Published: 08 Jun 2010
Cybercriminals have upped the ante against organizations by relentlessly targeting them in more ruthless ways. The amount of data corporations are losing is increasing. The costs to repair the damages are skyrocketing and the confidence we once had in the ecommerce infrastructure is fading. Cybercriminals have developed better "fire power" like new malware designed to evade detection. They have taken the time to understand the vulnerabilities in your network. And, they have learned how to maximize their profit margins by breaking into multiple corporations at the same time, using the same malware and SQL injections they've proven can work again and again. They've built a very lucrative and repeatable business.
They can do this, in part, because of our unwillingness to work together and share information once we've been breached. When organizations are the victims of data breach crimes, they are more likely to stay silent than work with law enforcement. Instead of fighting the enemy, we end up fighting ourselves. In the long run, this ends up costing more and benefits cybercriminals who have valuable time to target more organizations.
As an information security professional, you've probably had a hard time convincing your CEO and legal team to understand why it's in your company's best interest to work with law enforcement post-breach. This sentiment often falls on deaf ears as corporate leaders foolishly think they can cover up breaches or somehow miraculously fix them before the public finds out. To help you persuade them of the importance of working with law enforcement immediately after a breach, consider the three points listed below. For the purposes of this discussion, we're not talking about breaches where a couple of unencrypted backup tapes fall off the back of a truck (although the impact from this kind of incident can be equally bad). Here, we are specifically talking about breaches where you are the victim of the crime and we, as an industry, need to get better at reporting it.
1. Reduced legal fees
It's becoming increasingly clear that you can't hide a significant data breach from law enforcement or the public; eventually they will find out. And the more roadblocks you put up trying to cover up the breach, the more subpoenas you will have to fight, which will only increase the amount of resources, time and legal fees spent -- resources that could be put toward catching those responsible for the attack. In the credit card heists involving TJX and Heartland Payment Systems hacker Albert Gonzalez, organizations that spent resources to conceal their identity were eventually forced to reveal who they were when the case reached the criminal courts. Trying to conceal the compromise likely ended up costing more in the end.
Instead of fighting to conceal your identity as long as you can, consider how to get in front of a data breach by viewing law enforcement as a partner instead of an enemy. It is a far better strategy to have your legal team prepped on how they can work with law enforcement while putting measures in place that are sensitive to the needs of your business as you cooperate. For example, you could identify any particularly sensitive information, such as network diagrams, and inquire whether this information could be redacted prior to disclosure or disclosed under a protective order. This way you are able to share critical information desperately needed by law enforcement authorities while still protecting your business. In data breach cases, law enforcement often understands that being sensitive to a victim's needs works better for both sides in the long run.
2. Lower forensic investigation costs
Because cybercrime gangs use the same tactics to target multiple companies, law enforcement may know more about how they got into your system than the forensic team you bring in. You can save time and resources right away by cooperating and obtain valuable intelligence for your forensic team so they will know where to begin looking or how to better adjust their technology solution. This information can help you strengthen your network or mitigate the problem faster.
3. It's the right thing to do
We all need to work together to fight organized cybercrime. The longer an organization stays silent, the more time and opportunities the cybercriminal has to use the same tactics to target another organization. Not cooperating only increases their profit margin, which they then re-invest to become better at attacking us.
Data breach victims not coming forward is akin to a neighborhood riddled with gang crime and no witnesses. We end up watching helplessly as the community continues to be terrorized. As we watch these hacking rings get into multiple systems, many feel the effect when one victim decides not to cooperate. By not cooperating, you hurt the greater community.
Criminals like Gonzalez may have never been convicted without the leadership from many of the victims who were willing to step forward and work with law enforcement in an unprecedented way. Reporting cybercrime and cooperating is the responsible thing to do and a giant step in the direction of fighting online financial crime.
Kim Getgen is principal at consulting firm Trust Catalyst. Kimberly Kiefer Peretti is former senior counsel with the U.S. Department of Justice Computer Crime and Intellectual Property Section, where she prosecuted the Albert Gonzalez-related cases. Send comments on this column to email@example.com.