web analytics

Cybersecurity: How Can Companies Benefit From FBI and Homeland Security Collaboration? – Source: www.techrepublic.com

cybersecurity:-how-can-companies-benefit-from-fbi-and-homeland-security-collaboration?-–-source:-wwwtechrepublic.com
Rate this post

Source: www.techrepublic.com – Author: Ray Fernandez

Malware Ransomware virus encrypted files and show key lock with world map on binary code and gear background. Vector illustration cybercrime and cyber security concept.
Image: nicescene/Adobe Stock

The latest cybercrime studies confirm that attacks are once again at an all-time high. But as ransomware continues to reign, and nation-state attacks and espionage-related incidents rise, authorities warn that the numbers reported may only be the tip of the iceberg.

A recent report by the U.S. Government Accountability Office, highlighting federal U.S. agencies’ challenges with reporting mechanisms, assures that cybercrime is likely underreported.

The reasons why large, medium and small companies choose not to report a cyberattack include fear of reputation damage, business disruption and the risks of sharing data with the government. These misconceptions are impacting private companies, as they fail to recognize the benefits of working with federal agencies and law enforcement to respond to cybercrime.

On July 20, I attended the Northeast Cybersecurity Summit. At the event, agents from the FBI and Homeland Security revealed how cyberintelligence collaboration works and how companies can leverage it.

Jump to:

Business disruption: What really happens when the FBI or Homeland Security shows up?

One of the main myths regarding the involvement of federal agencies and authorities is the disruption of business operations. Companies may think that calling federal agencies can complicate an already difficult situation.

“I think there are some misconceptions out there about either the FBI, Homeland Security or any law enforcement agency,” Jeff Hunter, special agent of the FBI, said. Hunter added that companies often think that when authorities show up, they will take away all the servers and shut down business operations. “That’s really not the reality,” Hunter said.

Computer forensics: The benefits of reporting and making the call

Hunter highlighted the FBI’s interest in establishing a two-way dialogue from the start.

“For example, with ransomware, the FBI has a case on every ransomware variant out there,” he said. “So with quick notification, we’re able to put you in direct contact with the actual agents that are working that variant to get to you the IoC [indicators of compromise] very quickly.”

Indicators of compromise in computer forensics is evidence or clues, often in the form of metadata breadcrumbs, that help organizations resolve cyber incidents, revealing key information about the attack and the attacker.

Hunter added that the FBI can also help, for example, by providing a list of IPs related to the incident, which a company may want to blacklist while doing triage: identify, prioritize and resolve.

“We understand that usually, when we get the call, it’s because ‘the house is on fire,’” Hunter said, stressing that the goal of the FBI isn’t to create further chaos but to help companies by offering them the bureau’s resources.

Mark Gibble, officer of the Homeland Security Investigations Task Force at the Department of Homeland Security, agreed with Hunter and added, “For you, it’s a big deal, it’s ‘your home,’ ‘your castle,’ but for us, it might be the third or fourth incident we’ve been to in the same day.”

“So, in addition to the IoC, sometimes we may have already found some of your exfiltrated data,” Gibble said. “Or, we may have some insight into where some of the compromises living on your system are located.”

Gibble also highlighted the importance of reporting minor incidents.

“Sometimes you might be having a small problem,” Gibble said. “And when we show up, we might say it’s about to get much bigger. Here’s the information; go for it. Fix ‘your house.’”

In the U.S., there are several federal and state security breach notification laws, which include the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act and the California Consumer Privacy Act. Emerging legislation, such as the Cyber Incident Reporting for Critical Infrastructure Act and the U.S. Securities and Exchange Commission rule, are putting pressure on companies to report cybercrime.

Still, there needs to be more clarity about the mandates and legal requirements that companies have to notify, cooperate and collaborate with the government when they experience a breach.

Homeland Security and the FBI can help companies answer critical questions, Gibble said. Questions such as:

  • What have other corporations who suffered the same type of attack done in the last 48 hours?
  • How will the attack evolve?
  • Who is behind it, and what’s happening?
  • Should our company pay the ransom?

Gibble added that Homeland Security or other agencies might also have information on the particular threat actor running the attack and provide a broader perspective. While companies have their own research, preparedness and incident response plans, Homeland Security, for example, has national and global data on cybercrime, Gibble added.

