The Next Wave of Cybersecurity
Executive Viewpoint A conversation with
TONYA UGORETZ
Deputy Assistant Director for the Cyber Readiness, Outreach and Intelligence Branch, FBI
An FBI cyber leader discusses how the bureau helps government and industry protect themselves from cyberthreats
What role does the FBI play in addressing cyberthreats?
We see the FBI as a linchpin in
combating cyberthreats because they challenge the U.S. government’s traditional approach of looking at threats as either foreign or domestic, or either criminal or national security. Cyberthreats involve both criminals and state actors typically operating from overseas and both using and compromising U.S. networks to target U.S. victims.
The FBI is in a unique position because we have an optic into parts of this entire threat ecosystem, combining information we glean from commercial threat intelligence, our long-standing relationships with industry, our incident response
and investigations, our unique domestic intelligence authorities and foreign liaison, and our analysis as part of the Intelligence Community.
We share that information and insight to improve network defense, to inform offensive operations and to help attribute malicious cyber activity to the responsible actors, which gives the U.S. government options to deter and respond.
What has the FBI observed regarding the pandemic’s impact on the cyberthreat landscape?
To perpetrate scams, enterprising criminals are taking advantage of the high public demand for information about COVID and the rapid shift for many of us of our entire lives online. For the FBI, one key measure is the complaints we see coming in to our Internet Crime Complaint Center (IC3. gov). The IC3 has already received nearly as many complaints halfway through 2020 as
it did for all of 2019, and thousands of those are COVID-related scams.
Meanwhile, state actors are using cyber intrusions to satisfy their own need for information — for example, targeting COVID-19-related research to accelerate their own R&D and clinical trials or to gain insight into how other countries are responding.
On May 13, the FBI and the Department of Homeland Security released a public service announcement to warn members
of the health care, pharmaceutical and research sectors working on COVID-19 response to be aware that they are the prime targets of this activity and to take the necessary steps to protect their systems.
What are some best practices for ensuring individuals and companies are protected from cyberthreats?
It is still the case that some of the
most exploited vulnerabilities, even by sophisticated state actors, are ones that have long had patches available. To help address this, in May, the FBI and DHS issued an alert identifying the top 10 most routinely exploited vulnerabilities.
This highlights that the most important thing is still to exercise basic cyber hygiene: patch systems as soon
as practicable, educate your workforce about common adversary tactics such
as phishing and social engineering, and implement programs to ensure software is up-to-date.
This interview continues at Carah.io/Ugoretz-FBI.
TONYA UGORETZ
S-24 SPONSORED CONTENT