John Iannarelli, a FBI consultant, is more worried than ever about imminent cyberattacks on small businesses. Mark Pribish talks with Iannarelli about the cyberthreats that Americans face.
What if we could get an unfiltered, insider's view from a Federal Bureau of Investigation consultant on cyberdangers and the ID-theft security threats facing businesses today?Just days ago, I had the opportunity to interview John Iannarelli, current FBI cyberconsultant and recently retired assistant special agent in charge, Phoenix division. Iannarelli provided a sobering assessment of the cyberthreats America faces. Here are the highlights of the interview:
Question: Is consumer ID theft a growing threat?
Answer: "The theft of consumer information is on the rise, and it is not going to stop. In the 21st century, the cybercriminal is a purse snatcher and pickpocket all rolled up into one. He is looking to take your cash and steal your identity, doing all of it without ever leaving his or her house."
Q: Big businesses continue to make headlines. Is my small business at risk?
A: "Time and again I have heard small business owners say they have nothing to worry about because they are too small to interest cybercriminals. Instead, small businesses are exactly who the criminals are targeting for two primary reasons. In the criminal's mind, why go after large companies directly, when easier access can be attained through small business vendor relationships. Secondly, since small businesses have less financial and IT resources, criminals know they are less 'compromise ready' and tend to be less resilient."
Q: Why do you emphasize data-breach education and recovery planning?
A: "While information security is critical to minimizing the potential for a data breach, the fact is data breach events cannot be stopped. I used to say it is not a matter of if, but when. Now I say, "How are you prepared to recover?" You are going to get hacked. It is inevitable. Companies need to think about cybersecurity, backing up their information so that they can continue business after the breach has occurred, and a recovery plan to make their clients and customers whole."
Q: What is your recommendation for safeguarding information?
A: "My No. 1 recommendation is education. Unlike the movie version of a sophisticated computer intrusion carried out by cybercriminals, the vast majority of breaches are facilitated through some method of social engineering. For example, one of your employees clicks a phishing link, giving the cybercriminal access to your entire computer network. To defend, there is no substitution for education, including ongoing employee training. It's a proven and low-cost method to protecting your business from a financially devastating cyberevent."
Q: How can law enforcement help businesses, especially small business?
A: "Remember, whatever law enforcement does, it is after the fact. If your loss is large enough for a law enforcement agency to justify and devote resources into looking at your case, they will probably be able to identify the party responsible. However, it is then up to the courts for justice and recovery. It's better for your business to be proactive with an information security and governance plan. Plus, by staying current with security-related employee education, processes and technology, you will help minimize your risk and exposure to a data breach."
Mark's most important: Take FBI consultant Iannarelli's cyberdangers, warning and advice seriously. Your business is at a greater cyber-risk than ever.
This article was originally published on AZcentral.com and republished with the author's permission.
Merchants Information Solutions is a proud sponsors and provides financial support to the ITRC. For more information on the ITRC’s financial support relationships please see our sponsorship policy.