Internet Criminals Pose Bigger Threat than Terrorists – FBI

Feb. 4, 2012 –

Web security study has found the vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords.

Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.

Little wonder the U.S. government along with state and local agencies, businesses and consumers should all heed ominous testimony before Congress. Then-FBI Director Robert Mueller warned “the cyber threat will equal or surpass the threat from counter terrorism in the foreseeable future.”

That was his January 2012 message to U.S. House Permanent Select Committee on Intelligence  in discussing the importance of the Internet.

“The theft of intellectual property, the theft of research and development, the theft of the plans and programs of a corporation for the future, of all which are vulnerable to being exploited by attackers,” Mr. Mueller testified.

Mr. Mueller warned it’s imperative for the FBI and federal government to get more proficient in analyzing, gathering and sharing information. He also requested appropriate legislation.

Indeed, we see proof of his admonition in news headlines almost daily, which has prompted countless Biz Coach articles about cyber attacks with tips for Internet security.

WIFI warning

The most-read Biz Coach article of all time quoted Stan Stahl, Ph.d., a nationally recognized security expert, in using Starbucks’ WIFI, a security pro issues warning and security checklist.

Also highly read is our mobile-banking warnings about security prove prophetic.

Don’t forget about healthcare. It’s vital to understand why many healthcare workers are responsible for an alarming trend: Medical ID theft.

Here’s a lesson about passwords after the theft of 16,000+ UCLA patient records.

“We’ve seen Israeli and Palestinian cyber-vigilantes launch DDoS attacks against each other’s web sites,” he explained.

“What happens when radical organizations discover they can launch a DDoS attack against their enemies?” he asked. “We should not be surprised to see the Internet become a battleground in America’s culture wars.”

Stan Stahl on Bloomberg

Key questions for organizations

Dr. Stahl recommends that all organizations answer four key questions:

  1. Are we gathering the information we need to understand our cyber threat and the quality of our cyber defenses?
  2. Are we effectively analyzing this information, using it to better secure our information?
  3. Are we sharing it with the necessary parties?
  4. In particular, is management getting the information they need to proactively manage information risk?

“One highly critical defensive measure, for example, is to rigorously keep software patched,” he added. One of the easiest ways for a cyber criminal to take control of a computer is to exploit a vulnerability in unpatched software.”

Dr. Stahl’s firm, Citadel Information Group, is regularly asked to help businesses.

“Patching needs to be on the weekly must-do list of every IT department and IT vendor,” he explained. “Yet, when we assess the patch levels of organizations, we are not surprised to often see more than 100 unpatched vulnerabilities on desktops.”

Questions for IT departments

To information technology departments, he poses these five questions:

  1. Does IT gather vulnerability information?
  2. Do they analyze it, taking appropriate action to keep vulnerabilities to a minimum?
  3. Is it shared with senior management?
  4. Does senior management know that IT must patch vulnerabilities to comply with laws like HIPAA HITECH or contractual obligations like the payment card industry’s data security standard?
  5. Does senior management regularly monitor “weekly vulnerability trends?”

“Human nature being what it is, cyber crime and hacktivism will likely get worse before things get better,” he concluded. “While we can hope to avoid cybergeddon, we also have to remember that hope is not a strategy.”

Amen. You can keep yourself updated by subscribing to Dr. Stahl’s Weekend Patch and Vulnerability Report.

From the Coach’s Corner, here are more Internet security resource links:

5 Safety Measures to Thwart Mounting Social-Network Attacks — Sally, the accounting manager of a medium-sized business, regularly checked her Facebook account while at work. One day she received an e-mail. The e-mail said that a long-lost friend, Bob, had added her as a friend in Facebook. By clicking on the e-mail link, Sally cost her employer nearly $1 million.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later. Originally, Citibank said 200,000 accounts were affected.

“Security is, I would say, our top priority because for all the exciting things you will be able to do with computers…organizing your lives, staying in touch with people, being creative…if we don’t solve these security problems, then people will hold back. Businesses will be afraid to put their critical information on it because it will be exposed.”

-Bill Gates


Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Seattle business consultant Terry Corbell provides high-performance management services and strategies.