Marc Debrody is the Head of the Atlanta Cyber Fraud Task Force for the United States Secret Service (USSS), where he has served as a Special Agent for almost 25 years. Marc has served three US Presidents at the White House and worked as the Protective Detail Leader for two Presidential Chiefs of Staff. In these roles, he conducted and supervised executive protection in both domestic and foreign environments.
Before this, Marc served in Headquarters as the Assistant Special Agent in Charge (ASAIC) of the USSS Continuity of Operations Program (COOP), where he coordinated ‘Emergency Preparedness’ procedures and policies for all domestic and foreign offices. His specialties include executive protection, event security, threat assessment, and more.
Here’s a glimpse of what you’ll learn:
- Marc Debrody talks about the dual missions of the United States Secret Service (USSS)
- How does the Secret Service deal with issues like business email compromise and ransomware?
- The steps to take if you become a victim of fraud
- What the Secret Service does—and does not do—during a cyber response
- Marc addresses the current threats and trends related to ransomware
- How to protect your company from cyber attacks
- What should you do before sending a wire transfer?
- The capabilities of the Secret Service in the cyber realm
- Marc shares his personal cybersecurity and privacy tips
In this episode…
If you’ve seen any Hollywood movie featuring the United States Secret Service (USSS), you may have a false perception of what it actually does. While the Secret Service does play a role in physical protection, it also has a significant responsibility to protect against crime in the cyber realm.
According to Marc Debrody, the Head of the Atlanta Cyber Fraud Task Force for the United States Secret Service, the investigations that the USSS takes part in have become increasingly focused on cybercrime. So, what are Marc’s expert tips for protecting yourself and your business from a cyber attack?
Tune in to this episode of She Said Privacy, He Said Security as Jodi and Justin Daniels are joined by Marc Debrody, the Head of the Atlanta Cyber Fraud Task Force for the United States Secret Service. Marc talks about the role of the Secret Service in the cyber realm, discusses current ransomware threats, and shares his tips for preventing cybersecurity issues and attacks. Stay tuned.
Resources Mentioned in this episode
- Marc Debrody on LinkedIn
- United States Secret Service
- Phone number for the United States Secret Service in Atlanta: (404) 331-6111
- Jodi Daniels on LinkedIn
- Justin Daniels on LinkedIn
- Red Clover Advisors
- Red Clover Advisors on LinkedIn
- Red Clover Advisors on Facebook
- Red Clover Advisors’ email: email@example.com
Sponsor for this episode…
This episode is brought to you by Red Clover Advisors.
Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.
Founded by Jodi Daniels, Red Clover Advisors helps their clients comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, SaaS, ecommerce, media agencies, professional services, and financial services.
Their free guide, “How to Increase Customer Engagement in a Private World,” is available here.
Click For Full Transcript
Welcome to the, she said privacy. He said security podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.
Jodi Daniels (00:20):
Hi, I’m Jodi Daniels and I’m the founder and CEO of red Clover advisors, a certified women’s privacy consultancy. I’m a privacy consultant and a certified information, privacy professional, and I help provide practical privacy advice to overwhelmed companies. Today I’m joined with my husband, Justin Daniels. Hi Justin Daniels. Here I am a cyber security subject matter expert in business attorney. I am the cyber quarterback, helping clients design and implement cyber plans as well as helping them manage and recover from the inevitable data breach. Additionally, I provide cyber business consulting services to companies, and this episode is brought to you by red Clover advisors. We help companies to comply with data privacy laws and established customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, SAS, e-commerce media agencies, and professional and financial services. In short, we use data privacy to transform the way companies do business together.
We are creating a future where there is greater trust between companies and consumers to learn more, visit red Clover advisors.com and today, Justin, who do we have with us? Well today, I’m very excited because we have Mark D Brody of the United States secret service. He is the head of the Atlanta cyber fraud task force. And you’re probably wondering, well, wait a second. Why are we talking to the United States secret service? This is the cyber security and privacy podcast. I thought they protect people well, they do a whole lot more than that. And we’re going to learn about that today. So Mark welcome. It’s great to have you on we’ve been partners for, gosh, it seems like several years now in getting out the message on engaging law enforcement and developing relationships in that area around cybersecurity. So thanks again for your partnership in the invite. Absolutely. So Justin, now that you stole my intro, what was fun was I was talking to my mom about this interview and she said, huh, the secret service who do, who are they protecting? So is this a perfect segue because so many people including myself. I remember when I first got to have lunch with the secret service, it was so exciting. I didn’t care anything about the content of the conference. I just thought it was super cool that I could have lunch with the secret service. So do explain to my mom and to others what the secret service does because it is certainly a whole lot more.
