5 Law Enforcement & Emergency Response Bodies IT Departments Should Know
It's smart for businesses to strengthen their relationships with law enforcement before a cyberattack takes place. Whom should they contact, and how will it help after a breach?
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltdaca430d4098f35b/64f0db0ca3f42b3ed6a3f247/LawEnforcement_Slide1.jpg?width=700&auto=webp&quality=80&disable=upscale)
If your business was the victim of a cyberattack tomorrow, whom would you call?
For many organizations, the immediate response following a breach is to contact law enforcement. Depending on the business and severity of the situation, this could mean calling a local law enforcement branch or reaching out to the FBI.
It's a wise decision made at the wrong time. By the time an attack has occurred, it's already too late to coordinate a rapid and effective response with law enforcement agencies.
"It is very important, prior to a breach, for a business to have a relationship with law enforcement," explains information security consultant Shane Shook. "Too often, there is no pre-existing relationship, no means of communication."
This communication gap can prove dangerous for victims of cybercrime.
If your organization's first contact with law enforcement takes place the day of a breach, you risk having the wrong responders arrive on site. It will take time to secure the right experts and provide them with the information they need, a delay that leaves businesses vulnerable.
This problem affects organizations of all sizes. Shook, who has worked on large breaches, including the Sony and Target attacks, explains how major organizations struggled in the critical response stages. It was a slow process to contact law enforcement and establish the communication and chains of command necessary to respond, he says.
Given the rampant increase in cybercrime, businesses should be building a rapport with law enforcement so they know whom to contact following a breach. These relationships should start at the local and regional levels of law enforcement, says Shook.
It's an important step in building a cybersecurity strategy, and most businesses fail to take it. Historically, most organizations are shy about partnering with the FBI and other law enforcement agencies because it might reveal sensitive information.
In this day and age, however, these relationships are critical amid the growing risk to businesses. Law enforcement agencies should be viewed as partners to assist in emergencies, says Shook, and more businesses should be open to their help.
Here, we take a closer look at the law enforcement agencies to know before a cyberattack takes place, and which to contact in the aftermath of a breach. Has your organization started to build a relationship with law enforcement? Do you intend to? Which agencies have you worked with?
Businesses should be reaching out to regional law enforcement before a cyberattack, advises Shook. Federal services act as an intermediary between an organization and various federal law enforcement agencies, including the Secret Service and FBI.
Different types of cyberattacks are handled by different branches of law enforcement. For example, many people in the US don't know that money-related crimes are handled by the Secret Service and not the FBI. Many calls to the FBI's regional officers are transferred to the Secret Service.
"The Secret Service is very fraud-focused," says Derek Manky, global security strategist at Fortinet. "Anything from identification theft to credit card-related crime, anything in that realm is handled by the Secret Service." In contrast, the FBI is more focused on targeted cyberattacks. Specifically, the FBI has recognized the importance of establishing these corporate relationships and is being more proactive about working with businesses.
Shook explains how the FBI has started an outreach program for local and regional field offices, through which agents can develop relationships with major companies so they know whom to contact in the event of a cyberattack.
The Internet Crime Complaint Center (IC3) is a place where organizations can contact the FBI if they have been the victim of cybercrime or know someone else who has been. It's intended to handle all aspects of Internet crime; for example, those related to websites, chat rooms, or email.
You can file a complaint with the IC3 regardless of citizenship, so long as the victim or perpetrator of Internet crime is located in the US. The IC3 evaluates complaints based on the extensiveness and accuracy of data provided. As part of your complaint, it'll ask you to submit information such as victim name and address, the perpetrator's name and address, financial transaction information, and details of the crime.
The first thing your company should do in the immediate aftermath of a cyberattack is contact in-house counsel, suggests Shook, whose clients often call him for advice following a breach.
Every company has policies in place to provide guidance on risk management and operational issues following an incident. These practices have been defined as part of collaboration among executive leadership, shareholders, and other corporate professionals.
This recommendation stands whether or not your business has a relationship with law enforcement. In speaking with general counsel, you'll learn about privacy policies that may affect the type of information shared with outside help. This step will also involve risk-management professionals who know the notification procedures for whom should be informed of the incident.
Each region of the world has its own cyber emergency response organization, explains Manky. In the US, this body is called the United States Computer Emergency Readiness Team (US-CERT).
