Businesses should contact the Police as early as possible about cyber crime- even before they are targeted.
Current reporting mechanisms are “clunky” and there plans to replace them, he said, but in the meantime, businesses can make direct contact with the cyber divisions of the National Crime Agency (0370 496 7622) UK-wide or the Met Police for cyber crime in London (0207 230 8129) or 01452 752644 in Gloucestershire.
“Businesses can call us to discuss what is happening and get advice without having to officially report a crime and without fear of it leaking to the media or regulators,” said Lilburn, adding that some of the biggest cyber crime cases his unit has worked on have never been reported in public.
“If businesses contact us about cyber crime in action, we can advise them on how to mitigate the attack, preserve evidence, and how to communicate with cyber extortion gangs and even the media if necessary in the case of high-profile attacks,” he said.
However, Lilburn said businesses should engage with police even before they are targeted by cyber criminals.
“We offer a service of conducting table-top exercises with businesses so they can experience what it is like to work with the police in the event of an attack by cyber criminals and learn what kind of information we will need and the kind of questions we will ask,” he said.
Businesses should also develop plans for engaging with law enforcement before they are targeted by cyber criminals, and practice those plans in the same way they do fire drills, said Kurt Pipal, assistant legal attaché, office of the legal attaché at the FBI.
“Businesses should ensure they understand what law enforcement can do for them, what investigators are likely to ask for, and what they can do to help any investigation,” he said, adding that they should get their legal counsel involved because they are going to be one of the first points of contact with the police in the event of a cyber criminal attack.
“Many firms fear reputational damage and media exposure, but engaging early with law enforcement before anything happens often alleviates many of these types of concerns and makes them more comfortable in working with law enforcement when they are attacked,” said Pipal.
Police encourage information sharing
Cyber crime is almost always international in nature, but that should not put businesses off reporting cyber criminal activities, even if they appear to be coming from overseas or conducted through anonymising proxies, said Lilburn.
Many of the recent botnet takedowns involving the FBI have been the result of international law enforcement agencies working together, said Pipal.
“While cyber criminals may be based in countries where we cannot reach them, they also like to go on vacation, and often they go to countries where we do have the ability to make arrests, so businesses should talk to law enforcement about the cyber criminal activities they are seeing,” he said.
“Law enforcement should learn from this and also begin to find ways to collect information about bad actors that can be queried by law enforcement agencies around the world,” he said.
“Just because cyber criminals are located in other countries or appear to be anonymous, businesses should not assume we will not be interested or that we will not be able to take action against those responsible”
Many of these third parties are small and medium enterprises that work as suppliers or partners to larger organisations, but these businesses typically do not have the same level of security awareness or resources as their bigger partners, said Ferguson.
“While large organisations have the resources to understand and respond to threat intelligence gathered through industry forums and the government-sponsored cyber security information sharing partnership (Cisp) and the national computer emergency response team, Cert-UK, smaller businesses do not,” he said.
Indeed Cyber Security Force are part of theGloucestershire Safer Cyber Forum- which is founded and run by the Gloucestershire Constabulary.