Suspect a Cyber-Crime has Occurred? Your First Call Should be to Law Enforcement

I come over to your house I started throwing rocks at it I'm breaking windows and I'm doing damage what do you do should you you call oh shoot let's do that I would prefer that you call the police a containment operation either way we take probable salt now let's suppose I start throwing malware at your infrastructure you put up barriers high water you beef up your barriers most approaches to protecting your infrastructure and data are defensive in nature they put up barriers and they lock doors to keep me out every morning on my refreshed person with new technology and I'm out there throwing his fresh products at you I'm here today to propose you taking more

offensive stance as you gear up to protect your assets I'm going to propulsive one of the strongest weapons in your hospital can be law enforcement but today I'm going to tell you who's out there to help you and ways you can use their services

who's out there to help first of all I want to introduce you to the United States Department of Justice computer crime and intellectual property section if you try to get in touch with the Department of Justice and the cyber situation they're not going to want to hear your phone call they're going to tell you who you ought to talk to they work with other agencies and pursuit a resolution of cyber crimes the reason I believe the Department of Justice on this slide and I'm going to say I'm going to refer to slides as if you have them as if you can mark them up because I understand you'll get these slides later so this will be available as a

resource of another time for you and when you get the slides I want you to see this link down here and I wouldn't hammer the same see white papers and other documents because when you go to this website they go to that link among the resources that are Emil it's a 25 page document from the Department of Justice titled best practices for victim response and reporting cyber instance nothing is it's a very credible source for this guns but I'm going to know against my security and privacy plan for my business which all of you surely have and I lifted several important points from the government document and invented them into my document and then I file this as a

behind my security and privacy plan so for nothing I got a great resources to help me build a better package for my business who else is out there to help the Federal Bureau of Investigation there are two primary channels provided to you by the FBI the first one is the Internet Crime Complaint Center sometimes above I see three I'll say often referred to as I see that's a web-based resource it's easy to get to and it provides a way for you to electronically report and of a cyber incident a good example of a cyber incident do is report to that channel would be a phishing or threatening email I recently use that to submit an

extortion email that I got meant even included a bit coined one into which other suppose to deposit money I used I see debris that's the container to deliver that to the FBI before investigation the other channel that I want you to know about today is the FBI field office these are ribbon border offices there are 56 of them throughout the United States and they're staffed by agents ready to solve problems well here's a key word the private sector coordinator that's the person at the field office that will take the description of your situation and help you think through what your next steps are great now writing team with via the FBI linear facing as cyber incident

first of all the FBI has global and Nash reach they have a wide variety of technical skills and resources and their time and closely with global intelligence community submissions through either channel billing to a database that helps the FBI detect patterns and similarities to attack sources or attack forms coming from all over the country for that matter all over the globe

specifically what can you do another top of the fishing when you get your slice on this program there's a link no before dot-com I'm not pitching that company or any of their products I'm letting you know they have free resources they can synced up for free to launch phishing attacks against your own users to see just how adapt to the users are horribly responding to phishing attacks they can launch two types of attacks why don't where your users are asked to click on a link and one where your users are asked to volunteer smoke nuggets of information about your business and then they send you the results of how your people handled their tests when

they were confronted with phishing attacks you can do that for free don't even provide support to you with those tools that you hear so that's why that's up there reporting cyber events I put this resource here for completeness the national tip line but you normally wouldn't use that best for very dire circumstances didn't play in loving life or death or large-scale property that risk but this is IC 3 which i mentioned before and then what I put on during the our field office like where it's for field office number on there

I want to say that what you call the field office to report a cyber incident it's going to be a very easy comfortable call with someone who some feel that many cause with your type before they're going to help you think through but your next course of action is going to be black man's aren't going to show up with your place of business just because you caught the FBI line to report a cyber incident they're just going to discuss options for the sponsor here are some things I think everyone ought to know if you ever think you'll be in the midst of a cyber events cyber remember first they plan your response in advance the decision to

call law enforcement in the wake of a cyber event should be thought through before you never have a cyber event and frankly it's not my decision to make IT has a seat at the table but if your response to cyber event can flick your business and your brand at risk when the rest of the world gets a hold of the idea you just have a sign words out and you want business leadership thinking through in advance the conditions under which you would call law enforcement and the conditions under which you would you don't want to sit down in the face of a cyber incident not to think through whether you're choosing to call on horses when they're not I'd

also want to say that planning your response I mentioned before the private sector coordinator it's a really good idea to find out in advance cover your area officer field office and learn screw that coordinator gives most offices have at least one but you're going to want to get their name and put them that name into your recovery plan when I get that for my business my first month the FBI wasn't quite to have smooth because I didn't have his name so they looked me through there are auto attendant and treated me like I was reporting an incident now that I have this name when I called that same field office thing but me right through to the

person I have to talk to you don't want to spend the next three quarters of an hour on your first call trying to find that person you want that main in your plan and in my case when I was talking with my agent he said if I might hear you asked for this person and he affirmed that either of these two people or my best contact and he cyber incident and they'll hand me off to anyone that they keep appropriate in the case of an event okay sooner is better report promptly FBI says again and again don't wait till you have perfect information before you make that call as soon as there's a sense that you've got a cyber issue and

you're choosing to contact law enforcement they want to hear about it the sooner they have technology in Tulsa not follow trails can evaporate quickly so they want in on this as soon as possible speed is crucial that third point it might be is one of the most important points of my tap and that is that you're the victim in the face of a cyber attack your customers your employees the general public and highly visible politicians very often going to cast you as the irresponsible hapless janym a company that just got act you left the door up and you let someone in you did something brought you failed to update something you got hacked well the

Department of Justice and the FBI stand ready from the start in their words and in their writing and in your absence to recognize you too far the victim I say that you should dig your heels him on that posture and you're in trouble and it's getting invisible you need to revive yourself you're the victim and like the loud popular culture to cast you as the absent minded business that let that background all too often and the blatant of highly visible happy events we forget that out there is the bad guy that did the happy who's on the front page of the paper that's the person we've got hacked and all the flaming torches are be 200 them help law

enforcement catch the bad guys we're going to some time here that these attackers are coming from overseas you're gonna hear from security specialists will get a different China get them from Russia we don't have jurisdiction and we have no way to trace the through those channels back where that paper and I'm saying to you take that spot Lee Hartley true so I'm going to weeks ago we had a Chinese lady by yourself live away into Donald Trump's Club art with computer paraphernalia and the thumb drive with malware on it here in Westmoreland County coming up for trial as late facing two felony counts for three cyber attacks camera computer operations in the wide part of

Westmoreland County bad guys are here and the bad guys can be caught who listens to him command of the digital goddess anybody here listen to her radio just a couple of hands well I would guess that that she would appeal to this community that love but she has a big mouth piece and she dispenses a lot of advice she says the crooks were getting so much smarter and she says knowing she advises PC users when you find suspicious emails delete them and move on and I want to tweak that advice a little bit it only takes a couple minutes to take on fishing or threatening email and handing off I see three for their investigation

and to get it into their a the basis of the legacy patterns of the threats awesome when can command business delete it and move on I see three would likely to hang on anything suspicious you submit to them for a couple of weeks anyway because they then want to come and get that original from you even though you sent a copy up to I Steve bring my closing comments add some offense to your defensive strategies to tackle cyber threats team with law enforcement the FBI says again and again they flee they could suddenly help victims and they can only stop crimes from happening again when people take the time to report cyber incidents forget the bad guys and

gals get them identified prosecuted and punished that's my shot