CERT organizations are the best to contact in the aftermath of a breaking cyberattack, he continues. If your business is the victim of cybercrime and there are forensics involved, or you need more technical information, CERT is the agency to contact. This step would be advisable if, for example, you experienced a DDoS attack or needed more information about a specific type of malware.
There are various cyber emergency response organizations to assist with crime across the globe, so your best contact will vary depending on where you are. CERT EU, for example, addresses emergency response situations in Europe. Korean businesses would turn to the Korea Internet & Security Agency (KISA).
The recommended steps for handling these attacks vary across geographies. "Cybercrime has no borders," says Manky. "In each area of law, in each country, policies are different."
The International Criminal Police Organization (Interpol) is an intergovernmental body created to enable police cooperation among nations. As a central index, it's a good organization to contact for defining the appropriate means of addressing cybercrime, says Manky.
Unlike the FBI, which has prosecutorial power, Interpol holds more of an advisory role in helping organizations with cybercrime. Its job is to support its member countries with investigations and response, but oftentimes individual cases are turned over to the domestic ports where crimes were committed.
Unfortunately, Interpol doesn't make it easy to get in touch with experts before or after a cyberattack, advises Shook. The biggest issue in working with the organization is there is no codified set of instructions or phone number for businesses to use if they experience an attack.
In order to establish a contact at Interpol, Shook recommends businesses try and reach out to international federal services associated with Interpol. Industry conferences can be good places for CISOs and staff to connect with security professionals in the FBI, Secret Service, and other organizations.
The recommended steps for handling these attacks vary across geographies. "Cybercrime has no borders," says Manky. "In each area of law, in each country, policies are different."
The International Criminal Police Organization (Interpol) is an intergovernmental body created to enable police cooperation among nations. As a central index, it's a good organization to contact for defining the appropriate means of addressing cybercrime, says Manky.
Unlike the FBI, which has prosecutorial power, Interpol holds more of an advisory role in helping organizations with cybercrime. Its job is to support its member countries with investigations and response, but oftentimes individual cases are turned over to the domestic ports where crimes were committed.
Unfortunately, Interpol doesn't make it easy to get in touch with experts before or after a cyberattack, advises Shook. The biggest issue in working with the organization is there is no codified set of instructions or phone number for businesses to use if they experience an attack.
In order to establish a contact at Interpol, Shook recommends businesses try and reach out to international federal services associated with Interpol. Industry conferences can be good places for CISOs and staff to connect with security professionals in the FBI, Secret Service, and other organizations.
If your business was the victim of a cyberattack tomorrow, whom would you call?
For many organizations, the immediate response following a breach is to contact law enforcement. Depending on the business and severity of the situation, this could mean calling a local law enforcement branch or reaching out to the FBI.
It's a wise decision made at the wrong time. By the time an attack has occurred, it's already too late to coordinate a rapid and effective response with law enforcement agencies.
"It is very important, prior to a breach, for a business to have a relationship with law enforcement," explains information security consultant Shane Shook. "Too often, there is no pre-existing relationship, no means of communication."
This communication gap can prove dangerous for victims of cybercrime.
If your organization's first contact with law enforcement takes place the day of a breach, you risk having the wrong responders arrive on site. It will take time to secure the right experts and provide them with the information they need, a delay that leaves businesses vulnerable.
This problem affects organizations of all sizes. Shook, who has worked on large breaches, including the Sony and Target attacks, explains how major organizations struggled in the critical response stages. It was a slow process to contact law enforcement and establish the communication and chains of command necessary to respond, he says.
Given the rampant increase in cybercrime, businesses should be building a rapport with law enforcement so they know whom to contact following a breach. These relationships should start at the local and regional levels of law enforcement, says Shook.
It's an important step in building a cybersecurity strategy, and most businesses fail to take it. Historically, most organizations are shy about partnering with the FBI and other law enforcement agencies because it might reveal sensitive information.
In this day and age, however, these relationships are critical amid the growing risk to businesses. Law enforcement agencies should be viewed as partners to assist in emergencies, says Shook, and more businesses should be open to their help.
Here, we take a closer look at the law enforcement agencies to know before a cyberattack takes place, and which to contact in the aftermath of a breach. Has your organization started to build a relationship with law enforcement? Do you intend to? Which agencies have you worked with?
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024