Marc Debrody (03:08):
Sure. So certainly I would say Hollywood has had a certain, uh, level of impact as to public perception of what the secret service does. I mean, perhaps with the exception of maybe the 1985 film, I think it was called to live and die in LA. Remember that film, uh, highlighted the length of secret service agents would go to arrest a counterfeiter in LA, um, with the exception of maybe that film, most people know us from the Hollywood depictions of protection. Um, so that’s not our actual mission. I mean, that’s one of our missions. We were, we were created in 1865 by president Lincoln to combat counterfeit currency problem. That was actually, um, becoming an issue during the civil war era. Uh, the day that he created the secret service was the same day. He was assassinated by John Wilkes booth and that terrible irony. Um, he didn’t have a protective detail nor do we even have that mission during that time. It wasn’t actually until the assassination of William McKinley, that the secret service assumed the protective mission and therefore becoming this dual mission agency. So we are a dual mission agency with protection and investigations, and they can certainly talk about how that has our investigations have really morphed over the years into this new, this cyberspace.
Well, I did not realize I was also going to have a history lesson, so I, appreciate, every day learning something new. So I genuinely did not know that. So I’m super excited. What would be fascinating I think is to hear a little bit about some of the types of investigations that have happened over the years. And obviously now we’re in the digital era and cybersecurity is such a prevalent one. What are some of the other types kind of like by topics that you’ve covered more or maybe are still a big issue?
Marc Debrody (04:58):
Sure. Jodi it has been interesting in my 25 years, the secret service to see how our investigative or roles have really evolved over the course of that time. Um, when I first started counterfeit, you know, counterfeit investigations are dominant and they move from offset printing type notes to inkjet notes created with computers and high resolution scanners and copiers. And then we saw, you know, the proliferation of credit card fraud, um, skimming of credit cards by, you know, rogue, waiters or waitresses, uh, stealing maybe 10 or 20 cards a night to what we now have of large scale data breaches involving really millions of compromised credit cards. It ended up on the dark web. So criminals, I think have realized that today’s cyber crime. You have things like ransomware and business, email compromise or BEC is really financially more lucrative and offers almost a little bit, um, greater anonymity.
Marc Debrody (05:52):
Um, uh, just to kind of tie this together. The Genesis for our kind of cyber mission really goes back to the 2001 Patriot act signed by president George W. Bush. The legislation that was created really recognize the secret service is so successful in establishing partnerships. And we do that in protection. Uh, we can’t do our protective mission alone. It requires, you know, local state and federal entities to help us carry that out. And so too in the cyber world. And so that legislation passed us with creating electronic crimes task forces across the country. Now we’re called cyber fraud, task forces or CFTFs, and we have over 40, across the United States and overseas, I’m privileged to be able to leave one here in Atlanta with over 400 local state federal law enforcement officers, as well as private industry and academia.
Well, thank you for all that you all are doing. It’s amazing to see how many people need to be connected and a part of it. And I love that it’s a public and private connection.
Marc Debrody (07:02):
So Mark, this is Justin. So I wanted to delve into a particular topic where I’ve personally interacted with the service. And that is I had a client who had a business, email compromise, meaning someone socially engineered an email that someone responded to and they wired money and it was all fraudulent. I was able to contact the secret service within 24 hours and we were actually able to get back almost all the money. Cause when the secret service calls Wells Fargo’s fraud department, you don’t dial six or get put on hold. And I thought you might be able to talk to our audience a little bit about what they can expect when they engage with law enforcement around some of your capabilities. And talk a little bit about the time periods you have when you’re trying to get back money when we’re in that wire fraud scenario phishing act.
Marc Debrody (07:55):
Um, in the case of the BEC, as you mentioned, business, email compromise, um, we were happy to assist there, you know, in, in helping to recover money. Um, time, as you mentioned is of essence, um, generally less than 72 hours is needed to engage that process, whether it’s domestic wire or a foreign wire in a foreign wire, uh, anything over 72 hours of notification from that wire fraud happening cannot be engaged upon internationally. So we need 72 hours or less for that. And there’s also a dollar limit on that too. But time is important and tied to time is relationships. And back to my earlier point, if you don’t know who to call, then the time just takes longer. It takes down a quicker. Um, so having that contact in the secret service locally ahead of time, as to know who to call is extremely, extremely important, um, not only just for BTEC purposes, but the other topic of where, you know, the secret service can come in and we might be able to help with decryption, not all, not all the time, but occasionally we can do that.
