Frank Abagnale, the inspiration behind Steven Spielberg's hit film, Catch Me If You Can, talks to Karen Roby about TechRepublic about cybersecurity, passwords and the place executives are mistaken.
Frank Abagnale, a well-known scammer: crime is four,000 instances simpler at present
Frank Abagnale, a real inspiration for Spielberg's success, "Catch Me If You Can," talks to Karen Roby of TechRepublic about cybersecurity, passwords, and the place executives are mistaken.
Within the first a part of TechRepublic's four-part collection, "Mastermind's rogue, behind Catch Me If You Can, talks about cybersecurity," TechRepublic's Karen Roby met Frank Abagnale, the well-known criminal turned teacher of the FBI Academy, which impressed the character Leonardo DiCaprio within the film Catch. If you happen to can, talk about his work on the FBI Legislation Coaching and Analysis Middle and what C-suite leaders must learn about cybersecurity.
The next is a transcript of their interview held at Louisville's Bowman Discipline Regional Airport.
SEE: Rogue Mastermind Behind Catch Me If You Can Talks Cybersecurity (Free PDF) (TechRepublic)
Why violations happen
Karen Roby: What do you say to cybersecurity to CIOs and CEOs?
Frank Abagnale: Properly, initially, I inform them that an important factor to do is to coach their workers, and that an important job is to guard the knowledge entrusted to them by their shoppers. So, that's an important factor.
Sadly, many individuals are usually not educated by their firm and are due to this fact seduced by phishing scams or social engineering by cellphone, after they give plenty of data the place they need to not. Persons are principally sincere and since they’re sincere, they don’t have deceiving minds. So, after they see an e mail that appears very official, they assume that it’s actual.
I’ve been an teacher on the FBI Academy for 43 years. I've been educating two generations of FBI brokers having attended the academy. What's superb to me is how crime is less complicated than 50 years in the past. It's really four,000 instances simpler as a result of I didn’t have any present know-how. Thus, know-how completely breeds crime. This has at all times been the case and there’ll at all times be individuals who will use know-how in a destructive and self-interested method.
Karen Roby from TechRepublic with Frank Abagnale.
SEE: Consumer Privilege Coverage (TechRepublic Premium)
I've been concerned in safety breaches courting again to TJ Maxx 14 years in the past, to Marriott and Fb just some months in the past. One factor I discovered throughout my profession is that each offense happens as a result of somebody on this enterprise did one thing that he was not purported to do, or that another person did. one on this firm didn’t do what he was, excuse me, purported to do.
Hackers don’t trigger violations, folks do it. All that hackers do is search for weak factors. So, within the case of Equifax, they didn’t replace their techniques, they didn’t repair their safety patches, which opened the door to those hackers.
I reside in South Carolina. Somebody hacked the tax workplace 4 years in the past and stole three.eight million tax returns from residents of South Carolina – that was everybody. After the investigation, it was decided that an worker was taking a laptop computer house that he mustn’t have taken house. They opened it in a vast atmosphere and the hacker got here in.
That’s the reason it’s so vital to tell your workers about an important a part of their job, specifically the safety of the knowledge entrusted to them.
The way forward for passwords
Karen Roby: What’s your opinion on passwords and password authentication? The place are you going as a result of passwords don’t do the job?
Frank Abagnale: Passwords are for treehouses. Passwords are the know-how of 1964. In order that they had been developed once I was 16 years outdated earlier than doing what I used to be doing. I simply turned 71, and we nonetheless use passwords, and passwords are why now we have most malware, ransomware and every part else occurring.
Up to now 5 years, I’ve handed a authorities challenge to eradicate the world of passwords, not simply in our nation, and now we have virtually carried out so now. Shere is an Arizona-based firm referred to as Trusona that I counsel, which represents the true character. You could have seen an commercial through which Serena Williams walks right into a jogging market and has solely her cellphone in her hand. She sees a necklace that she likes. So she goes to an ATM Chase, she presses an software on her cellphone, she will get her cash and not using a password or card. Mainly, most US banks begin changing and not using a password.
All airways, all locations that use passwords, will take two or three years for folks for use and not using a password. So many of those websites will say, "You should utilize your password, or you cannot use your password, it's as much as you to see." However we’re lastly on the stage the place we’re eliminating passwords, and it was lengthy overdue.
"Passwords are for treehouses, passwords are the know-how of 1964."
There isn’t a know-how and there’ll by no means be any know-how, together with AI, capable of defeat social engineering. I used it 50 years in the past on a cellphone to get a Pan-American uniform. I didn’t know that I used to be a social engineer, however that's what I did, however I had just one type of communication, the cellphone. Right now there are numerous types of communication. So, what occurs, for instance, there’s a lot occurring proper now on the cellphone firms the place I name the cellphone firm and I say I’m you. Then I principally answered all the protection questions that they might probably ask me, after which I informed them that I had damaged my SIM card in my cellphone and that I needed to substitute it. So, they ship me a brand new SIM card. I put this in my cellphone and now I’ve your cellphone.
So, I’ve every part you might have in your cellphone. All of your contacts, all of your banking data, all of your data. Once more, it is a type of social engineering that entails utilizing a name heart and convincing that individual that it's actually me, however that particular person is aware of nothing however asking them questions requested on the pc. What’s your social safety quantity? What’s your mom's maiden title? These are issues everybody can uncover on social media. It’s not troublesome to search out all of the solutions to those safety questions.
Because of this, except you might have really taught the worker to know the questions he asks and the way he solutions them, it’s in truth their social engineering. Then you possibly can cease and say, "You will have gone far sufficient. I don’t suppose you’re what you say. You have to seem in particular person and determine your self with somebody from considered one of our shops or in a spot of its form. "
The actor Leonardo DiCaprio performed Frank Abagnale within the blockbuster film "Cease me in the event you can."
Catch the criminals at present
Karen Roby: How way more troublesome is it for these FBI brokers and those that play any such function to scale back it to the naked minimal?
Frank Abagnale: The issue is that the Web has made all this world. So once I was doing these items, the FBI was primarily coping with nationwide criminals. They’ve the ability to go and cease them; they’ve the ability to research them.
Right now, most of these items occur. We’ve got about 5,000 phishing emails a day. A lot of the cash, about $ 12 billion a yr from phishing emails, is distributed to 115 different completely different international locations on the earth – Russia, China, India, the place they launch these emails. phishing. Even when we all know who they’re and if now we have the deal with the place they’re, we actually would not have the ability to go and arrest them, to carry them again and extradite them, et cetera. This makes the duty way more troublesome. And that's why, through the years, what has change into way more vital is prevention after the actual fact, as a result of as soon as they steal your cash, you’ll in all probability by no means get your a reimbursement.
"Hackers don’t trigger violations, folks do it."
So don’t allow them to steal your cash to begin. We’ve got wonderful know-how. The issue is that almost all firms don’t use it. They’re all of that angle, "Oh, that can by no means occur to me, I'm not an enormous firm, I don’t wish to spend cash on that."
And so, if you don’t use know-how, you open the door that opens to permit the hacker to enter, that's all he's in search of.
On the FBI Academy, I educate new brokers. I educate at our nationwide academies the place we invite legislation enforcement to comply with an eleven week coaching program. However I additionally educate on the FBI CSO Academy and twice a yr we herald about 50 Fortune 500 civil society organizations. They spend per week on the academy and I educate a few of this course throughout their keep. It goes again 40 years, once I went out and talked to bankers about faux checks and embezzlement. I had used to take a seat up there and inform myself, "I’ve to sing to the choir" as a result of I suppose all these folks know every part I inform them.
SEE: Cyber Safety Technique Analysis: Widespread Ways, Implementation Points and Effectiveness (TechRepublic Premium)
After which I spotted that they didn’t comprehend it. Properly, it's the identical factor now, 40 years later. I speak to people who find themselves purported to be the knowledge safety officer of their firm and I begin to perceive that they have no idea a lot about it.
It 's only a job that somebody assigned to them, and so they in some way study as they go, and that' s what issues me – a little bit scary.
Cybersecurity Insider Publication
Strengthen your organization's IT safety defenses by conserving you recent with the most recent cybersecurity information, options and finest practices.
Delivered on Tuesdays and Thursdays
Join at present
Join at present