NASHVILLE, Tenn. — Former FBI cybersecurity specialist Scott Augenbaum had a stark message to small-business owners, including laundry business owners, during a recent National Federation of Independent Business (NFIB) webinar: The cybercrime problem is getting worse, and small businesses are increasingly in the crosshairs.
Augenbaum, author of “The Secret to Cybersecurity,” is a former supervisory special agent at FBI headquarters in Washington in the cybercrime fraud unit. He was responsible for managing the FBI Cyber Task Force and Intellectual Property rights programs. He later transferred to Nashville where he managed the FBI Memphis division computer intrusion counterintelligence squad.
He lists four “Truths” to cybersecurity:
- First Truth — No business is too small to be targeted
- Second Truth — Law enforcement can’t fix the problem after the fact
- Third Truth — Cybercriminals are rarely caught or prosecuted
- Fourth Truth — Most cybercrimes are preventable
THE GROWING PROBLEM
The scope of the cybercrime threat has expanded dramatically in recent years. When Augenbaum was still with the FBI in 2016, cybercrime was already a $3 trillion problem. According to Statista, by 2026, that number is estimated to be nearly $11.4 trillion.
Augenbaum says the COVID-19 pandemic accelerated this growth by creating more opportunities for cybercriminals as companies conducted business remotely.
“COVID shut down so many of our businesses but created so many opportunities for the cybercriminals, because the cybercriminals were able to gain remote access to platforms,” he says. “And all the cybercriminals need is a stolen username and password to make your life absolutely miserable.”
As larger organizations invest heavily in cybersecurity, criminals are increasingly targeting smaller businesses.
“As large organizations are starting to buckle down and throw hundreds of millions of dollars at the problem, the cybercriminals look for targets of opportunity, and are starting to go down the food chain,” he says.
Despite businesses spending more on security measures each year, the problem continues to worsen. Augenbaum says he believes this is because technical solutions alone can’t prevent the primary way cybercriminals succeed: human error.
“Almost 90% of cyberattacks are caused by human error or behavior,” he says. “When I’m going out and I’m talking to companies, I’m telling employees, and you as individuals who own businesses, that you play a huge role in preventing cybercrime victimization.”
One of the most dangerous misconceptions that small-business owners have is believing they’re too small to be targeted: “If you have a business and you have a bank account, or you’re an individual and you have a bank account, you’re a target,” Augenbaum says.
For laundromats, laundry services and other small businesses, the risks are significant because every modern business is essentially a technology company.
“It doesn’t matter who you are. You have very sensitive information belonging to your customers,” Augenbaum says. “You have email that the bad guys want to get into. You have credit card information. You have access to bank accounts.”
THE THREAT IS IN THE MAIL
Email systems are particularly vulnerable and valuable targets.
“If … you don’t have the two-factor authentication, these cybercriminals are going to get into your email account and read all of your emails,” Augenbaum says.
Two-factor authentication (2FA) is a security process that requires users to provide two distinct forms of identification to verify their identity before gaining access. Typically, the first factor is something that the user knows, such as a password, and the second factor is something the user has, such as a smartphone app that generates a one-time code or a biometric feature like a fingerprint.
Once criminals access a company’s email, they can often access connected systems like file storage, customer databases and financial information. The damage can be devastating.
“It takes a lifetime to build a brand, and it really does not take long for the brand to get destroyed,” he says.
The threat isn’t theoretical. Augenbaum shared an example of a small business that lost its entire payroll when cybercriminals accessed its third-party payroll platform. The criminals changed all employee bank account information to accounts they controlled. By the time the company discovered the theft, the money was gone.
No business is too small to be targeted, and the consequences of an attack can be catastrophic. However, he stresses that there is hope. Most attacks can be prevented by understanding the threats and implementing basic security measures.
THE LIMITS OF LAW ENFORCEMENT
The challenge of prosecuting cybercriminals has grown significantly more complex since Augenbaum’s early days with the FBI.
“If you ask me to define my role in ’95, I’m going to tell you it was so easy,” he says. “Bad people did bad things to good people. I worked with state and local cops and we put bad guys in jail.”
Today’s cybercriminals, however, often operate beyond the reach of U.S. law enforcement.
“A majority of the cybercriminals today are located in Eastern Europe, tied to Russia. They’re tied to Iran. They’re tied to West Africa, China and North Korea,” Augenbaum says. “Law enforcement is not going to arrest our way out of this problem. It’s just not happening.”
Even in the rare cases where criminals are caught and prosecuted, victims seldom recover their losses. Augenbaum shares a particularly devastating example of a small business that lost $70,000 when cybercriminals compromised its email system and tricked the CEO into paying a fraudulent invoice.
“I couldn’t get the victims’ money back. I couldn’t put the bad guys in jail,” he says. “I got really, really depressed because I joined the FBI to help people. I just couldn’t help people enough.”
In Thursday’s conclusion: We’ll explore the specific steps laundromats, laundry services and other small businesses can take to protect themselves from cybercrime
Have a question or comment? E-mail our editor Bruce Beggs at [email protected].