Marc Debrody (09:03):
Um, more importantly, we can provide you with our companies with valuable information on attack vectors indicators are compromised because more than likely, we’ve seen that ransomware before, and we know how the bad actors like to get into the network with certain types of executable files and how they propagate through the network and really exfiltrate data. So we can work with companies, work with PR firms to share that information, to help you get back and know, triage the situation. We also know that you folks see a lot of noise on a daily basis. Um, so we certainly, when I say noise, I mean, there’s constant phishing emails that come in and we’re certainly not looking to get a phone call for every single one of them. But in general, if it’s significant a new threat or a significant event, we certainly want to hear, and we certainly are willing and able to help with the fund recovery, as you mentioned.
So that raises an interesting question. You know, a lot of times people are confused who do I call and in what order and who do I call first? And do I call the secret service? Do I call the FBI? Do I call the police? Do I call the state Bureau? Can you help walk through, um, what should a company do, who should have have on its roster and how should it order them?
Marc Debrody (10:22):
Well, first, uh, that’s a great question. Uh, we always say call someone because, uh, we work very closely. I mean, all across our country, our offices have, I think, good relationships, even at the headquarters level, we have a great relationship with our federal partners, not just the FBI, but Homeland security and others. And so when we get that call, there will be deflect deconfliction locally in the background. So a victim really doesn’t need to worry about is this a case that the FBI would work or the secret service to work, call someone, call the people that you have the relationship with. And we will work that in the background. Again, the important thing is to not be scouring around when your hair is on fire to figure out when to do or who to do that with, but have those contacts and relationships built build ahead of time. But to the initial question, we work hand in hand with the FBI. And if they have that case already opened on something that may be being worked, we gladly, you know, we’ll pass that information to them and vice versa.
So with that being said, when I call my closest friend in one of those places, what do I need to have ready to make sure that it’s going to be a valuable call and I’m able to make the most of my time, because as we said, it sounds like I need 72 hours, or I only have 72 hours, especially in the case of a business, email compromise, um, what, what is it I need to have ready? And then who in the company should be making that call? Is there particular people who we want to
Speaker 4 (11:54):
Have on the call? And Justin, you might have some thoughts on that too. “yes dear.” That’s who I want on the call, who I don’t want on the call to my other status.
Marc Debrody (12:12):
So the information that you should provide, you know, first of all, the secret service is looking for evidence of a crime. So when we are invited to the table for that conversation, uh, we’re going to be having a discussion with you to help us collect that information that will, that will need to help lead to attribution because that’s our goal. Our ultimate goal is find the bad actor, right? Um, so we’re going to look for things such as we’re going to ask for things such as email headers that may have been, you know, the vector for the attack. We’re going to look for logs, logs and more logs, network logs, server logs, um, IDSs intrusion detection systems and IPS, uh, prevention, system logs, um, IP addresses, if there was any malware downloaded, we’d like to get a copy of that. So we can analyze it and help further figure out with know where this may have gone across the network.
Marc Debrody (13:04):
We’re going to work with your IRR firms. Of course, as I’ve previously mentioned, we’re going to want to know if you decided to pay ransom. Um, and we can talk about that a little later too, but, um, we’re all about following the money, of course. So if that is done, we’re going to make every attempt to follow the money. Um, one of the other comments I’d like to make on this subject is, um, is that with regard to providing you information, post-breach if one segment of your network is breached, you should assume that all segments are breached until ideally an IR firms says that your network is secure. What ends up happening is we get emails or we have communication from victims on their infected network, which in which oftentimes lets the bad actors know that law enforcement’s now involved and they can make counterattacks or whatever.
Marc Debrody (13:52):
So have out-of-band communications that’s important, not only for internal purposes, but external as well, um, regarding who that’s going to be up to the individual company. And it obviously depends on the size of the agency or industry or company. Um, we work obviously with legal counsel heavily. Um, we worked with IR firms, folks on the C-suite, you know, so it really depends on the size of the company and who who’s actually engaged. Sometimes it’s just one person, the CEO, or whoever calling us frantic saying hello, you know, but ideally we like to have the phone call, have multiple people on board to include the it folks and network folks. Senior leadership has been important too because when we’re asking for things, having the senior leadership on that call, makes it a whole lot easier to get the information that we’re asking for when, they grant that permission.