SEE: TechRepublic Premium’s Incident Response Policy

Who to contact when a cybersecurity attack strikes

Companies and security teams are also often confused about who to contact when a cybersecurity attack begins to unfold. With different agencies involved, state and national jurisdictions in play, and different task forces specializing in different types of attacks, who should they call first?

“Notifying any law enforcement agency is obviously advisable,” Hunter said. The special agent explained that companies can reach out to the FBI, the Secret Service, Homeland Security and other local authorities that coordinate with federal agencies. All federal and state authorities work together when it comes to U.S. cybercrime and will put a company in contact with the best and closest on-ground resource if requested.

Being more specific, Hunter advised companies to contact CyWatch. “That’s the FBI’s cybersecurity incident response, 24-hour hotline. CyWatch can be contacted by phone at (855) 292-3937 or by e-mail at CyWatch@ic.fbi.gov. They can route you to the FBI field office that covers that incident very quickly. You could be on the phone with either a cyber supervisor or the agents that are actually working on that variant very quickly.”

And if the FBI finds out that counsel represents a company, it will seek to include the counsel early in the conversation. “We like to bring everybody in and make it a very collaborative conversation,” Hunter said.

“A pre-existing relationship with your FBI office before an incident occurs is paramount,” Hunter said. Having this relationship builds trust and speeds up processes.

Why companies should establish pre-existing relationships with FBI and Homeland Security

Another question companies usually have is whether a determined agency works with specific cybercrimes. Does the contact change if the type of attack (e.g., nation-state attacks or crypto crimes) changes?

“Homeland Security focuses on a lot of Dark Web and ransomware,” Gibble said. “Whereas the Secret Service is doing a lot of crypto tracing. If I have a crypto-tracing question, I’m going to ask them,” Gibble said and added that the FBI, given its long-standing history and size, can redirect calls to local resources closer to the incident.

“At the end of the day, call someone, and we will get it to the right person; we are not going to drop the ball or blow you off,” Gibble said. Contact with authorities can be provided via phone calls or conferences, even in rural areas. Additionally, if a company wants an agent to be present, it can be arranged by linking state or local law enforcement offices.

Gibble agreed with Hunter that the best way to answer the question of whom to contact is to establish a pre-existing relationship and integrate the contact into the incident response plan. Companies that establish pre-existing relationships will also feel more comfortable when an incident occurs, as they already know the law enforcement agent. The pre-existing relationship can also help navigate the complexities of sharing data with government agencies.

Final takeaways for businesses

Experts on the panel concluded the event with advice for companies. The importance of taking ownership of security and reaching out to others in the same sector, law enforcement or academics was stressed by Gibble.

“That’s how law enforcement is learning. None of us are born with intuitive knowledge,” Gibble said. “Increase your brain trust.”

In addition, businesses should conduct a data and system inventory and have an incident response or forensic team that can come in and help during an attack. Incident response plans should be updated monthly rather than yearly, and employees must be educated to recognize malicious messages.

“Sounds simple, but the majority of incidents that I investigate are still tracked back to an employee clicking on a malicious link,” Hunter said.

Companies can benefit by building relationships with law enforcement agencies, whether it be the FBI, Homeland Security, the Secret Service or local departments. Through collaboration, they can leverage the expertise law enforcement has on areas like forensics, laws, global trends, specific technologies and attacks, remediation and response techniques, and broader global information. This collaboration can help the private sector better respond to attacks and resolve them more rapidly and efficiently, while strengthing national and international digital security.

Companies that want to contact Homeland Security can do so through the Cybersecurity and Infrastructure Security Agency, which leads the U.S. effort to reduce cybercrime. CISA can be contacted by email at central@cisa.gov or by phone at 888-282-0870. Additionally, different incidents can be reported to CISA at its incident report site. The FBI can be contacted through the Internet Crime Complaint Center. The IC3 is the U.S. central hub for reporting cybercrime.

Original Post URL: https://www.techrepublic.com/article/cybersecurity-fbi-homeland-security/

Category & Tags: Collaboration,CXO,International,Security,cybersecurity,cybersecurity threats,fbi,homeland security,ransomware – Collaboration,CXO,International,Security,cybersecurity,cybersecurity threats,fbi,homeland security,ransomware

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response