Working with law enforcement in the aftermath of a data breach doesn't have to be scary and one-sided, writes John Sawyer, contributing writer for DarkReading.
Fueled by the fact that many companies are afraid to call in law enforcement at all after they've been hacked, attackers are confident they can break in and steal data without repercussion. But companies not disclosing breaches to law enforcement actually help attackers, acting deputy assistant director for the FBI's Cyber Division Jeffrey Troy told Dark Reading in March. "It's to the advantage of the bad guys if you don't share that information," he said. "We're trying to get people to understand that."
So how can you effectively work with law enforcement agencies? One of the keys is to be prepared with a solid, tested incident-response plan that addresses evidence collection and preservation -- including details such as who liaises with law enforcement. Success goes beyond policy and technical tools: Never underestimate the benefits associated with having a good relationship with local law enforcement agencies prior to an incident, for example. It can ease the process greatly when the players involved already know each other.
The FBI has been touting the changes in how it does business in cybercrime investigations. Troy pointed to how the bureau recently shared some key information with the financial sector information that it had discovered during an investigation. A bank was able to determine it had been breached based on the shared information and then reported back to the FBI. "This two-way sharing has increased. We consider it a critical part of our mission," Troy said.
Read the full article.