SC World Congress: In incident response, seek out authorities
"Pick up the phone and call an FBI agent,” John Iannarelli, supervisory special agent with the FBI said. “Build a relationship before you need them. Find out who your local representative is.”
Enterprises in the U.K. should also establish a relationship with law enforcement, said panelist Kevin Hyland, a senior investigating officer with Scotland Yard.
“We are there to provide you with a service, but we need to collaborate,” he said.
IT security professionals may be struggling to get buy-in from top-level executives for their cybersecurity initiatives. For those with that problem, the executives who might not care will generally listen to law enforcement, Iannarelli said.
FBI agents are willing to make time to talk to upper management about the importance of securing their networks, a small commitment when compared to the years it could take to investigate a cybercrime, Iannarelli said.
In the event of a cybercrime, it's understandable for an enterprise to want to shore up its network as quickly as possible, said panelist Edward Lowery, a special agent with the U.S. Secret Service. But, it's also important that law enforcement is involved early on to collect evidence.
When companies report a crime, the FBI is usually out there the same day, Iannarelli said. “[But] many times we are not hearing about crimes until 30 or 60 days after.”
In addition, companies might be worried about the effect that reporting an incident could have on its reputation, Hyland said. But if criminals end up going to prison, it could be good publicity, he said.
Harper Boucher, Interpol special representative to the United Nations, and Phyllis Schneck, founding chairman of the InfraGard National Members Alliance and the vice president of cyberintelligence and critical infrastructure protection at McAfee, also participated on the panel.