Unfortunately the decision to involve the police is not
trivial, and really depends on what outcome you are hoping for. If you just want the problem to go away,
involving law enforcement can get in the way of your recovery, as they will
want to collect forensically sound evidence, and the process of going to court
can and does take years. Even if you go
down this path, the likelihood of restitution is very low and it will cost a
fortune. So most businesses don't
bother.
If it were a physical crime, we automatically report it
as this is a necessary precondition to claiming on our insurance. There is also no stigma about being broken
into physically. But things are
different in the cyber world - there is no cyber-insurance to claim on, and
there definitely is a stigma about being hacked. This is even more reason for businesses to
fix it and move on without police involvement.
But if we look at this in a slightly different way, the
view changes. Instead of looking to law
enforcement to locate and prosecute the offenders, we can ask for their
assistance in collecting and storing any evidence we might need in the future,
and provide them with anonymised information that helps to build a profile of
the cyber-crime landscape.
Less protect and serve, and more coffee and collaboration.
Unless you are the bad guys, the police are not your
adversary, and they really can be good friends.
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
