Request a Quote

Cybersecurity: How Can Companies Benefit From FBI and Homeland Security Collaboration?

We Keep you Connected

Cybersecurity: How Can Companies Benefit From FBI and Homeland Security Collaboration?

Cybersecurity: How Can Companies Benefit From FBI and Homeland Security Collaboration?
Your email has been sent
Agents of the FBI and Homeland Security at the Northeast Cybersecurity Summit revealed how cyberintelligence collaboration works. Learn more with our article.
The latest cybercrime studies confirm that attacks are once again at an all-time high. But as ransomware continues to reign, and nation-state attacks and espionage-related incidents rise, authorities warn that the numbers reported may only be the tip of the iceberg.
A recent report by the U.S. Government Accountability Office, highlighting federal U.S. agencies’ challenges with reporting mechanisms, assures that cybercrime is likely underreported.
The reasons why large, medium and small companies choose not to report a cyberattack include fear of reputation damage, business disruption and the risks of sharing data with the government. These misconceptions are impacting private companies, as they fail to recognize the benefits of working with federal agencies and law enforcement to respond to cybercrime.
On July 20, I attended the Northeast Cybersecurity Summit. At the event, agents from the FBI and Homeland Security revealed how cyberintelligence collaboration works and how companies can leverage it.
Jump to:
One of the main myths regarding the involvement of federal agencies and authorities is the disruption of business operations. Companies may think that calling federal agencies can complicate an already difficult situation.
“I think there are some misconceptions out there about either the FBI, Homeland Security or any law enforcement agency,” Jeff Hunter, special agent of the FBI, said. Hunter added that companies often think that when authorities show up, they will take away all the servers and shut down business operations. “That’s really not the reality,” Hunter said.
Hunter highlighted the FBI’s interest in establishing a two-way dialogue from the start.
“For example, with ransomware, the FBI has a case on every ransomware variant out there,” he said. “So with quick notification, we’re able to put you in direct contact with the actual agents that are working that variant to get to you the IoC [indicators of compromise] very quickly.”
Indicators of compromise in computer forensics is evidence or clues, often in the form of metadata breadcrumbs, that help organizations resolve cyber incidents, revealing key information about the attack and the attacker.
Hunter added that the FBI can also help, for example, by providing a list of IPs related to the incident, which a company may want to blacklist while doing triage: identify, prioritize and resolve.
“We understand that usually, when we get the call, it’s because ‘the house is on fire,’” Hunter said, stressing that the goal of the FBI isn’t to create further chaos but to help companies by offering them the bureau’s resources.
Mark Gibble, officer of the Homeland Security Investigations Task Force at the Department of Homeland Security, agreed with Hunter and added, “For you, it’s a big deal, it’s ‘your home,’ ‘your castle,’ but for us, it might be the third or fourth incident we’ve been to in the same day.”
“So, in addition to the IoC, sometimes we may have already found some of your exfiltrated data,” Gibble said. “Or, we may have some insight into where some of the compromises living on your system are located.”
Gibble also highlighted the importance of reporting minor incidents.
“Sometimes you might be having a small problem,” Gibble said. “And when we show up, we might say it’s about to get much bigger. Here’s the information; go for it. Fix ‘your house.’”
In the U.S., there are several federal and state security breach notification laws, which include the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act and the California Consumer Privacy Act. Emerging legislation, such as the Cyber Incident Reporting for Critical Infrastructure Act and the U.S. Securities and Exchange Commission rule, are putting pressure on companies to report cybercrime.
Still, there needs to be more clarity about the mandates and legal requirements that companies have to notify, cooperate and collaborate with the government when they experience a breach.
Homeland Security and the FBI can help companies answer critical questions, Gibble said. Questions such as:
Gibble added that Homeland Security or other agencies might also have information on the particular threat actor running the attack and provide a broader perspective. While companies have their own research, preparedness and incident response plans, Homeland Security, for example, has national and global data on cybercrime, Gibble added.
SEE: TechRepublic Premium’s Incident Response Policy
Companies and security teams are also often confused about who to contact when a cybersecurity attack begins to unfold. With different agencies involved, state and national jurisdictions in play, and different task forces specializing in different types of attacks, who should they call first?
“Notifying any law enforcement agency is obviously advisable,” Hunter said. The special agent explained that companies can reach out to the FBI, the Secret Service, Homeland Security and other local authorities that coordinate with federal agencies. All federal and state authorities work together when it comes to U.S. cybercrime and will put a company in contact with the best and closest on-ground resource if requested.
Being more specific, Hunter advised companies to contact CyWatch. “That’s the FBI’s cybersecurity incident response, 24-hour hotline. CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at CyWatch@ic.fbi.gov. They can route you to the FBI field office that covers that incident very quickly. You could be on the phone with either a cyber supervisor or the agents that are actually working on that variant very quickly.”
