ProCircular Information Security Experts Corner

Involving the FBI After a Cybersecurity Incident

Posted by Patrick Quinn on Feb 20, 2018 9:38:41 AM

U.S. FBI.svgU.S. Federal Bureau of Investigation (FBI) Special Agent Jeffrey Huber, who runs point on cybersecurity for the state of Iowa, was on hand at a recent ProCircular roundtable to talk about the FBI’s Cyber Division and its role in addressing cybercrime.

Here, we’re sharing some of the tips Huber passed along to the small group of technology and cybersecurity roundtable participants from across Iowa.

The FBI’s Focus on Cybersecurity
First, Huber shared that the FBI’s cybersecurity efforts are focused on three areas:

  1. Computer/network intrusions
  2. Ransomware
  3. Identity theft

Huber also wants Iowans to know that the FBI isn’t able to provide incident response or onsite recovery services after a data breach. The division isn’t equipped to fix systems or issues, and their focus isn’t on the quality of cybersecurity plans and solutions.

Instead, once the dust settles, the FBI’s role is to uncover what happened, who should be held responsible, and the motivation for the attack. After an event, the FBI Cyber Action Team (CAT) can be onsite within roughly 48 hours for fact-finding support. This team has the investigative skills, forensics knowledge, and important established relationships to figure out what happened.

Once the FBI is involved, they may ask for information like:

  • Involved IP addresses
  • Copies of messages or malware
  • Log data and trails of activities leading up to the event
  • Emails and email addresses related to any phishing attempts

Based upon their findings, they may also work with state and local law enforcement in your area.

What Should I Do if My Data Has Been Compromised?
If a breach has occurred, reporting the event to the FBI isn’t required – it’s definitely a choice. But the FBI prefers to hear about all breaches. Why? Because, for example, one breach could be connected to several others; knowing about as many of these incidents as possible could help the FBI narrow in faster on what’s happening (and who’s behind the attacks).

Reporting an event to the FBI can also help reassure anyone impacted by the breach (employees, customers, etc.) that your organization is taking the situation seriously and working hard to identify the source of the problem.

If you choose to involve the FBI, the first recommendation will be to contact your financial institution immediately, along with your incident response team. Your incident response team should be ready to act quickly to help determine the scope of the breach, the cause, and potential solutions to prevent it from happening again. The team should also be able to help you recover your data if it was lost.

Don’t have an incident response team in place? Now’s a great time to look for one. Search for a local firm, if possible, that offers fast, 24/7 onsite service and can help you mitigate risk and exposure quickly to keep potential impacts to a minimum.

The next step will be to contact the FBI’s Internet Crime Complaint Center (IC3). This resource is a central hub that serves as a reporting mechanism for criminal complaints regarding fraud. Filing a report with IC3 alerts authorities to suspected criminal or civil violations. From there, the organization focuses on leads and notifies law enforcement and regulatory agencies about the incident. Data is analyzed and aggregated to identify major cases to investigate.

In the event of a breach, Huber also recommends that you contact the FBI directly within the first 72 hours, especially if financial transactions are involved. (Because of its access to global resources, they can sometimes help recoup funds.)

It’s important to note that reporting an incident to the FBI doesn’t cancel out the need to inform other federal bodies that may need to know (such as HIPAA, for example), especially when financial or healthcare organizations are involved.

Want to learn more about how to respond effectively in the event of a breach? Or looking for an incident response partner that can help you prepare for whatever may happen in the future? Send us a note – we’d love to answer your questions!

Topics: hacking, Incident Response, Data Breach, FBI