, but there’s still a long way to go,” Johnson said. “It’s a big problem and we don’t have it figured out. Anyone who tells you we have it figured out is lying. They won’t pass a polygraph.”

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].