Expanding the Understanding of the CyberThreat Environment: An Interview with Ben Spear

The numbers are just staggering.

Cybersecurity is quickly becoming a top concern for every sector in our country.

The cost of cybercrime worldwide will reach $6T by 2021, a massive increase from 2015’s $500B costs.

However, experts feel this might be just the tip of the iceberg when it comes to calculating the real costs of cybercrime. Experts from the World Economic Forum say that a significant portion of cybercrime goes undetected, particularly in the case of industrial espionage and proprietary secrets.

Add to this, the more than 29 million records that were stolen or exposed in 858 publicized breaches from across all industry sectors in 2016 – a 38% increase in cybersecurity incidents according to IDG. Each breach cost on average more than $7M in the US – or $220 per record.

While the statistics on cybercrime are mindboggling, there are very real ways law enforcement and justice professionals can arm themselves to fight the very real war on cybercrime.

Join webinar host Stacey Wright  to learn more about:

  • The current and emerging cyber threats local and regional government law enforcement organizations should be aware of.
  • Who is the new breed of criminal?
  • What are the tactics this unique type of criminal uses and what LEOs need to know to combat these perpetrators?


(This interview has been edited for length and clarity.)


Justice Clearinghouse Editors (JCH): You said in your webinar description that “Cyber security is becoming a top concern for every sector in our country.” Can you expand on this statement? How so? 

Ben Spear: In the past (and sometimes still today) people would say why would anyone target me? They would argue that they were too small or didn’t have any data of importance. The focus was on big entities and the federal government. Over the last couple of years, and in 2016 especially, it became obvious that it is not just big entities or the federal government that are targeted by malicious cyber activity. Ordinary people are impacted everyday by threats such as ransomware and organizations big and small are victims of the business email compromise scam, among others. Cybersecurity really is a concern for everyone.





“…We have seen a local government or school district

have a single system infected with a keylogger

and have half of their annual budget

disappear in an overseas wire transfer.

Ben Spear, Center for Internet Security



JCH: For many people, cyber hacking threats might seem like threats or issues that are predominantly handled at a national issue (ie: the recent statements that Russia was involved in hacking the election), or in the business arena (ie: data breaches at firms like Yahoo, etc). Can you expand on this? How do cyber threats affect every level of government? How do cyber threats impact perhaps the “average police officer” or other justice officials? 

Ben: Many people are under the assumption that because of the wide reporting on these large incidents that all cyber attacks are targeted. In reality, the majority of cyber incidents we investigate are completely opportunistic. The attackers didn’t choose a specific agency, school, or precinct; the affected entity just happened to be vulnerable to an attack attempted across the Internet. For the different levels of government, it is an issue of proportionality. We have seen large state agencies have a ransomware outbreak that disabled a few computers and were quickly fixed, but we have seen a local government or school district have a single system infected with a keylogger and have half of their annual budget disappear in an overseas wire transfer.

Cyber threats impact the average police officer or other justice official in a few ways. In the course of their duties many officers will receive reports of cyber crimes. Most commonly these will be cyber crimes that are similar to physical crimes, such as fraud and extortion. Officers must be aware of the similarities of these crimes and how they can be used to build a case against a cyber criminal. They must also be aware of the limitations in pursuing cyber criminals due to jurisdictional issues and how they can work with their neighboring departments and state and federal partners to combat cyber crime.

From a separate perspective, cyber attacks are a cause of concern because of their use against police officers and other justice officials. In the wake of controversial cases such as Ferguson, we have seen departments, as well as individual officers, become the victims of denial of service attacks, doxing, financial fraud, and harassment. The tools cybercriminals use to opportunistically attack can and have been used against law enforcement officers and their families. And just like every other SLTT government agency, law enforcement and justice agencies can fall victim to opportunistic malware infections.



“No locale, no industry or organization

is bulletproof when it comes to the compromise of data.”  

Verizon’s 2016 Data Breach Investigations Report


JCH: What are three big things or trends in the cybercrime arena that the average justice professional should know about? (Or if cybercrime is something they aren’t as familiar with – three areas they should learn more about in 2017?)

Ben: The three big areas or trends justice professionals should know about include:

Cyber Extortion – We have seen a significant growth in extortion-based attacks such as ransomware, as well as compromises and denial of service threats used to extort money from targeted organizations.

