James C. Trainor, assistant director of the FBI Cyber Division, took questions from Hardware Retailing on how small businesses can prevent cybercrime and work with law enforcement to investigate cybercrimes.
Hardware Retailing (HR): Why are cybercrimes increasingly important for the FBI to investigate?
James Trainor (JT): Cybercrime is one of the fastest growing threats worldwide. Unlike most criminal threats, cyber crimes have no borders and with the increasing cultural reliance on technology, it’s more important than ever for the FBI to be investigating these crimes and identifying, pursuing, and defeating our cyber adversaries.
HR: What do you recommend that a small business do when a breach to payment card systems, emails or other internal computer systems is suspected?
JT: Immediately contact your local FBI field office to report the breach and request assistance. FBI field office locations and contact information can be found on the FBI’s website at www.fbi.gov/contact-us/field. We also recommend reporting cyber incidents to the Internet Crime Complaint Center.
HR: When a business owner suspects a cyber crime against his or her store, how important is it for him or her to react quickly?
JT: It is extremely important for a business owner to react quickly. If a threat is detected early (meaning after exploitation but prior to privilege escalation and lateral movement), damage to data and systems can be controlled more effectively.
HR: What steps for response, recovery and future prevention can a business with limited resources take, once a cybercrime has been committed against it?
JT: Whether your company is large or small, the steps for response, recovery, and future prevention are the same. Contact your local law enforcement or FBI field office to open an investigation and provide them whatever information they need to identify, pursue, and defeat your cyber attacker. For future prevention, secure your network architecture and activity, as well as your users, by using firewalls, using patching tools and processes to keep applications and operating systems up to date, use multi-factor authentication, enforce periodic password changes, use encrypted protocols for management connections, and regularly back up and store system logs.
HR: Do you have recommended steps for handling cybercrimes?
JT: Notify local media that customers should watch for fraudulent activity on their credit cards if they shopped at a business during a specific timeframe. Let your security team know. Notify other potential victims. Make note of the time and date. Contact your local law enforcement or FBI field office.
HR: Are there types of businesses that are more susceptible to computer intrusions than others?
JT: While certain types of businesses, like retail stores that handle a lot of money, are certainly frequent targets, small business are often more susceptible to computer intrusions than others, as cyber adversaries assume that, due to limited resources, a small business isn’t always taking the same preventative measures and precautions that a larger business would.
HR: Should an independent business owner always first report a cybercrime to local law enforcement, before contacting the FBI?
JT: It depends on the magnitude of the suspected breech and the kind of information you believe has been compromised. However, regardless of the type or size of the attack, you should always contact law enforcement as soon as you discover the breach.
HR: How can a business owner find out what information was compromised and how to fix the problem if a cybercrime has occurred?
JT: Look for indicators of a compromise or attack such as corrupted files, unknown system access attempts or unauthorized hardware or software modifications. Immediately let you security team know, notify other potential victims, note the time and date, and contact law enforcement. Subject matter experts from law enforcement and/or a cyber security mitigation firm can confirm the compromise or attack with a digital forensic analysis and will be able to provide information on what was compromised and how to fix the problem.
HR: How can a business owner both work with the FBI to help with an investigation but also rapidly resolve resulting dangers?
JT: A business owner can assist the FBI in their investigation by providing accurate information about the attack in a timely manner. By participating in information sharing, a business owner helps resolve resulting dangers such as identity theft, as the more information the FBI has, the easier it will be to identify the attackers and recover any lost or stolen data.
HR: What is the best way to defend against having another breach happen, once one has occurred?
Once an attack has occurred, the best way to defend against another breach is to secure your network. Segregate your enterprise networks and functions. Use firewalls and implement automated patching tools and processes to keep applications and operating system software up to date. Restrict and monitor the access to your networks and use multi-factor authentication for all users. Standardize encryption measures for both data-at-rest and data-in-transit and regularly back up and store system logs in a centralized location.
HR: If a computer system has been compromised already, is it more at risk for another hacking?
A previously compromised computer system is no more at risk for additional hacking than an uncompromised system. Whether your system has been compromised or not, you should always be securing your network architecture, your users and your network activity in an effort to prevent any future attacks.