Cyber Tactics / Cyber Security News

Top 5 Reasons to Report Computer Intrusions to Law Enforcement

Even when not legally required, reporting cyber crime to law enforcement can act as a deterrent for other malicious actors contemplating future attacks.

Judging by today’s headlines, it is only a matter of time until every company – yours included – is going to experience a computer intrusion, or perhaps another computer intrusion. When that happens, you may find yourself working with law enforcement. Sometimes, they will be the ones calling you. A recent survey shows that just less than 10 percent of all data breaches are first identified to the victim by law enforcement.  At other times, it quite literally will be your call, both in terms of judgment and in picking up the phone. 

There are a number of very good reasons to report crime even when doing so is not legally required, and cybercrime is no exception. First, catching the bad guys is the surest way to get them out of your system, to deter others who might consider your company an easy mark, and to satisfy a civic responsibility to protect others from similar attacks. With this goal in mind, it is clear that law enforcement has authorities that companies do not have and never will have. The most important of these is the ability to make arrests. Yes, it’s true that there was a time when cyber criminals were seldom caught, but today’s coordinated law enforcement is increasingly effective at locating cyber thieves both at home and abroad. As reflected at www.cybercrime.gov, a Department of Justice website, the good guys are chalking up a lot of wins. In one press release, you can read how the FBI, together with NASA’s Office of the Inspector General, the Estonian Police, private industry and not-for-profit groups, all worked together to locate and arrest six individuals in Estonia who conducted an Internet fraud scheme that infected more than four million computers.

In another case, the U.S. Secret Service was called upon when a hacker in Hungary broke into a major hotel chain’s network, stole confidential information and then threatened to make everything public unless he was given a job. The feds gave him a plane ticket to Virginia, an employment interview and, you’ll like this part, a two and a half year jail sentence. Significantly, the hacker never got the chance to make good on his threat to release the company’s stolen information. This example demonstrates the second good reason for reporting to law enforcement. Catching the bad guys can result in the complete recovery of a victim’s data or otherwise minimize the harm of an intrusion. It simply is not the case that once data is stolen it is always replicated, dispersed and released. Law enforcement very well may be able to get an otherwise out-of-control situation under control. It is good messaging to state that your company cooperated fully with law enforcement when it learned of a breach precisely because, in doing so, your company is demonstrating that it took every meaningful step to remedy a serious situation.

Third, working with law enforcement is more likely to helpfully inform your internal security efforts than to waylay them. This is especially true if, prior to contacting law enforcement, your company already has begun its incident response efforts with a competent internal team or an expert cybersecurity forensic services firm. The FBI and the Secret Service, for example, are trained to work with members of your team and consultants, not against them. Although law enforcement is not situated to give a company advice on how to patch its software or configure its networks, the government may be in a position to provide your company with information about the methods, capabilities and intentions of the intruder in ways that can feed directly into your security plan and response options. For example, companies find it valuable to learn when they are being targeted for foreign sponsored espionage rather than by a run-of-the-mill criminal. When China’s military is the culprit, changing everyone’s password will not suffice.

Fourth, to the extent an intrusion results in the loss of customer personally identifiable information, it may trigger state data breach notification requirements, to include a duty to notify law enforcement. Regardless, it is helpful to know that most, if not all, state data breach laws permit companies to delay notification to accommodate a law enforcement request. Although consumers may expect immediate notification, law enforcement is in a better position to know whether publicly revealing an intrusion is likely to cause more harm than good in light of continuing vulnerabilities of the victim or a bad guy who remains at large.  Having the ability to delay reporting based on a justified law enforcement request may prove invaluable during times of crisis.

Fifth, reporting cybercrime provides government agencies with the data necessary to follow trends and calculate the impact of this growing problem. Accurate crime data, in turn, is useful to ensure proper funding to address the issue in ways that lower your risk. Reporting also is a data source that feeds into government warnings and alerts about evolving criminal tactics and the effectiveness of industry best practices to thwart them. In contrast, leaving law enforcement uninformed, untrained and underfunded is a surefire way to exacerbate this problem.

Still, if you end up working with law enforcement, you should know what you are getting into. In next month’s column, I will explore law enforcement’s investigative approach to cybercrime, describing what you should expect when you’re expecting them. 

 

About the Columnist: 

 Steven Chabinsky is General Counsel and Chief Risk Officer for cybersecurity technology innovator CrowdStrike, which provides incident response services, cyber intelligence feeds, and a next generation intrusion detection, attribution, and prevention platform. He previously served as Deputy Assistant Director of the FBI’s Cyber Division. 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Steven Chabinsky

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+