Frank Abagnale’s story has been well told. There’s the film – Steven Spielberg’s Catch Me if You Can cast Leonardo Di Caprio in the role of the former conman – there’s the book, there’s the TV show. And there’s even a musical.
But delegates at RiskMinds International 2019 were treated to his life story directly from the man himself.
Abagnale has now worked for the FBI for over 40 years, becoming a renowned security and risk expert. But it’s the path that got him there that captured Hollywood’s attention.
The divorce of his parents when he was 16 set the ball rolling on an incredible path of deceit. Abagnale was asked by the family court to choose which of his parents he wanted to live with – an impossible choice for any child. Rather than choose, he fled the court.
Poacher turned gamekeeper
In a series of cons that started as a way of making a living while he was on the run, and eventually fooled hundreds of people, he played the part of an airline pilot, doctor and lawyer among others. He repeatedly cashed cheques against non-existent funds. And it is estimated he flew over a million miles around the world, staying in accommodation reserved for airline crew, without once paying.
The law eventually caught up with Abagnale, who spent time in prison in France, Sweden and finally the US for various frauds. After four years behind bars in the States, he was released on the condition that he used his knowledge and expertise to capture other criminals.
Four decades on, he remains at the FBI, and has turned down three separate pardons for his past life. In his view, “a piece of paper won’t undo” what he’s done, only his actions will.
Modern day threats
Many risk professionals would surely like to think that the ease with which Abagnale tricked people – mocking up fake IDs, spending money that wasn’t his and brazenly accessing restricted areas – was consigned to the past. But while airline security is undoubtedly tighter than it was, Abagnale insists that modern technology has in fact made doing what he did almost half a century ago “4,000 times easier”.
In all this time, he said, the scams remain largely the same. The criminal mind has not changed. But whereas his work used to be more about counterfeit it is now focused on cybercrime.
He points to the fact that we all give away so much information for free – if you put where you were born and your date of birth on Facebook, you are giving criminals “98% of what they need” to steal your identity. He himself is not on any social network.
The best defence
So, what is the biggest tool risk professionals have in this digital world? Education, he said. He has worked on numerous breaches and all of them, he said – from Capital One, to Facebook, to Marriott Hotels and beyond – were caused because someone at the company either did something they weren’t supposed to do, or didn’t do something they were supposed to. Hackers don’t cause breaches, he said, people do.
As a whole, companies don’t want to spend the money they need to spend to reduce their risk: they continue to think it won’t happen to them. The role for risk professionals and CSOs is to get their company to listen, and respond quickly.
He argued that the responsibility for managing risk falls to both the company and the end user. But too often companies are lax with security protocols because the fines levied following security breaches as supposed disincentives are nowhere near hefty enough. If companies were forced to take liability, he said, there would be far less negligence.
When developing new products, companies are in a rush to see return on investment. Instead, they should be thinking what the adverse effects or uses of their product could be and taking time to close that door.
By nature, most people are not criminally minded, but companies cannot rely on this. We all need to be less trusting he said: in the risk profession scepticism is a virtue.