A national security expert touts education and awareness as the best defense against cyber fraud attacks.
Jack Plaxe, president of the Kentucky InfraGard Alliance, was in Georgetown Tuesday for a presentation to officials from varying levels of government and business. The presentation included trends and ways people are trying to steal information and money over the internet.
InfraGard is a public-private partnership spearheaded by the Federal Bureau of Investigation to exchange information and raise awareness of the security of 16 critical infrastructure sectors most likely to be subject to physical or cyber terrorist attacks including: chemical, communications, dams, emergency services, financial services, government facilities, information technology, transportation systems, commercial facilities, critical manufacturing, defense industrial base, energy sector, food and agriculture, waste and waste water.
Awareness locally has been heightened by a recent cyber fraud scam at Scott County Schools that attempted to heist $3.7 million. Fortunately, local banks were able to recover the money.
“That particular cyber fraud is called business email compromise, and typically requests you to do something like click on a link or download an attachment or send information,” said Plaxe, who also founded Security Consulting Alliance, LLC, in Louisville.
“These types of scams rely on the fallibility of humans, and since we are all human, we are fallible. It relies on someone who is working and maybe trying to accomplish many tasks and may not identify the warning signs in an email.”
He did say the particular cyber fraud attempt at the school system sounds like a more sophisticated plan.
“It sounds like someone had information to make it look legitimate, but that is not uncommon.”
He did say there are tell-tale signs any business or organization can watch for to tell if the email is legitimate.
“It could be an email from an unknown source or from another country in another language. I get those all the time, and unless you are doing business in Asia or China, just delete it,” Plaxe said. “Sometimes people pretend to be with a legitimate organization and change the name of the company or website by a few letters.”
He added a common tactic is to change the domain from a legitimate site, for example instead of coming from .com it is changed to .org.
Organizations like InfraGard can prove invaluable to local leaders. Scott Hall, executive director of the Georgetown-Scott County Revenue Commission, is an active member of InfraGard and is the deputy sector chief for government facilities. By being a participant, Hall and others receive information from the FBI on how attacks and tactics are constantly changing, and Plaxe said that is the biggest challenge.
“Defending critical infrastructures requires diligence and educating yourself on security and how attackers are adapting and changing their tactics,” he said.
“An estimated 70% of cyber exploitation starts or is introduced with an email, not a hacker. They know that humans are the weak link and try to exploit that. Nobody is exempt from cyber crime and everyone needs to be prepared.”
Steve McClain can be reached at firstname.lastname@example.org.