Tim Reboulet’s First Hand Experience with Global Threats

There are no borders when it relates to global cybersecurity.  Interpol and Europol are unique organizations leading the way when it comes to global security operations and dealing with global threats.  Considering my experience with these high-level groups, my mission is to bring actionable solutions to businesses everywhere to bolster their current cybersecurity protocols.

My name is Tim Reboulet and I was assigned to Europol Cyber Crimes Center (EC3), in The Hauge, Netherlands, while working as a Senior Special Agent with the US. Secret Service.  I worked with our EU colleagues fighting the war on global cyber-crime.  I was part of an elite group within Europol investigating the world’s most notorious cybercriminals.  This group was called the Joint Cyber Action Task Force (JCAT).

Dealing With Global Threats

I worked intimately with the DOJ (Department of Justice) investigating cyber cases that were global in nature.  I had legal authority while operating at Europol under Mutual Legal Assistance Treaties (MLATS).  There are no borders or time zones that hold back cybercriminals from perpetrating their crimes. Besides actively working cases and developing operational plans to take down threat actors, intelligence sharing between my EU colleagues was critical.  The sharing of intelligence on a global level circulated its way to the state and local levels through partnerships the US. Secret Service has in its communities by running Electronic Crimes Task Forces.

One thing I learned from all of this is we will not win the war alone. Engaging with trusted security firms is crucial since most companies do not have the internal ability to keep up with and defend against intelligent threat actors. Ask the high-level executives and board members within your organization if they view cybersecurity as a priority. If they don’t, then encourage them to involve a security firm that can deliver actionable results.

Do you have access to a Security Operations Center with certified engineers? Does it operate 24/7? Do they have efficient EDR tools? Are you constantly assessing security protocols?

Most companies are ill-prepared for a cyber incident.  The most common cyber events over the last several years remain linked to ransomware and BEC.  If a company waits until the incident occurs, it is too late.  Companies need to hire the right talent who asks the tough questions so a company can proactively prepare themselves before a cyber incident occurs.

All of this may seem complex at first, but simply put, a Security Operations Center as a Service (SOCaaS) is the future of global cybersecurity protection and operational excellence. You can install all the antivirus tools you want, but the value comes in a 24/7 continuous monitoring cycle. When you see vulnerabilities or any security issues within your environment, talking directly to a certified, highly technical engineer is the most concise path to dealing with threats head-on.

This is the model Europol and Interpol operate by, that helps fight the global war on cybercrime.  

Where is the value in a 24/7 SOC?

A 24/7 SOC is very important for reacting to a threat in real-time.  Most companies do not have a 24/7 SOC manned by US-based analysts and engineers.  Instead, they rely on software to send alerts when malicious activity occurs. A 24/7 SOC can help mitigate the amount of time your company is offline or out of service due to a cyber incident.  The typical response time to a cyber incident for companies implementing a 24/7 SOC is 15 minutes whereas some alerts may take days for a response from other firms.

Typically, this malicious activity occurs late at night as a weekend is beginning.  The Kaseya Ransomware attack did just that.  The ransomware was launched going into a long three-day weekend that would allow the threat actor easy manoeuvrability inside a network with little or no detection.