Early engagement with federal investigators can present strategic advantages that extend well beyond incident response. Many companies view involvement with the FBI as a burdensome necessity, akin to a root canal procedure that is only endured when absolutely unavoidable. However, FBI Deputy Assistant Director Jason Cromartie argues that this perspective is misguided. He emphasizes that establishing relationships with federal cyber investigators before a crisis occurs can transform incident response from mere damage control to a proactive gathering of strategic intelligence.
Maintaining open lines of communication with agencies such as the FBI may not be a top priority for companies when initially establishing or testing their cybersecurity practices. Nevertheless, given the critical role of private infrastructure, particularly in sectors like IT, fostering positive relationships with investigators long before a cyber breach happens can yield significant benefits in the future. Cromartie stressed the importance of liaising and building networks with the FBI before an attack takes place, enabling a swifter and more effective response. In the realm of crisis response, he underlines the value of establishing relationships well in advance of a crisis unfolding.
The FBI’s Internet Crime Complaint Center (IC3) recorded over 260,000 cyber threat complaints in 2024, with nearly 5,000 incidents impacting organizations in critical infrastructure sectors and total losses exceeding $16 billion. Cromartie highlights the significance of early engagement with his agency, ideally before any incidents occur. He addresses concerns some companies may have about triggering SEC-mandated disclosures by consulting with law enforcement, referencing guidance from the SEC that indicates cooperation with law enforcement does not automatically initiate these reporting obligations.
Engaging with the FBI not only does not trigger immediate reporting to the SEC but can also position companies favorably with regulatory bodies. Cromartie mentions that if victims request it, the FBI can confirm cooperation with regulators and state attorneys general. Such cooperation can be considered a mitigating factor when enforcement actions are being considered. Recent SEC cybersecurity enforcement cases demonstrate the potential benefits of cooperation, with penalties being reduced for companies that demonstrated cooperation and efforts towards remediation post-breach.
The FBI’s cybersecurity approach focuses on intelligence sharing that benefits entire industry sectors, fostering collective defense networks. By sharing timely and relevant intelligence with the FBI, companies contribute to the accumulation of data that aids in identifying attack patterns, tracking threat actors across industries, and developing countermeasures to safeguard broader business ecosystems. Early reporters gain access to threat intelligence concerning emerging attack vectors before these threats impact their competitors, providing a strategic advantage in the cybersecurity landscape.
Key Takeaways:
– Establishing early relationships with the FBI can transform incident response into strategic intelligence gathering.
– Cooperation with law enforcement, such as the FBI, can be a strategic asset in mitigating cyber risks and potential regulatory repercussions.
– Sharing intelligence with the FBI contributes to collective defense networks and provides insights into emerging cyber threats.
Rather than approaching the issue of shadow IT with rebellion, Cromartie suggests treating it as a roadmap for technological advancements within an organization. Understanding the nature and rationale behind shadow IT is crucial before formulating a comprehensive risk assessment strategy. While the FBI does not endorse paying ransoms to adversaries, Cromartie acknowledges the complex decisions that organizations face and emphasizes the importance of thorough risk assessment to guide decision-making processes.
The FBI’s stance against ransom payments is clear, with Cromartie highlighting the risks associated with such actions. Ransom payments do not guarantee data decryption or deletion, instead, they can incentivize cyber actors to conduct further malicious activities. The evolving landscape of ransomware attacks, including data exfiltration and non-encryption strategies, adds layers of complexity to the decision-making process for organizations. Cromartie underlines the pressures that cybercriminals exert, such as harassing communications and threats, to prompt quicker ransom payments.
The interconnected nature of infrastructure sectors necessitates comprehensive vendor risk assessments that extend beyond traditional due diligence practices. Compliance teams should focus on tracing attack paths through vendor networks, third-party integrations, and industry partnerships to bolster their cybersecurity posture. Cromartie advocates for the development of organizational incident response plans that prioritize continuity of operations and rapid execution during crises. Practicing these response plans is crucial for ensuring effective crisis management while meeting regulatory requirements.
In addition to strategic planning, Cromartie outlines actionable steps that compliance teams can take to enhance their cyber risk mitigation efforts. These steps include building and scaling third-party risk management programs, ensuring the comprehensive documentation of risk management processes, and staying abreast of cybersecurity regulations and frameworks to adapt to evolving threats.
By collaborating strategically with the FBI and adopting proactive cybersecurity measures, organizations can navigate the complex cyber risk landscape with resilience and agility, positioning themselves for long-term success in an increasingly digital world.
Key Takeaways:
– Viewing shadow IT as a technological roadmap can guide organizations towards effective risk assessment strategies.
– Comprehensive vendor risk assessments and proactive incident response planning are essential components of a robust cybersecurity posture.
Tags: regulatory
Read more on corporatecomplianceinsights.com