More Reporting of Cyber Attacks Would Aid FBI, Official Says
"Our lifeblood is being stolen and is being used for competitive advantage,” Joseph Demarest said in a Nov. 14 speech at the National Defense Industrial Association Homeland Security Symposium in Arlington, Va.
In the past, the FBI has acknowledged businesses' hesitance to report cyber crimes because of factors such as possible erosion of shareholder confidence or exposing business practices.
“There's some concern on behalf of the private sector … [that] if they bring us something, it will wind up in a court of law,” he said. “If you have something, and you're concerned about reporting it and where it goes, how it's maintained, we should talk that through."
Companies should share information with the FBI before a bigger attack happens, Demarest added. "The time to form that relationship is when it's blue skies, the sun is shining, and not when it's 2 o’clock in the morning and realized you've just had a major breach and lost significant information technology.” This relationship building is especially important for smaller businesses that do not have large IT teams or sophisticated defenses, he said.
In the past few years, the FBI has ramped up its attention to cyber crime. Statistics on the growing amount of attacks are “staggering,” Demarest said, pointing to a 4 percent growth in the number of complaints received by the bureau’s Internet Crime Complaint Center from 2010 to 2011.
In October, the bureau unveiled its Next Generation Cyber Initiative, which allows investigators to send information about suspicious cyber activity to a team of specialists who are available 24/7. The FBI expects this will help identify the attacker and motive more quickly.
Additionally, the FBI is hiring computer scientists, aiming to assign one to each of its 56 field offices, Demarest said. The bureau also created a cyber task force in each office.
Even minor intrusions can have a major impact on businesses, Demarest said, pointing to spear phishing — when an intruder poses as a trusted entity such as a business associate or financial institution in an email in order to gain information. He advised businesses to educate their employees on basic security measures, such as identifying potentially malicious emails.
When asked whether the FBI’s call for more reporting could result in an overwhelming amount of complaints, Demarest said that although it might be difficult to “pick out the wheat from the chaff,” a broader set of data would help the bureau to more easily see trends.
Photo Credit: iStockphoto