U.S. Secret Service Official Says Basic Security Measures Are More Effective Than You Think
/**/ /**/
/**/ brightcove.createExperiences(); /**/
Jason B. Brown, assistant to the special agent in charge in the United States Secret Service’s Criminal Investigative Division, has tracked down many high profile cybercriminals in his career, including the hackers behind the 2007 T.J. Maxx breach and others selling stolen information online.
Although sophisticated hackers are wreaking havoc on companies and are tough to stop, end users can defend themselves by employing basic security measures, Brown said in a keynote presentation Sunday at the XChange 2015 conference, hosted by The Channel Company, the publisher of CRN.
Brown recommended that end users use "good personal hygiene" when it comes to security -- which means using complex passwords, using a different password for every account, and using a separate cheap computer for online banking activities, among other approaches.
[Related: IDC: Security Market Chaos Creates Services Opportunities For Channel]
In an interview with CRN after the keynote, Brown said solution providers should also work to simplify their systems as much as possible to prevent an expanding attack surface.
"The best thing that we can say to do is just [use] good safe computing and safe Internet practices," Brown said. "It sounds simple, and honestly a lot of it is simple if people would just do it."
Brown warned that changing end user behavior can be a challenge. A recent case in which hackers used the Backoff malware -- which first emerged in 2013 during the Target breach -- to steal customer information from more than 50 stores in the Buffalo, N.Y. area happened because the victims were using default admin passwords for LogMeIn remote access software, he said.
Vince Tinnirello, CEO of Lone Tree, Colo.-based Anchor Network Solutions, agreed with Brown's message about the importance of getting back to applying fundamental security best practices, including using complex passwords and appropriate administrative rights.
"These are important things. They may be annoying to you as an end user, but they're there for good reason. We're not asking you to do these things because we want to make your life difficult. We're trying to protect you," Tinnirello said.
Tinnirello said end users often don't pay attention to following these rules because they don't think security breaches will happen to them.
"It's hard to get end users who are busy in their daily lives to really stop and think. I think that's the biggest thing," Tinnirello said. "Getting people to buy into why they need to have the security that they do is challenging."
That challenge is compounded as phishing and other basic tactics evolve into more sophisticated and targeted attacks, which can more easily slip under an end user's radar, Tinnirello said.
"What most clients don't understand is that they are their best defense," Tinnirello said. "We can have all the tools in place, but if you open up the front door and let the thieves in I can't do anything about it...There's no magic answer to a silver bullet. It's just using common sense, but that's easier said than done."