When a company is victimized by a cyber criminal, addressing PR matters is probably the last priority for an infosec expert. They are more concerned with resuming company business online, which entails figuring out the root of the problem and, perhaps, collecting evidence that they or, a law enforcement agency they call, might want to use later.
But like PR concerns, turning to law enforcement is probably the last thing on their minds, too. And that's a problem nowadays.
Talk to any law enforcement investigator or prosecutor of IT crimes and they will tell you that most companies still fail to report significant security breaches. This is a problem that most agencies, like the FBI, Secret Service and Department of Justice, are trying to address – primarily through relationship-building and education. To them, there are just too many myths surrounding the official reporting of cybercrimes.
For one, many executives believe that calling in the cavalry will end with valuable computer equipment being confiscated and offices being shut down. That, say agency representatives, is a myth. Since evidence's chain of custody must be maintained, usually during an investigation appropriate data is mirrored and logs reviewed. Once relevant evidence is collected, the sifting of computer data occurs somewhere else, although investigators might conduct interviews of company employees on and off site, and undertake other activities to find the culprit.
Others feel that if they call on an official investigator, the incident will immediately be leaked to the press, which will lead to weary shareholders pulling their support. That, too, insist agency representatives, is a falsehood.
There are a plethora of reasons why companies feel that reporting breaches is more a hassle than a benefit, but the bottom line is that pooled information from such reports might help enterprises and everyone else connected to the internet in the long run. By allowing law enforcement, government and the corporate world to gain a better understanding of what threats are out there, better ways to protect data can be shared among the online community.
Sure, getting the network back online can be, for some, in direct opposition to collecting evidence for prosecution and, ultimately, gaining a better understanding of attack methods. But as you'll read in this month's forensics-focused features, marrying these two goals is the best action organizations can take to fight cybercrime.
After all, hackers share information. It's time the victims did, too.
Illena Armstrong is U.S. editor
l How do you respond to attacks? Email [email protected].