FBI: Companies Need to Report Cyber AttacksBy Scott Ferguson | Posted 2006-10-24 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
An assistant director of the FBI's New York City bureau tells IT security professionals that more needs to be done to report hacking and other cyber-crimes.
NEW YORKCompanies should do more to report cyber-crimes such as hacking and phishing to help federal authorities investigate and ensure that additional data isn't compromised beyond initial attacks, a high-ranking FBI official said.
"A huge issue for us is the underreporting of successful or almost successful hacking," Special Agent Mark Mershin, the assistant director-in-charge of the FBI's New York City Office, told a crowd gathered here at the Infosecurity Conference and Exhibition on Oct. 24.
A 30-year FBI veteran, Mershin was appointed to his current position at the bureau's largest field office in May 2005. The expert spoke for a little more than an hour in a keynote address about the three most important issues facing the agency each day: counterterrorism, counterintelligence and cyber-crimes.
After talking to the audience about the FBI's mission and expanding duties, Mershin turned to the agency's role in preventing and investigating cyber-crimes, especially those that target enterprises and other businesses.
Each month, the FBI's Internet Crimes Complaint Center receives about 18,000 complaints about some sort of cyber-crime.
Some of the most consistent problems the bureau has seen in the last few years is the number of fraudulent Web sites that have been set up to look like legitimate sites for charities, especially those involving the Asian tsunami and Hurricane Katrina, he said.
The omnipresent Nigerian identity theft scam also remains one of the most successful of all cyber-crimes, much to the frustration of the FBI, Mershin said.
However, the agency is troubled by a pattern of behavior among corporations and businesses who are not consistently reporting when their infrastructure has been hacked, or even when their companies have become the unsuccessful target of hackers and other cyber-crooks.
Most companies, Mershin said, worry about the bottom line and feel any publicity or investigation into a cyber-crime will hurt profits.
"There is a concern that adverse publicity, the loss of good will and income" will have a bigger impact on the company than the actual crime, Mershin said.
Read the full story on eWEEK.com: FBI: Companies Need to Report Cyber Attacks.