13 hours Ago
Rob Harrison, SVP of Products & Services, Sophos . When a cyberattack hits your business, reporting the incident to law enforcement may feel like an additional burden at what is already a hugely challenging time. However, official bodies can provide valuable assistance to help with remediating an attack—and their support is invariably free.
In this article, I share practical advice to help you take maximum advantage of these public resources should you ever need to call on them. The Benefits Of Reporting The Attack If you're wondering whether it's worth your while reporting an attack, the answer is a resounding "yes." Our research found that 61% of organizations "had received advice on dealing with ransomware, while 60% received help investigating the attack," and "58% of those that had their data encrypted received help from law enforcement to recover their data from the ransomware attack.
" The remote, online nature of threat actors has facilitated the creation of centralized national units that specialize in combatting cybercrime. These specialist teams typically assist cybercrime victims by mainly providing: 1. Advice on how to deal with the attack (e.
g., what steps to take to remediate the attack, information on the different data protection regulators that need to be notified). 2.
Help investigating the attack using the skills and expertise of their specialist cyber teams. Here’s The Exact Time ‘Black Ops 6’ Launches On PC, Xbox And PS5 In Every Timezone [Update] Today’s NYT Mini Crossword Clues And Answers For Friday, October 25 SpaceX’s Crew-8 Returns NASA Astronauts To Earth After 7 Months 3. Help recovering data encrypted in the attack, including providing details of decryption keys that have already been made public.
Exact details and the mix of support varies on a country-by-country basis. The business benefits of reporting the attack also extend beyond the remediation of the immediate incident. Collective insights from the reporting of attacks enable law enforcement bodies (often working closely with their counterparts in other countries) to stop attacks at their source.
The takedown of the LockBit ransomware group in February 2024 is a good example of this, where the U.K.'s National Crime Agency (NCA) led the operation, working with the FBI, Europol and other countries as part of a long-running operation.
Should Reporting Of Ransomware Incidents Be Mandatory? Ransomware is one of the most prevalent cyber threats and can have a devastating impact on victims. In May 2024, Recorded Future News reported the U.K.
was set to overhaul its response to ransomware attacks, including introducing a requirement for all victims to report the attack to the government. The bill is expected to move forward in 2025. Mandatory reporting of ransomware attacks is already in place in some countries and sectors, with many public sector bodies already required to report the attack.
Extending this approach to all organizations would enable U.K. officials to build a more complete picture of the ransomware situation facing organizations and extend the dataset on which they base policy advice.
Essentially, the more they can see, the better they can respond. At the same time, governments must avoid placing additional burdens on organizations at what is already an incredibly stressful time. While our research found that over half (59%) of global organizations that did engage with law enforcement found the process easy or somewhat easy, it's clear there is still work to do here.
For reporting to be mandatory, it must be easy with a victim-oriented process. Governments should take care to avoid introducing further hurdles for victims to negotiate, exacerbating the impacts of the attack. How To Make The Most Of Law Enforcement While official support is available in the event of a cyberattack, the onus is on organizations to take advantage of the resources at their disposal.
Dealing with a ransomware incident or data breach is incredibly stressful, which is why effective preparation will stand you in good stead. With that in mind, here are steps to help businesses make the most of their law enforcement allies: 1. Know In Advance Who To Report To U.
S. victims can leverage the Cybersecurity and Infrastructure Security Agency ( CISA ), those in the U.K.
can get advice from the National Cyber Security Centre ( NCSC ), and Australian organizations can call on the Australian Cyber Security Centre ( ACSC ), to name but a few. Find out the contact information for the official bodies at your disposal and add this information to your incident response plan. Doing so in advance avoids the stress of needing to identify who to contact while dealing with the attack.
2. Report Promptly The quicker you remediate the attack, the lower the cost and impact. Business interruption costs are invariably the biggest expense incurred in major cyber incidents, so less downtime means a lower recovery bill.
Official support is invariably free, removing any financing barriers to getting assistance. 3. Leverage Their Expertise Fortunately, most organizations have limited direct experience with ransomware attacks and data theft/extortion.
In contrast, official bodies have extensive skills in this area. Take advantage of the expertise of law enforcement specialists who have likely seen and supported victims through a wide range of incidents. Are Incident Response Services Redundant? With specialist support available from law enforcement and official bodies, you may be wondering if specialist incident response services are no longer required.
Public and private sector bodies are complementary elements of an effective incident response program. Often, law enforcement agencies will provide advice on what you need to do, while incident response specialists will take the required actions on your behalf. Specialist incident response providers can also assist in areas beyond the immediate neutralization of the attack, such as root cause analysis, to identify how the adversaries compromised your organization.
They can also provide support with external communications and global data breach notification requirements. I recommend including both a specialist incident response provider and official bodies in your response plan. As the saying goes, "more hands make light work," so be sure to take advantage of all of the available expertise.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?.
