Over a third of companies officially notified by U.S. federal authorities that their networks and personnel are being targeted by nation-state hackers or cybercriminal groups fail to act on this intelligence, according to Donald Freese, former director of the FBI's National Cyber Investigative Joint Task Force, now with the agency's Information Technology Branch.
Too often after issuing companies an official "targeted identity notification," warning them that their systems are being targeted, "we will approximately 72 hours to a week later see malware now beaconing from that same system," said Freese, speaking today at SC Media's RiskSec NY 2017 conference.
Freese attributed companies' lack of decisive action to a combination of disbelief, hubris, interference by in-house counsel, fear of reporting threats to the C-suite and, in a few cases, incompetence.
At the beginning of his keynote presentation, Freese identified some of the key threats on the FBI's radar that impact businesses, including the "commoditization of malware in ways that just make it extremely easy to deeply impact [business] operations a a very low cost," as well as the incorporation of many nation-state/APT hackers and tools into cybercriminal operations.
While calling conventional ransomware attacks a clear nuisance, Freese expressed particular concern over attackers who make a living by extorting law firms, financial institutions and large corporations after breaching their system, stealing their highly sensitive data, and threatening to expose or delete it.