Law Enforcement and Cybercrime

Stop! Thief!

Does your cyberattack incident response plan include notifying the police? This is an important step that many organizations dismiss, but should consider. Today we’ll address some of the common reasons that companies give for not involving law enforcement, and explore why it’s time for a second look.

Reason 1: I don’t know how

This is a common complaint. Though a data breach is certainly an emergency for your business, it doesn’t meet the standard of a 911 call. So, who to contact? This will depend on your jurisdiction, but it’s information that you can readily gather by calling your local police detachment or law enforcement service jurisdiction to enquire as to the procedure for reporting a cybercrime. Police services understand and recognize that cybercrime can be just as serious as a “traditional” crime, so even if they do not have a specific unit assigned to investigate, they will know who you should contact. Today – before a cyber incident occurs – call the police and be sure to record phone numbers, website links, etc. All of this valuable information can go into your cyber incident/breach response playbook so it’s there when you need it.

Also note that the procedure for reporting can vary depending on the jurisdiction and the nature of the cyber incident, so document or bookmark that information so it’s at hand if you need it. Some locations require reports over the phone, while others will require an online filing to gather information. Where online reporting forms exist, they can be used as a double-check to ensure that you’ve considered risk mitigation and data gathering/reporting procedures for the different areas mentioned on the filing.

Reason 2: It’s not worth the hassle

On the contrary, it is worthwhile and important to report any cybercrime to law enforcement. Many police services nowadays have highly-trained, sophisticated cybercrime investigation units. For example, in Ontario, the Ontario Provincial Police (OPP) have established a “Cyber Operations Centre” and a special twelve-person cybercrime team that comprises certified cybersecurity specialists. A report made to this team will be taken seriously, and will be understood by the trained investigators involved. Similarly, in the City of Toronto, the Toronto Police Services (TPS) also have established a “Computer Cyber Crime (C3) Section” of the force dedicated to investigating cybercrime. These and other regional investigative specialists maintain communications with other teams and jurisdictions around the world, so they can provide real insights and resources to complement your own internal staff and trusted cybersecurity service providers in reacting to a breach.

The police genuinely want you to report cyber incidents, just as you would report any other kind of crime against yourself or your company. An incident affecting your operation could reveal one piece of information that could be critical in shutting down entire rings of criminal enterprise or coordinated attacks.

In addition, police services actively work to assist in efforts to raise cyber awareness among the general public. They can act as a central point for gathering and cross-referencing local threat data. Then, by sharing anonymized information about the latest trends, types of attack, and types of vulnerabilities, they can help everyone defend themselves more effectively. Good corporate citizenship can help you and the wider online community stay cyber safe.

Reason 3: Privacy Concerns

Many companies fear reporting a cybercrime, with concern that the incident will go public. A breach can have a significant impact on liability exposure and brand reputation, but it’s important to remember that the police fully understand and respect the sensitivity of an incident, and take every measure to maintain confidentiality. The police focus on attribution when investigating cybercrime, not causality – in other words, they are more concerned about tracking down and punishing the cyber criminals, and will not publicize the case, or pass judgement on the IT controls that may have contributed to the crime itself. Further, in the event of a breach that you do ultimately report to the public, demonstrating that you reported the incident to your cyber investigation team as well as law enforcement demonstrates to your stakeholders that you took every measure possible to react responsibly to the incident, and employed every resource at your disposal to resolve the matter.

While privacy breach disclosures are mandatory in many jurisdictions (in Canada, for example, through federal PIPEDA legislation and some provincial regulations), today it is not generally mandatory to report cybercrime to law enforcement. Trends may be changing in this regard: Australia has recently introduced legislation that compels victims of cybercrime to come forward and make a police report, and other jurisdictions are watching with interest. In Canada, financial organizations are now being “encouraged” to report cyber crime to police, as outlined in a 2019 report to the Standing Committee on Public Safety and National Security (recommendation #6). Time will tell whether encouragement will evolve into requirement.

Reason 4: Time is of the Essence

Some executives and IT professionals are concerned that time spent dealing with the police could be better spent dealing with the incident directly. The police understand and appreciate this concern, and make every effort to streamline the information gathering process and avoid creating any kind of impediment in your own internal investigations. Usually the information they want to gather will be the same details that your own internal team or cybersecurity/breach consultants will need, so there’s little extra effort in involving law enforcement as well. The police realize that acting quickly in the face of a cyber breach is critical in reducing impact and tracking down those responsible.

Conclusion

The next time you are reviewing your incident response plan, consider putting law enforcement notification into your playbook. You could be helping yourself and the community in a time of crisis. Contact ISA today to learn more.

Additional Resources

RCMP Cybercrime Strategy: https://www.rcmp-grc.gc.ca/en/royal-canadian-mounted-police-cybercrime-strategy

OPP Opens Cyber Operations Centre : https://www.opp.ca/news/#/viewnews/5d924107ce153

Government of Canada: https://cyber.gc.ca/en/cyber-incidents and https://www.getcybersafe.gc.ca/cnt/rsrcs/rcvr-scm-en.aspx

Trends in Cybercrime Reporting to Law Enforcement. Report is a 2019 analysis of 2017 data, but still provides interesting insights: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/2019-r006/index-en.aspx

Related Articles

All Articles
Michelle Tam

Latest Cybersecurity News

ISA is committed to keeping the security community up to date with the latest cybersecurity news.  Update: Charges laid in Twitter hack Just two weeks

Read More »
All Articles
Michelle Tam

Latest Cybersecurity News

ISA is committed to keeping the security community up to date with the latest cybersecurity news.  Garmin hit by suspected ransomware attack Garmin, a global

Read More »

Cookie Notice
We use cookies to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted advertisements. If you continue to use this site, you consent to our use of cookies.

Technology Partners

Thanks for reaching out, we’d love to hear from you. Fill out the form below and we’ll get back.

Become an Infinity Partner

Thanks for reaching out, we’d love to hear from you. Fill out the form below and we’ll get back.