So Justin, do you have any thoughts on the, who should or shouldn’t be on the call?
Speaker 4 (14:58):
So a lot of times when I get involved and Mark is correct, it depends on the size of the company. But as Mark said, with any kind of cyber response, the most precious commodity you have is your time and how you spend your time. So having legal counsel who understands cyber interacting with law enforcement, frees up the C-suite to deal with working the problem, they may have to put together, press releases or interact with customers. And so the more that they can focus on those types of problems and then have someone else work with law enforcement, it makes for a more coherent response because the more that they have to do themselves, they’re stretched in too many directions and the response can break down.
Are you breaking down? laughter.
Speaker 4 (15:51):
So Mark, I wanted to ask you a follow-up question. That is one that you and I always talk about because one of the biggest, reluctance of firms who engage with law enforcement is they believe that if I deal with the U S secret service or the FBI, that means immediately I’m going to get a call from my regulator. You FTC, HHS pick your favorite regulator. Can you talk a little bit about that and the reality.
Marc Debrody (16:19):
Sure. That that basically is the question of what we won’t do right. During a cyber response. So let me just give you a few, a few bullet points there of things we won’t do. Number one, we don’t go public or notify the press unless that’s coordinated with the US attorney’s office and the victim’s corporate legal counsel. There is a reason why we’re called the secret service, right? Keeping the secret, the secret service. So we’re not about making press announcements without a coordinated effort. Uh, that’s been approved by multiple parties. Um, and we’re not going to comment or share any information from any active investigation. So that’s kind of the, the four point main point, um, to your other comment. We are not a regulatory agency. Victims may be required to contact regulators depending on their respective industry, but regardless of the regulator coming to law enforcement, it is always going to be viewed, as you know, in a criminal investigation and seen as, as positive. So we encourage, we certainly encourage that. Um, we don’t share information outside of the law enforcement community and we’re going to work directly with the IRR firm to help with remediation that that is going to be doing primary remediation support, but we’re going to work directly with them. To your point again, we are not a regulatory agency. I have never, in my 25 years even received a phone call from a regulator. And that can, that could happen I guess, but it has not happened since I’ve been doing this.
Speaker 4 (17:54):
So Mark, I think where, I’d like to turn next is, I want to talk about threats or what I really want to focus a little bit in our conversation today on ransomware. Some of the latest trends with ransomware. And then I think you, and I we’ll shift gears and talk a little bit about this most recent announcement from the office of foreign asset control and its impact on law enforcement. But could you share a little bit about the threats, particularly as it relates to a ransomware as it currently stands?
Marc Debrody (18:23):
Sure. So a big hot topic is the kind of the, the, obviously COVID-19 right. And regarding the ransomware and Becs, but, just for, I want to just kick off by saying, um, we like to say that COVID-19 really didn’t create new criminals, just new opportunities. Um, they’re still fishing, they’re just using COVID bait they’re still doing ransomware. They’re just attacking via different methods and vectors. So, um, ransomware, and we talked about this a little bit earlier, in our pre-conversations that we in Atlanta are seeing more ransomware than business, email compromise. It’s kind of overtaken if you will. Um, and we’re seeing ransomware kind of more from just using locking up computers and networks to actually now we’re finding the bad actors are doing data exfiltration and posting the data on shaming sites to encourage payments. Okay. Which makes us a whole lot trickier.
Marc Debrody (19:15):
Right. Um, and not only that, but these adversaries are obvious gating not to get too technical here, but they’re obviously obfuscating their command control traffic to make it more difficult to detect. So basically the things that they’re pushing out to their controlled servers are being hidden and attempt to make it harder for us to, you know, the detect and decipher. And they can do that via things like junk data and protocol, traffic or sonography and et cetera. So it’s more from just your traditional ransomware, raising everything, making people pay a ransom to really enticing people, to pay the ransom by holding their, their data at ransom also. This may not be a topic for this conversation, but during the whole pandemic, we’ve also seen a whole flood of SBA, and PPE loan fraud, which our office is actually helping to investigate as well.
