Fear of bad publicity and brand depreciation is allowing criminals to get away with cyber crime, it has been revealed.
Speaking at the Computer and Internet Crime conference in London an FBI official noted that companies are still shying away from reporting network compromises, despite improved police handling of the matter.
“Experience has shown, especially with the online betting firms, that these crimes are not getting reported,” said Ed Gibson, special agent FBI and assistant legal attaché at the US Embassy. “A Computer Security Institute (CSI) study showed recently that 50 to 60 per cent are kept secret, I don’t think that’s changed.”
At the conference Gibson noted that companies lack knowledge of the police processes involved in cybercrime reporting.
“The National Hi-Tech Crime Unit (NHTCU) has a confidentiality charter that ensures no information will leak out,” he said. “You people need to know this.”
Ian Aitkin, group information security officer at Rathbones suggested that companies should do more to aid the policing of internet-related crime.
“Employees must be made aware of the sensitivity of the data they work with,” he said. “Where appropriate, companies must have have an incident response team made up of IT security professionals and other suitable staff.”
Last year it emerged that a series of UK-based online bookmakers were being threatened with DDoS attacks on the eve of major sporting events. Thousands of pounds were allegedly being paid to prevent the attacks.