Big firms are advised to investigate cross-border hacking internally, before calling in the police
Firms need more staff with computer forensic skills and should lobby suppliers for safer products, according to speakers at last week’s E-Crime Congress in London.
At the event, which was hosted by the UK’s National Hi-Tech Crime Unit (NHTCU), Alan Paller of the Sans Institute said that instead of focusing on user education, firms would do better to pressure manufacturers to make more secure products.
“Fundamentally the answer is [IT buyers] can’t protect themselves,” Paller argued. “One of the great errors has been to blame the user, but safer software is how we solve the problem.”
Simon Janes of data recovery vendor Ibas, and former head of Scotland Yard’s Computer Crime Unit, said that big companies need to develop more expertise in computer forensics. “There has been a big increase in [large] companies conducting internal investigations, and as long as they do it to evidential standards, it’s [better] for the police,” he added.
Janes added that firms with a better knowledge of forensics could help with law enforcement. Rather than the police coordinating investigations across jurisdictional boundaries, “it’s far easier to fly your people off to multiple international sites, collect the evidence and then present it”, he explained.
Janes warned that currently many IT managers do not know what to do when their systems are attacked, even though advice is available from private forensic firms and the NHTCU.
Firms need more staff with computer forensic skills and should lobby suppliers for safer products, according to speakers at last week’s E-Crime Congress in London.
At the event, which was hosted by the UK’s National Hi-Tech Crime Unit (NHTCU), Alan Paller of the Sans Institute said that instead of focusing on user education, firms would do better to pressure manufacturers to make more secure products.
“Fundamentally the answer is [IT buyers] can’t protect themselves,” Paller argued. “One of the great errors has been to blame the user, but safer software is how we solve the problem.”
Simon Janes of data recovery vendor Ibas, and former head of Scotland Yard’s Computer Crime Unit, said that big companies need to develop more expertise in computer forensics. “There has been a big increase in [large] companies conducting internal investigations, and as long as they do it to evidential standards, it’s [better] for the police,” he added.
Janes added that firms with a better knowledge of forensics could help with law enforcement. Rather than the police coordinating investigations across jurisdictional boundaries, “it’s far easier to fly your people off to multiple international sites, collect the evidence and then present it”, he explained.
Janes warned that currently many IT managers do not know what to do when their systems are attacked, even though advice is available from private forensic firms and the NHTCU.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: