There are great sighs of relief among cyber criminals because the systems in use in organisations are not up to date, neither is the level of competence in the cyber security of users. Picture a realistic scene where a cybercriminal successfully secures access to the system of an organisation enabling access to sensitive and critical business information. The cybercriminal has full peace of mind, safe in the knowledge that it will take time before he or she is detected and when or if even detected, any harm would already have occurred. The question would arise as to how it could have been prevented and whether it should be reported to the police or not.
How many organisations are aware of how to actively combat cyber threats? Or how to report a crime and investigate cybercrime? And who or what benefits from the reporting a crime at all?
Best practices for clarity and use
The CYBERDI project, a joint project between the Jyväskylä University of Applied Sciences (JAMK) and the Police University College of Finland (POLAMK), develops best practices for co–operation between organisations and the police in their efforts to prevent cybercrime. The objective is for organisations to work together to provide them with state-of-the-art policies and the correct tools to deal with threats, as well as information on how to act if an external breach is detected in the system – what to focus on when any harm occurs and how to successfully investigate it. It is also important for organisations to know how to carefully store any available information to secure a successful investigation of a potential cybercrime. The integrity of evidence (such as log information) and the successful storing of it, is of high importance as it provides the police with the best possible starting point to investigate any suspected cybercrime.
Why are cybercrimes not generally reported?
It is quite possible that organisations do not detect, identify or understand that an attack is taking place or has already occurred. It could be that the organisation is fearful of gaining a negative image, disrupting its business or being seen to be leaking confidential business information. Organisations could, in some circumstances, decide to delay reporting a system attack. In some cases, reporting a crime report may be viewed more detrimental than beneficial.
There is a desire to bring clarity to the interaction between police and organisations in investigations of cybercrimes. We wish to make it clear how the police conduct these types of criminal investigations, what information the police require from victims of cybercrimes, the roles of the parties in such criminal investigations, as well as what kind of action speeds up and facilitates any such criminal investigation.
The reality is that the police do have the desire and resources to investigate cybercrimes. There are methods available to lower the reporting threshold. The most important of these is seen as greater transparency and the opening up of processes. In addition, the communication language must be a jointly understood language. It is important to note that the reporting of cybercrimes also benefit other companies. Crimes are to be learned from and the tools used continuously analysed enabling the existing threat landscape to be better understood.
The objective is to protect critical assets of organisations and to actively prevent cyber attacks
Fighting cybercrime is a proactive job that does not rely on waiting for an attack. Our specialists help organisations implement methods and tools to detect, identify and analyse attacks. We gather information on the most appropriate technologies for the task and provide practical examples of how to use these methods and tools. We utilise artificial intelligence, machine learning, data analytics and other disciplines in our cybercrime development.
Together with the relevant authorities, we strive to provide organisations with the specific tools to best protect their operations and critical assets. The Prepare – Hunt – Respond (PHR) model enables the organisation to prepare for cyber-attacks and obtain concrete examples of how to ensure continuity of operations.
Take part in the debate and fight against cybercrime. Click here for the PHR model.
Blog post in finnish at CYBERDI-project blog.
Kirsi Heiskanen Project Specialist Institute of Information Technology, JAMK University of Applied Sciences |