SubscribeLeveraging Security Intelligence to fight e-Crime
Posted: April 7, 2010 at 8:29 am | by Joe Gottlieb
Last month’s e-Crime Congress 2010 event in London (http://www.e-crimecongress.org/ecrime2010/) demonstrated the closing but as yet still open gap between the enterprises that suffer cyber-crime and the law enforcement agencies attempting to help them. The event was well attended by end users, security vendors and law enforcement agencies from numerous countries, and all attendees seemed to be taking the topic at hand quite seriously. However, I did not see much evidence of end users increasing their likelihood of engaging law enforcement in the event of a breach, for fear of increasing the likelihood that the breach might become public knowledge and taint their brand. There are indeed challenges in applying business confidentiality practices to all participants in a cyber-crime investigation.
In my plenary presentation, I described the need for enterprise security practitioners to develop, maintain and utilize Security Intelligence to combat sophisticated cyber-crime threats targeting their organizations. I also suggested that the future of cyber-crime fighting will probably involve the timely and confidential transfer of Security Intelligence from the victim to law enforcement. Just as “CONFIDENTIAL” documents often remind us when to keep our lips sealed in inter-enterprise business engagements, perhaps confidential security intelligence transfers can catalyze the confidential operational practices needed to earn the trust of end users?