September 28, 2018

Today’s cyber thieves appear to have little in common with “Pretty Boy” Floyd and other notorious gangsters of the 1920s.

But criminals from different eras are more alike than you think, according to Bryan Smith, assistant special agent in charge, with the Cleveland Division of the Federal Bureau of Investigation (FBI).

“Cyber is merely the tool being used today to commit basically the same criminal acts that we’ve been dealing with for hundreds of years” says Bryan, who was the keynote speaker at a recent FirstEnergy Security Summit in the Akron area.

A 16-year veteran of the FBI, Bryan focuses on white collar and cybercrime. He points out that cyber in some cases has exceeded the drug trade in terms of dollars impacted from a criminal standpoint.

To explain the spread of cyber theft, Bryan recalled the words of career criminal Willie Sutton. When asked why he robbed banks, Sutton reportedly stated: “Because that’s where the money is.” Bryan added: “Why do people engage in cybercrime? Because that’s where the money is today.”

FirstEnergy works closely with the FBI and other federal agencies, along with peer companies in the utility industry, to identify physical and cyber security risks, exchange information, and put highly effective safeguards in place to meet industry reliability and security standards.

“Your company is facing cyber intrusions every day – and doing a great job of stopping these attacks,” Bryan says. “But it’s not an issue for just the IT folks. It’s a shared responsibility by everyone across your organization.”

To effectively stop cyber thieves, we need to think like them, Bryan notes. “If you’re a criminal, what would be the crown jewels of your organization,” he says. “In many cases, it’s not what you would expect. More and more, we see foreign governments stealing intellectual property from U.S. companies and then giving it to companies in their country. Some of it might be how you do your jobs – the flow of information within your organization.”

Cybercriminals often research individual employees to gain access to a company’s systems. “They’re looking at your online profile – what you’re putting on Facebook or LinkedIn,” he says. “They’ll use that information to target an individual. We need to be careful. If you’re putting information online about your kids or favorite sports team, then don’t use it in your passwords.”

Bryan points out that many cyber targets don’t realize they’ve been victimized until it’s too late. As a result, it’s imperative to report any suspicious activities immediately.

“Security requires ongoing engagement – whether it’s internally between business groups and IT, or externally between the FBI and other agencies that are here to help protect you,” he says.