Partner with federal authorities to fight cyber risks: FBI officialReprints
SAN FRANCISCO — Perhaps the most effective step corporations can take to address cyber risks is warning their employees against clicking on unfamiliar links, an FBI official said Monday.
“Tell your clients there are those who have been the victim of a cyber intrusion and there are those who do not know they have been the victim of a cyber intrusion,” M.K. Palmore, assistant special agent in charge of the San Francisco FBI office, said during Business Insurance's 2015 Cyber Risk Summit.
Protective steps companies should take include following “a concrete plan to harden your system” and keeping that plan, policies and procedures up to date, he said.
“Follow established best procedures” by entities such as the National Institute of Standards and Technology and actively back up data. Companies also should have comprehensive business continuity plans, vulnerability testing, tabletop exercises and establish relationships with federal law enforcement before a cyber breach occurs, he said.
“You do not want your first interaction with the FBI to be your response to an internal breach,” Mr. Palmore said.
Questions that also should be asked in advance include: “Who comprises your incident response team? Who makes decisions about taking vital systems offline?”
“The importance of a public and private partnership cannot be overstated,” Mr. Palmore said. “The government is simply not in position to simply prevent the high number of cyber intrusion events we see. With collaboration and effective cooperation, we can begin to put a dent into this issue” and create a relatively secure environment.
“Right now, the enemy is more agile than we are,” he said. The enemy is smart, determined and conducts extensive due diligence “in a way nearly guaranteed to achieve their intended objective. They're all well sourced,” he said.
“We must make sure the costs associated with their acts” outweigh the benefits “and until then, we must continue to prepare,” Mr. Palmore said.