In the physical world, people report burglaries to law enforcement all the time. Although some individual crimes may go unsolved because of size or volume, reporting contributes to better policing overall. That’s why it’s important to tell law enforcement whenever your business has experienced a cybercrime incident – even an unsuccessful one.
Reporting gives law enforcement valuable intelligence about crime trends, attack methods, victim types, and financial costs. More accurate crime statistics lead to better decisions about staff resourcing, budgeting and reporting. If one type of crime like cybercrime is increasing noticeably, law enforcement can request more resources for their investigative teams. As a result, these added resources make those agencies better equipped to address cybercrime.
So what incentive does the infosecurity professional or IT manager have to report incidents rather than keeping them under wraps? “As a function, information security is an expense the business bears in order to reduce loss and risk. At the end of the day, its job is to protect the business, not to go after the bad guys. Reporting crimes to law enforcement helps take those responsible for crime off the internet,” says Brian Honan, CEO of BH Consulting.
The more that companies report, the more data law enforcement can gather and, crucially, share with other agencies. It’s a vital tool in targeting criminals, and is critical in combating cybercrime which by its nature is transnational. For example, in December, Romanian law enforcement officials arrested five people, including three suspected of spreading CTB-Locker or Critroni ransomware. The arrests came about after Europol, the FBI, and Dutch National Police shared intelligence with Romanian authorities.
Europol has a useful page with links for reporting cybercrime to law enforcement in every EU country. The No More Ransom project also has a similar page for specifically reporting a ransomware infection. This page directs readers to the relevant local law enforcement agency, where they can follow the link to report ransomware.
As well as advising reporting after an incident has happened, Brian also recommends proactive steps that infosec professionals can take. He suggests identifying the person in their local law enforcement who is responsible for investigating cybercrime. “Arrange to meet them informally, and ask them what they need from you to help them do their job,” he says.
It’s always better to know those contacts before a breach happens than during one. In addition, reporting an incident to law enforcement doesn’t necessarily mean it will become public. If discretion is called for, a good prior relationship with your local law enforcement agency could help.