Stopping cybercrime: Looking beyond technology
By Chris Gosier
Note: This story was originally published in Fordham Magazine and was re-published here on GabelliConnect.
Asked how technology can guard against shadowy online threats posed by hackers, a cybersecurity expert focused instead on the human factor—and common-sense precautions that no one should ignore.
Technology offers no guarantee of “absolute security” online, said Ed Stroz, BS ’79, a former FBI agent and current co-president of the cybersecurity firm Stroz Friedberg LLC. He instead highlighted the human foibles that can leave computer networks and online bank accounts vulnerable.
“When you talk about people losing money, usually the root cause of that is that somebody was tricked,” he said. “If I call you and … talk you into believing that I’m from the bank and you should take the following steps, a technologist cannot fix that.”
He spoke in Manhattan on February 23 as part of the Gabelli School of Business’ Flaum Leadership Lecture Series, founded by veteran business consultant Sander Flaum, who moderated the event.
The only way to completely avoid cyberthreats is to stay off the internet, Stroz said. He noted that the FBI and other “three-letter agencies” keep networks unhooked from the web if they want to ensure they won’t be hacked; to protect in-person conversations, they use secure rooms, usually windowless, where no mobile devices are allowed.
Staying off the internet isn’t an option for most of us, of course, any more than staying home all the time is a feasible way to keep from catching a cold. But basic precautions can help manage the risk, he said: Don’t reuse passwords. Add more layers of authentication for your email and other online accounts. He also advised practicing good “web hygiene” by downloading your computer’s updates when prompted—and not just for your own sake.
If hackers hijack your computer or other device to launch an attack on someone else, “you don’t want to be standing there saying, ‘Well, I didn’t think it was important to load the updates,’” he said.
While technology-related companies could be doing more to protect consumers, he said, “we all have an obligation to be good citizens, digital citizens.”
He said that cyberattacks on large retail chains in recent years got the companies’ attention because, unlike other security issues, they had a chilling effect on business. Asked about future threats, he said hackers will likely focus more on attacking data’s integrity.
“Let’s say you’re a medical organization and you have blood test results, and I change them and then I notify you and say, ‘I want this amount of money because I went in and changed the blood test results. You won’t know which ones. How much is it worth to you to get some type of satisfaction on that?’ The implications, I think, will be substantial.”
He also noted the importance of “measuring people” in a work setting, fostering a caring work environment and making sure that people who handle sensitive data can be trusted. “The insider risk is the thing that could hurt you the most,” he said.
He spoke at the University Club before an audience of approximately 100 alumni, students, and friends of the Gabelli School. Asked about leadership, he said that while some are born with innate charisma that makes them natural leaders, anyone can develop leadership skills. But leadership starts with looking inward rather than outward.
“What do people see in another individual that makes them willing to follow?” he said. “You have to sort of evaluate yourself if you want to be a leader and say, ‘What am I projecting, and what does that mean?’”