And if the FBI finds out that counsel represents a company, it will seek to include the counsel early in the conversation. “We like to bring everybody in and make it a very collaborative conversation,” Hunter said.
“A pre-existing relationship with your FBI office before an incident occurs is paramount,” Hunter said. Having this relationship builds trust and speeds up processes.
Another question companies usually have is whether a determined agency works with specific cybercrimes. Does the contact change if the type of attack (e.g., nation-state attacks or crypto crimes) changes?
“Homeland Security focuses on a lot of Dark Web and ransomware,” Gibble said. “Whereas the Secret Service is doing a lot of crypto tracing. If I have a crypto-tracing question, I’m going to ask them,” Gibble said and added that the FBI, given its long-standing history and size, can redirect calls to local resources closer to the incident.
“At the end of the day, call someone, and we will get it to the right person; we are not going to drop the ball or blow you off,” Gibble said. Contact with authorities can be provided via phone calls or conferences, even in rural areas. Additionally, if a company wants an agent to be present, it can be arranged by linking state or local law enforcement offices.
Gibble agreed with Hunter that the best way to answer the question of whom to contact is to establish a pre-existing relationship and integrate the contact into the incident response plan. Companies that establish pre-existing relationships will also feel more comfortable when an incident occurs, as they already know the law enforcement agent. The pre-existing relationship can also help navigate the complexities of sharing data with government agencies.
Experts on the panel concluded the event with advice for companies. The importance of taking ownership of security and reaching out to others in the same sector, law enforcement or academics was stressed by Gibble.
“That’s how law enforcement is learning. None of us are born with intuitive knowledge,” Gibble said. “Increase your brain trust.”
In addition, businesses should conduct a data and system inventory and have an incident response or forensic team that can come in and help during an attack. Incident response plans should be updated monthly rather than yearly, and employees must be educated to recognize malicious messages.
“Sounds simple, but the majority of incidents that I investigate are still tracked back to an employee clicking on a malicious link,” Hunter said.
Companies can benefit by building relationships with law enforcement agencies, whether it be the FBI, Homeland Security, the Secret Service or local departments. Through collaboration, they can leverage the expertise law enforcement has on areas like forensics, laws, global trends, specific technologies and attacks, remediation and response techniques, and broader global information. This collaboration can help the private sector better respond to attacks and resolve them more rapidly and efficiently, while strengthing national and international digital security.
Companies that want to contact Homeland Security can do so through the Cybersecurity and Infrastructure Security Agency, which leads the U.S. effort to reduce cybercrime. CISA can be contacted by email at central@cisa.gov or by phone at 888-282-0870. Additionally, different incidents can be reported to CISA at its incident report site. The FBI can be contacted through the Internet Crime Complaint Center. The IC3 is the U.S. central hub for reporting cybercrime.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Cybersecurity: How Can Companies Benefit From FBI and Homeland Security Collaboration?
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Microsoft is also running a grant competition for ideas on using AI training in community building.
Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.
Does your business need a payroll provider that offers international payroll services? Use our buyer’s guide to review the best solutions, from ADP to Oyster.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
The practical implementation of effective backup solutions can be overwhelmed by jargon and cryptic terminology. This quick glossary from TechRepublic Premium can help you understand these concepts and provide a framework for learning to master the art of data backup procedures and solutions. From the glossary: MULTIPLEXING Refers to the common practice of combining multiple …
Organizations, regardless of size, should have a disaster recovery and business continuity plan. Such a plan helps IT pros create policies that address critical elements and processes that should be considered and implemented before a crisis occurs. This plan from TechRepublic Premium provides a roadmap that organizations can follow. From the policy: DISASTER PLAN IMPORTANCE …
This policy from TechRepublic Premium provides a working framework for establishing rules and procedures that prohibit drug and alcohol use on company premises or in company vehicles. From the policy: EMPLOYEE ASSISTANCE The use of illegal drugs and the abuse of legal drugs and alcohol have many numerous harmful effects and consequences on health and …
Keeping up with the latest technological innovations in augmented reality requires a thorough understanding of the underlying terminology. This quick glossary, courtesy of TechRepublic Premium, explains terms related to AR and various business applications. From the glossary: EXTENDED TRACKING Extended tracking enables the continuous presence of digital augmentations, affixed to objects, scenes or images, within …

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE