On Wednesday, March 6, People’s Light will host its third Corporate Speaker Event featuring Special Agent Ben R.P. Stone, who will share his expert insights on cyber security. Currently, Stone works within the FBI’s Philadelphia Field Office leading the five-year-old Cyber Criminal Squad responsible for all cyber crimes for the FBI Philadelphia Office. His resume includes a stint as Supervisory Special Agent of the Intelligence Squad Confidential Human Sources, also here in Philadelphia, where he was responsible for the strategic recruitment of Confidential Human Sources across the Division. Stone has also served as Assistant Inspector at FBIHQ in the Office of Inspections and as the FBI’s liaison to French Law Enforcement and Security Services regarding cyber matters. Locally, he has participated as a speaker at Tech360. Prior to entering the FBI Stone worked as a researcher in the pharmaceutical industry. Additionally, Stone holds two United States Patents and is the author or co-author on several peer reviewed scientific papers. Do we think you’ll find him and his presentation interesting? Absolutely! We’ve kickstarted the conversation with a few questions, below. We look forward to seeing you at the event and hearing your questions. RSVP to warden@peopleslight.org.
What is one major type of cyber-attack that is out there and how can businesses, small or large, defend against them?
Ransomware is one of the biggest threats right now. While it has been around for some time (at least five or six years) it continues to evolve, and cyber criminals are constantly evolving and adjusting their tactics.
In general, what are the most common issues arising from weak security? Are certain types of businesses more likely to face threats?
Any business is vulnerable to cyber threats. We have seen Fortune 100 companies attacked in the same manner or vector as small three-person partnerships. Most attacks are financially motivated, either through the direct theft of funds or the monetization from the theft of information.
What are the biggest myths regarding cyber-security for businesses?
That you are too small or not in an industry or sector which may be targeted.
What mistakes do companies make that are easy to fix once recognized?
Companies should establish robust and secure backups, conduct table top exercises to practice what they would do in the event of an incident, and ensure their incident response plan is up to date. In addition, they should enable Multi Factor Authentication and review their practices when it comes to remote access.
When a business sets up a Wi-Fi network, what are realistic security concerns (vs. imagined/sensationalized), and what type of password is best for internal use. How should a business go about setting up a public network?
The below was lifted from Cox Communications as their recommendations
- Move Your Router to a Physically Secure Location
- Change the Default Router Login Information
- Change the Network Name
- Update Your Firmware and Software
- Use WPA2
- Double Up on Firewalls
- Set Up Private Access and Public Access
- Eliminate Rogue APs
- Turn Off WPS
- Limit or Disable DHCP
How often should a company delete its archived data?
That will depend on regulatory requirements unique to each business as well as the business needs of the company. It’s always tempting to keep everything but ask yourself how much you really need to keep. The more is kept, possibly the more vulnerable it is in addition to the costs involved. If you are a large enough company, develop a data retention policy in coordination with legal and other business units. This framework/policy is always useful to point to if you do delete data on a regular, policy driven schedule and are later subjected to legal scrutiny
What types of cyber crimes are addressed by the Cyber Criminal Squad here in the FBI Philadelphia Office?
We address all cyber facilitated criminal activities as well as pure cyber intrusion activity. If you have an event which you believe may necessitate an FBI response, if it does not fall in our particular lane, we have different teams within the FBI investigating many different crimes and we can make the appropriate introductions.
Corporate Circle