Marc Debrody (20:08):
So those are the the big trends. And there’s one more and we can, you want to talk about a little bit, we can, but E-skimming. Uh, that’s on, you know, you go your sec out on Amazon or a website and you put your credit card information in and unbeknownst to you. There’s a script running in the background by a bad actor. Who’s collecting your credit card information from that, that website and the consumer never knows it. It’s called East gaming. So we’re seeing, uh, these kinds of frauds happen. And that really is the new trend.
Speaker 4 (20:38):
That’s a good one to know. So Mark, I want to kind of ask a more focused question. So there was a recent guidance that was provided by the office of foreign asset control and it really related to ransomware. And in short, what it talked about was, Hey, if you’re going to pay the ransom there, which Mark, you can talk about what law enforcement’s, position is on that. If you pay it to certain people who are on the OFAC, uh, excluded list, which are basically terrorists and people that the US government doesn’t want us citizens doing business with, and you pay it and you didn’t do your research and they’re on that list, you can get prosecuted for money laundering. And there’s some other parts of that ruling that have some real implications for law enforcement. Because part of what the ruling talks about is, is there’s a real incentive to be proactive about engaging law enforcement. So I’d love to get your perspective on what this latest ruling means for law.
Marc Debrody (21:41):
Sure. So Justin, as you said, OPEC stands for office of foreign asset control as part of the treasury. Their advisory addressed victims of ransomware attacks of the potential, I guess, sanctions or risks for facilitating ransomware payment. As you mentioned a couple of just a few points on that for, from my perspective first information that’s shared with the secret service for any criminal investigative purpose is protected from being shared with regulators to include OPEC at the request of the victim. And at our discretion, we can communicate publicly or with regulators. If, and this is the big, if, if in our view there’s been full cooperation in the criminal investigation, which means more than just a phone call.Couple other points, number two, I would say, the secret service doesn’t generally investigate or enforce sanctions violations.
Marc Debrody (22:42):
We don’t make a determination. You, you, you mentioned the SDA that stands for specifically designated nationals or blocked persons list, but we don’t make a determination for entities considering to make payment, um, that their counterparty is or is not on that list. That’s for the victim to do. And they can go to the OFAC website and check to see if, if they are or are not on that list. Lastly, I would just say, I think the best advice is, is to have victim companies communicate directly, with their specific regulators on the subject. The OFAC messaging hasn’t changed our message. We, we don’t encourage, payment of ransoms understand it is a business decision if you do. And of course, if you do do pay that, um, uh, you know, that’s a business decision that you would make, but engaging law enforcement in that process is key. And I think it’s written in the OFAC guidelines to showing good faith that you worked with, you know, law enforcement. And again, our agents are not obligated to report anything to regulators. So hopefully that’s helpful.
Well, it sounds like if I get a ransomware attack or a business email compromise. I really don’t want one of these things. There’s quite quite a long list of challenges that can be associated with them not to mention, you know, criminal prosecution. So what would you recommend companies do to, to help on the prevention side, especially during this time where as you had mentioned, there’s just more opportunities and, you know, they’re really leveraging, kind of an emotional time right now. You know, people are trying to navigate both personal and in a business environment, maybe people have been a little bit more lax on some of the controls and other items that they might have normally been doing. So I’d love to know what can listeners do to help prevent these types of things, maybe some tangible tips.
Marc Debrody (24:55):
Sure. First I think the first thing that folks should consider is that there’s a need to incorporate your cyber incident response plan. Obviously have one, but specifically addressing the season ransomware, but incorporate that into your business continuity plan. So what I mean by that is if the network goes down, how are you going to communicate? You know, do you ever done the communication as I talked about earlier, are the contact names for everybody that you would engage on your phone and on your network, because if they are chances are you’re not going to be able to access them. So having hard copies available offline and off site, ideally to be able to reach out to people in a case of emergency, it was going to be really important. User education training is going to be obviously very key. People are the weakest link they always have been and always will be.
Marc Debrody (25:50):
It certainly could be your untrained 18 year old intern who clicks on that phishing email. Right? So extra attention has to be given to folks, um, like that. Um, as well as folks who have access and ability to wire transfer and wire and transfer funds, um, a couple of other key points, a few points are multifactor authentication, strong passwords are key. I know folks are tired of hearing that, but the fact of the matter is there’s been so many data breaches over the years with password stolen and with tremendous amount of reuse of passwords. It’s, it’s inevitable that some passwords are gonna be able to be used for a banking or financial purpose. So having strong passwords, changing passwords multi-factor authentication are huge. And if you’re a victim, you got to reset both of those. Another key is patch, patch, patch. What I mean by patching is fixing the vulnerabilities that are identified by companies like there’s Microsoft.
