This document summarizes a presentation on trends in cybercrime and preparing for data breaches. It discusses how companies that store covered information have regulatory requirements to protect that data and will likely experience a breach. If unprepared, a breach can be costly due to expenses of remediation, impact to brand, and business disruption. The presentation advises organizations to develop and regularly test breach response plans, audit all systems and data stores, and establish relationships with law enforcement agencies. Federal legislation is also being pursued to standardize breach notification across states. Resources for breach response and law enforcement assistance are provided.
2. TO CATCH A CYBER CRIMINAL: TRENDS IN CYBER CRIME
Andreas Kaltsounis, Special Agent Department of Defense, Inspector General
Andrew Friedman US Department of Justice, Western District of Washington
Craig Spiezle, CEO & Executive Director Online Trust Alliance
Timothy Wallach, Supervisory Special Agent, Cyber Task Force Federal Bureau of Investigation
6. Open Dialog
•
Contacting Law Enforcement
•
When, Who, Why, How
•
Regulatory Requirements –
•
State, FTC, FCC, SEC ….. & International
•
Incidents vs Attempts
•
The need for threat intel
7. Role of Law Enforcement
•
What specific assistance can LE responders provide during or after an incident that adds value to an organization's incident response? What is outside the scope of LE?
9. Status of Federal Breach Legislation
•
Two weeks ago President Obama stated, "Today, data breaches are handled by dozens of separate state laws, and it's time to have one clear national standard that brings certainty to businesses and keeps consumers safe."
11. Summary
•
Be prepared!
•
Develop, test and update your plans quarterly
•
Complete an audit of all systems, data stores and cloud providers.
•
Develop a relationship with the appropriate Law Enforcement Agency in the next 72 hours!
•
Validate your Boards “Risk Appetite”
12. Resources
•
Data Breach Response Readiness Guide https://otalliance.org/breach
•
FBI Cybercrime Resources http://www.fbi.gov/about-us/investigate/cyber/cyber
•
InfraGard https://www.infragard.org/
•
Internet Crime Complaint Center (IC3) http://www.ic3.gov/default.aspx
•
U.S. Department of Defense http://www.defense.gov/home/features/2013/0713_cyberdomain/
13. Contract Us
•
Andreas Kaltsounis Andreas.Kaltsounis@DODIG.MIL
•Andrew Friedman Andrew.Friedman@usdoj.gov
•Craig Spiezle +1 425-455-7400 craigs@otalliance.org
•Timothy Wallach Timothy.Wallach@ic.fbi.gov