I think most people have heard of ransomware by now, and it’s certainly the most common of the cyber extortion schemes, but I’m not sure everyone knows that there are ways to easily protect yourself and sometimes it’s possible to decrypt your files without paying.

Cyber Fraud – The last year has seen an uptick in reporting to the Internet Crime Complaint Center (IC3) and other public and private security entities regarding email-based frauds that either imitate high-level executives requesting a wire transfer or contractors requesting fulfillment of a purchase order.

This type of fraud can be difficult to spot and result in the loss of organization funds. I think most justice professionals should know about the cyber fraud trends because they may see one of these attempts and they may receive reporting from victims.

Impacts on investigations – There has been a lot of talk about the impact of the Internet of Things (IoT), how it may impact cyber security, and whether we are creating new avenues of attack.

From a law enforcement perspective, IoT may be a new source of information in investigations. Already there have been instances where law enforcement has gathered information including medical data to counterclaims of rape and stories about new devices and toys which record everything and store it on the device or in the cloud. Such data could be identified during a search and yield significant new evidence that previously would’ve been unavailable.


JCH: What cybersecurity issues tend to impact first responders specifically?

Ben: Hacktivist targeting in response to a perceived injustice or incident of alleged use of excessive force. Too many times over the last few years we have seen individual officers and law enforcement agencies suffer financial fraud, network compromises, doxings, and more.

First responders should be prepared to defend against such attacks by limiting the availability of information on the Internet that could be used to compromise them.

Another issue that has appeared to impact first responders are denial of service attacks.

Depending on how a network is designed, we have seen traditional DDoS attacks, as well as telephony attacks disrupt public safety answering points, as well as email systems. Such attacks limit the ability for responders to communicate with each other, but also prevents legitimate callers with immediate life safety concerns from getting the assistance they require.

And of course, law enforcement agencies, PSAPs, and others have been infected with ransomware.



“…Over the last few years

we have seen individual officers and law enforcement agencies

suffer financial fraud, network compromises, doxings, and more.”

Ben Spear, Center for Internet Security


JCH: I think many of us have an image of who hackers are/or who commits these types of crimes from movies or TV shows. But as we know, Hollywood doesn’t always get things right. Can you describe the profile of these criminals? Who are the people or organizations who tend to commit cyber crime? Tell us about these specific types of criminals who commit cyber crimes… Who are they? Why are they committing these specific types of crimes? 

Ben: There are a variety of attackers including nation-state actors, hacktivists, cyber criminals, and insiders. There is no set profile to describe these types of individuals.

For instance, when it comes to cyber criminals it can range from a single (local!) individual with limited skills buying access to malicious tools to large criminal syndicates with international operations.


JCH: What’s one thing you hope attendees will gain from the webinar that they could feasibly apply to their work the next day on the job? Or even in their personal lives?

Ben: I hope that attendees are able to have a better understanding of the cyber tactics they are most likely to see in the field and how to identify them so they can identify them and protect against them.


Cybercrime is

“the greatest threat to every profession,

every industry and every company in the world.”

IBM President and CEO Ginni Rometty



To view “Expanding the Understanding of the CyberThreat Environment” click here.

Additional Resources
3 years ago
Infographic: CyberThreat Landscape
Cybersecurity is quickly becoming a top concern for every sector in our country including law enf […]
3 years ago
Webinar Notes – CyberThreat
CyberThreat Webinar Notes Center for Internet Security/Multi-State Information Sharing and Analysis […]
3 years ago
March 2017 Cyber Threat Landscape Update
Cybersecurity is quickly becoming a top concern for every sector in our country. The numbers are […]
Stacey A Wright
3 years ago
Stacey A. Wright
Stacey A. Wright, CISSP, is the Director of Partnerships at the Multi-State Information Sharing and […]
3 years ago
The Cyber Threat Landscape An Overview Of Hacking, Cyber Security, Internet Security, Cyber Warfare and Hacking
Cybersecurity is quickly becoming a top concern for every sector in our country. In this session, th […]
Ben Spear
3 years ago
Ben Spear
Ben Spear is a Senior Intelligence Analyst with the Multi-State Information Sharing and Analysis Cen […]