Marc Debrody (26:46):
We’ve actually interviewed criminals that we’ve arrested, who have said that they know weekly would see what the vulnerability patches are and that’s where they would attack. And you would be amazed how many companies take sometimes too long or never make the patch for various different reasons, maybe the past wreak havoc with their network or what have you. But patching is obviously there’s going to be very key. And then, um, backing up, have the having backups that are not only offline, but air gap meetings separate from the network. And here’s one that people forget test your backups. You’d be amazed how many people have backups, but they realize, you know what, we haven’t actually tested the ability to do that. RDP remote desktop protocol is a key, is a vector for a lot of these bad actors to get in to a network.
Marc Debrody (27:37):
So having RDP secured or disabled, if you don’t need it is key as well. I like to also suggest that there’ll be a proactive component to this as well. Um, look at your executives, look at your CEOs, your CFO, your, your folks that are visible and where are their email accounts published? Um, a lot of people have social media company websites, and that’s a great place for actors to do some social engineering intelligence and use that for spear phishing attacks. And then lastly, I would suggest testing, testing your plan. An untested plan is no plan, right? So doing a tabletop exercise, um, of your incident management plan is key. And as I told Justin earlier today, we’re well, you know, we’re more than happy to be invited to the table of a tabletop exercise to just kind of give the law enforcement perspective on what happens when a call takes place. We don’t have to be there for the whole exercise. You know, as I mentioned many times before, please engage us before your hair’s on fire. Um, we’d like to have those conversations in a less stressful environment too. So just a few tips, hope that helps.
Those are some great tips. So many tips, so many important nuggets, that I already forgot some of the follow-up questions that I had for you. Um, Oh no, I remember now. So Justin, one of the ones that he talks about was sending wires, and I know you have some very, very strong thoughts on what people should do before they send a wire. So I feel like you should share.
Marc Debrody (29:13):
As I always say, in every single cyber presentation I do, if they get one thing out of the hour, however I blathered on you never, ever twice in 10 times on Sunday ever sent a wire because you got an email, you have to have some independent way of verifying the authenticity of that email to the point where you need to assume any email asking for money or a wire is false until you prove it authentic by some other means of further verification.
Thank you. Thank you. And then I think Mark, the idea of testing your backup is one that I believe a lot of companies probably overlook so very important nugget. I think we’ve all heard password and to have a, uh, before, you know, I’ve when we were all together earlier this year, I referenced that that presentation all the time, but the idea for anyone listening is to test the backup print a plan and have an actual working simulation is very, very, very valuable advice. It is so much easier to think through all the holes that might come up or the issues or the who you call when you’re able to think and not with your hair on fire when you, when you call.
Marc Debrody (30:28):
Sure. And Jodi, just to add to that real quick, also your text messaging is kind of, there’s the newest way that they’re kind of trying to, you know, people think that text messages oftentimes are just maybe maybe more secure, I don’t know. Um, but if you get text messages that have any of those same kinds of indicators, they’ll be clicking on links within text messages because it has the same effect, right? So, um, SMS messaging for us is just as important as you know, your computer hygiene and COVID hygiene. So Mark, before we get to the last two questions, we ask all of our guests, I wanted to ask you one other question and that, and it’s this people don’t realize, and I didn’t surely realize this, but when you work with the secret service, you’re working with some first rate incident responders, there’s a reason why the private sector loves to have former FBI and secret service personnel as part of their incident response team.
Marc Debrody (31:30):
So I’d just like you to share with the audience, what are the capabilities of the secret service? What do you do in the cyber realm and what don’t you do? Cause I don’t want people to think, Oh, I don’t need an incident response from, I’ll just outsource that to the secret service I pay taxes. Sure. So first of all, we don’t, we’re not an I R firm, so that’s not our, it’s not our role. But just to kind of back up that question more thoroughly, our agent in charge, Steve Bazell and my supervisor, Malcolm Wiley have given me a lot of latitude to assemble a great team. You know, many years ago, I learned the basic management lesson that the key to success in management is to ultimately surround yourself with good people. Right? And so I, I definitely have been blessed to work with a good team in our Atlanta office.
