Despite their best efforts, corporations, law firms and businesses continue to fall prey to computer hackers.
Since 2005, there have been 1,651 documented instances of cyber attacks against the private sector, which resulted in nearly 500 million security breaches, according to Edward Stroz, CBA ’79, founder and co-president of Stroz Friedberg, a computer forensics and investigations firm.
“Obviously, this is not good news, but it does go a long way in showing anybody can get hit,” he said at Fordham’s second International Conference on Cyber Security (ICCS). “The number of recent attacks has been a real eye-opener for the public and private sectors.”
Addressing government employees and federal law enforcement officials, Stroz explained how most businesses respond to cyber attacks. His goal was to instruct the government investigators on how to work with private companies when investigating cyber attacks.
An open line of communication, he said, goes a long way in determining how—and why—an attack occurred.
“Today, there is an increased coalescing of information between the government and the private sector,” said Stroz, a former special agent for the FBI. “This wasn’t the case 10 to 15 years ago.”
During his 30-minute presentation, “Incident Response Experiences in the Private Sector,” Stroz shared with his former colleagues a series of snapshots about investigating cyber attacks.
In addition to collaboration, he suggested federal investigators inquire if the reported incident is still active before taking investigative steps.
“Sometimes investigative steps might be contrary to investigative strategy,” he said. “Depending on the problem you’re up against, you might not want to shut down the operation. You may need an opportunity, for instance, to assess what the adversary is doing before you can take certain steps.”
Stroz, who created and supervised the FBI’s Computer Crime Squad in New York before founding Stroz Friedberg in 2000, also advocated for third-party investigations, in which his company specializes.
He pointed out several problems that federal investigators might encounter working with private companies, specifically searching seized computers that contain privileged communications or proprietary data.
“These are legitimate problems,” he said. “It complicates the FBI’s work. It complicates the victim’s situation. It complicates how you go about investigating.
“A computer is a single device that contains intermingled data belonging to different people having various separate rights and protections. Copyrights and permissions have to be honored separately.
“There’s protocol for executing the investigation. You cannot make mistakes in those areas.”
Stroz spoke on the second day of ICCS, which was co-sponsored by FBI and drew more than 350 representatives from government, law enforcement, the private sector and academia.