How qualified is law enforcement to investigate today's cybercrimes? While many big-city police departments have all the necessary skills, those in smaller markets often do not, according to a panel of experts.
That's why companies that have been attacked must provide as much technical and forensic information as possible to authorities to help ensure that investigations lead to arrests and prosecutions.
In an audio interview with Information Security Media Group at the recent Fraud and Breach Prevention Summit in Toronto, four cybercrime experts review the skills law enforcement officers must have to effectively investigate evolving cyberattacks and offer tips on working with authorities.
"Because you're dealing in an area of technology that's changing weekly and daily almost, it's a challenge to stay ahead of the curve," says panelist Kenrick Bagnall, who works on the computer cybercrime intelligence services team at the Toronto Police Service.
Imran Ahmad, a Toronto-based attorney with the law firm Miller Thomson, says organizations conducting investigations of cyberattacks should "prepare the materials and the evidence in a way that would be helpful to law enforcement, because they may not necessarily have either the resources or the detailed technical know-how."
When it comes to investigating financial crimes, information sharing is even more critical, say panelists John Buzzard, a fraud expert at payments provider CO-OP Financial Services, and John Walp, managing director of forensics technology at consultancy KPMG.
While it's becoming more common for law enforcement officers to have some understanding of how financial transactions work, banking institutions and other financial services firms need to educate local authorities, they say.
"If you would have picked up a telephone in 2002 and called [local police] and said, 'Hi. I'd like to speak with somebody who specializes in financial crime,' you probably would have had some blank hold time on the telephone," Buzzard says. "Not quite so much now."
Buzzard says criminal investigations focused on identity theft also have helped get law enforcement up to speed about cybercrime and fraud, which often involves the compromise of personal financial data.
"Specifically around the financial-services space, there's a lot of learning about how the banking and payments systems work," Walp adds.
During this interview (see audio player below photo), the panel also discusses:
The FBI's focus on cybercrime; How law enforcement is working with the private sector to develop relationships in advance of a breach or incident; and Why companies should involve law enforcement in their tabletop incident response exercises.Bagnall, detective constable at the Toronto Police Service, formerly spent 20 years working in the IT industry, primarily within financial services.
Toronto-based attorney Ahmad serves on the Canadian Advanced Technologies Alliance's cybersecurity council and is a member of the executive committee of the Ontario Bar Association's privacy and access to information law section.
At CO-OP Financial Services, the largest credit union service organization in the U.S., Buzzard provides educational and directional fraud, risk and security information to institutions in the EFT/banking industry, and works with law enforcement agencies to share information about fraud trends.
Walp of KPMG formerly was the CISO of M&T Bank, where he was responsible for IT security, data protection and privacy strategies.