Surprised to find annual cybercrime damage spread somewhere between 300 million and 54 BILLION? So is the Director of National Intelligence. Today Brian Krebs of the Washington Post and Krebsonsecurity.com detailed a strong push for mandatory disclosure of cyber intrusion to include account hijacking and online identity theft:

  • A group tasked with devising strategies to deter cyber attacks is calling for mandatory public disclosure of fraud and hacking incidents by governments and organizations of all sizes, including banks.
  • The recommendations were a major thrust of a report issued earlier this month by the National Research Council, which was asked to examine the issue by the Office of the Director of National Intelligence. The 400-page document is actually well worth the time to read, or at least skim. The bulk of the paper addresses how solving the problems associated with cyber crime requires aligning incentives and liabilities so that those in the best position to fix the problems have an incentive to do so.
  1. Below the fold is the link to the 400 page study.
  2. Go see Brian’s post - the Cybercrime Corner got a shout-out for our research into FinCEN’s SAR Reporting.
  3. Jeff Debrosse details SARs and Malware in this month’s SC Magazine Ten Minutes On piece which is definitely worth reviewing.

Securing Our eCity Contributing Writer