This document summarizes a presentation on trends in cyber crime and preparing for data breaches. It outlines that companies should develop a breach response plan to deal with incidents as all companies will experience a breach. It recommends contacting law enforcement within 72 hours of an incident and sharing threat information to help catch cyber criminals. It also discusses challenges around international jurisdiction and the need for a clear national standard for breach legislation in the US.

1. October 30, 2014
Don't be the next target

2. TO CATCH A CYBER CRIMINAL: TRENDS IN CYBER CRIME
Andreas Kaltsounis, Special Agent Defense Criminal Investigative Service Task Force Officer, Seattle FBI Cyber Task Force
Andrew Friedman, Assistant United States Attorney Western District of Washington
Craig Spiezle, CEO & Executive Director Online Trust Alliance
Timothy Wallach, Supervisory Special Agent, Cyber Task Force Federal Bureau of Investigation

3. Laws of Data
•Your company includes “covered information”
•You have regulatory requirement(s)
•You will have a data breach incident
•If you are unprepared it will cost you
•Direct expenses
•Remediation
•Brand
•Business Shock
© 2014 All rights reserved. Online Trust Alliance (OTA) Slide 3

4. Lack of a Breach Plan

5. So Who You Gonna Call?

6. Open Dialog
•Contacting Law Enforcement
•When, Who, Why, How
•Regulatory Requirements –
•State, FTC, FCC, SEC ….. & International
•Incidents vs Attempts
•The need for threat intel

7. Role of Law Enforcement
•What specific assistance can LE responders provide during or after an incident that adds value to an organization's incident response? What is outside the scope of LE?

8. Sharing Data & Results
•What should I share? - Attempts or only breaches
•What are the implications if a case is actually solved and prosecuted?
•Are cybercrime cases ever actually solved and prosecuted?
•What are the international jurisdictional issues? Do we need new laws?
•Can I get any remediation or recover any losses / damages?

9. Forensics – “Do Not Try This At Home”

10. Status of Federal Breach Legislation
•Two weeks ago President Obama stated, "Today, data breaches are handled by dozens of separate state laws, and it's time to have one clear national standard that brings certainty to businesses and keeps consumers safe."

11. Communications – Being Prepared

12. Summary
•Be prepared – develop your breach response plan.
•Develop, test and update your plans quarterly.
•Complete an audit of all systems, data stores and cloud providers.
•Include law enforcement in your incident response. Don't leave it until the emergency...it could result in unneeded delay.
•Develop a relationship with the appropriate Law Enforcement Agency in the next 72 hours!
•Validate your Boards “Risk Appetite”

13. Resources
•Data Breach Response Readiness Guide https://otalliance.org/breach
•FBI Cybercrime Resources http://www.fbi.gov/about-us/investigate/cyber/cyber
•FBI Cyber Task Force; Seattle.CTF@ic.fbi.gov; 206-622-0460
•InfraGard https://www.infragard.org/
•Internet Crime Complaint Center (IC3) http://www.ic3.gov/default.aspx
•U.S. Department of Defense http://www.defense.gov/home/features/2013/0713_cyberdomain/ http://www.dodig.mil/inv_dcis/pdfs/DCIS_CyberCrime.pdf

14. Contact Us
•Andreas Kaltsounis +1 206-913-4594 Andreas.Kaltsounis@DODIG.MIL
•Andrew Friedman Andrew.Friedman@usdoj.gov
•Craig Spiezle +1 425-455-7400 craigs@otalliance.org
•Timothy Wallach Timothy.Wallach@ic.fbi.gov