Marc Debrody (32:18):
We have very competent individuals in the areas of, you know, network intrusion, mobile device in computer forensics. We are staffed with a network cyber analysts. It helps us helps in our investigative process. I have Alan Davis in our shop. Who’s our technical security advisor who helps steer the ship if will, and works a lot with our task force officers across the state who really are our force multipliers in our investigations. And we didn’t really touch on that, but I didn’t want it to hit this point. You know, we’re a small agency, you know, we can’t respond to every everything. So we have utilized this, this task force concept, and trained our local and state partners across the state of Georgia and really the United States, in the areas of cyber cybersecurity, forensics and whatnot through our national computer forensic Institute, NCFI who were Alabama, we send them through congressional funding to receive training and many pieces of equipment.
Marc Debrody (33:19):
They can take back to their offices and departments and work, um, their cases and also support our cases. So it’s a great force multiplier, like I said, um, across the country kind of in summary to all that, when you call a secret service office, you’re going to get a response or you can be assured you’re gonna get a response by a competent individual who can ultimately going partner with you. And that’s what we’re all about is partnership. It’s your data, it’s your network. You’ve invited us to the table and we’re here to kind of work through the incident together. So to tie that last point that you mentioned, we are not an IRR firm, so we don’t do full mitigation. We’re kind of like in the Triage component of all that, right? So we work with those folks or your, your folks, but very fortunate. And I’m happy to also at the end here, it gives some contact information for folks if they want to reach out to us.
Absolutely. So you gave so many incredible nuggets and what we’re asking all guests are to share. What is kind of your favorite, your highly recommended privacy insecurity tip. And it can be, obviously you shared a lot that companies can take, it can also be a personal one. So maybe something that you do, personally that you would highly recommend everyone do to protect their information as well.
Marc Debrody (34:39):
Don’t share your wife’s passing on the internet. That’s a great question, Jodi. I think I’ve never been asked that. I think if I think about it for a second, I think my overarching, and it was kind of, you know, answers, all these issues is slow down, slow down. Um, the actors that are doing the ransomware, the business email compromise these and using fishing techniques. They are extremely crafty. Um, they are targeting individuals, um, spearfishing and hitting not only specific people, but the emails come at specific times of day, right? Friday afternoon or early Monday morning. Um, they appear very genuine, um, and will appeal to people’s sense of urgency to kind of make you feel like, Oh my gosh, I’ve got to do this right now. And so people, um, I think to that point, we’ll, we’ll speed through an email and start clicking. And when you start clicking, that’s when the havick starts. Right. So my number one tip in addition to all the other things that we mentioned, I think the number one tip is going to be just slow down, do a search check where that email is coming from. And if all else fails, pick up the phone and verify as Justin I think said earlier. And I want to say thanks again for having me appreciate that.
Absolutely. So now when you’re not solving cybersecurity, ransomware and business email compromise cases, and you’re not on podcasts providing all kinds of fabulous advice, what do you like to do in your personal time? Share your favorite hobby?
Marc Debrody (36:19):
So I enjoy tennis. I enjoy, sports with my kids. One unique factors or thing about me is I’m a huge ice hockey fan, which you would not expect, I guess, from a Southern, person, at least here in Georgia. I have two boys that play ice hockey. One who’s actually playing up North right now, chasing his dream. And I have a wife and two dogs and the second dog is a nine week old golden retriever. So, we are a busy household.
It sounds like you are very busy household.
Marc Debrody (36:58):
So Mark, we wanted to end by giving you the opportunity to provide your contact information, because I can’t emphasize enough for our viewers that you need to have a preexisting relationship with law enforcement to Mark’s point calling them when your hair is on fire. You know, you can do it, but it’s not nearly as effective. So could you please share some information and we’ll also share it in our show notes so that people know how to proactively engage with, United States secret service, cyber fraud tests. Absolutely. So if you’re, if for the listeners that would be in the Metro Atlanta area, they can call our main number (404) 331-6111 that’s 24 seven. And then if the answering picks up service picks up, you can leave a contact message, for folks that are outside of Georgia across the country, you can go to www.secretservice.gov, um, and within our main webpage or the investigative tab at the top, when you hit that, you’ll find the ability to look up all the offices across the country that have cyber fraud, task forces, and connect directly there. So that’s just a couple of ways that folks can reach out.
Wonderful. Well, Mark, thank you again for sharing so much fabulous information. We really appreciate it. You’re very welcome.
Thanks for listening to the, she said privacy. He said security podcast. If you haven’t already be sure to click, subscribe, to get future episodes and check us out on LinkedIn. See you next time.