20+ years ago, before the Internet and Social Media, the conventional wisdom was that only 10% of businesses would report computer crime crimes. However since cyberintrusions against Sony, Target, and other high visibility companies are daily headline news, one would think the increase was much more than only 20%. But FBI Director James Comey commented in a recent speech at the “Georgetown University International Conference on Cyber Engagement”:
According to a recent study, about 20 percent of those in the private sector in the United States who had suffered computer intrusions, actually turned to law enforcement. That means 80 percent of the victims in this country are not talking to us. We have to get to a place where it becomes routine for there to be an exchange—an appropriate, lawful exchange of information between those victims and government. First and foremost because we need that information to figure out who’s behind the attack.
He also pointed out that “the nation-states like China, Russia, Iran, and North Korea, and multi-national cyber syndicates—we’ve seen a significant increase in the size and sophistication of those who are looking to steal information simply to sell it to the highest bidder.” And of the multi-national cyber syndicates Director Comey pointed out:
Terrorists have become highly proficient at using the Internet to sell their message and to recruit and plan for attacks. They’re quite literally buzzing in the pockets of people to try and make them followers all around the world. There’s no doubt that terrorists aspire to use the Internet to engage in computer intrusions to get to our systems for all kinds of bad reasons, but we don’t see them there yet. Because the logic of terrorism and the Internet is what it is, that’s a threat we constantly worry about.
Clearly all businesses are at risk since everything is plugged into the Internet, so reporting cyberintrusions is essential so the cybercriminals can be found!