Since 1984 we all know that if something strange happens in the neighborhood, you can call the Ghostbusters. For non-parapsychic crimes you would probably call 911. But, the question remains: Who ya gonna call in the event of a cybercrime? It probably isn’t the police department.
A few years back, some of my bank account data was stolen. That resulted in criminals purchasing stuff online which I never ordered. Luckily, I was able to cancel all these orders. But, a crime was committed so I filed a report with the police. Rather, I tried to file a report with the police. I went to the local police station and described the crime. The officer on charge directed me to an online form with the words. “You seem to know more of this online stuff than I do, so it’s better you do it yourself.”
Without blaming this particular police officer, or even the police as a whole, it shows a general problem of cybercrime: It’s not a local crime. It’s international crime and local law enforcement lacks both the resources and jurisdiction to handle it.
In the US, every state has one or more agencies to deal with cybercrime. Finding them is the hard part (Thanks to Cybersecurity Ventures for this comprehensive link). But even then, they are probably going to kick the can down to the FBI. You can call the local field office of the FBI or report the crime online with the the Internet Crime Complaint Center (IC3) at www.IC3.gov. Not a 3-digit-line such as 911, but a straightforward way to report cyber crimes nevertheless.
In Europe, it’s very different. There is a page you can visit which – in theory – directs you to the form for reporting cybercrime for each European country. The reality is different. France and the UK direct you to the correct form immediately, and even display a telephone number to call. Germany directs you to a page with 16 federal police authorities. Even if you manage to search correctly, you will be directed to contact the local police … who will tell you nothing can be done.
Browsing through different other European countries shows a similarly mixed picture: some direct you to the correct form immediately, other links only lead to the police overview page of that country. These examples show that cybercrime still doesn’t get the attention it deserves, looking at how widespread it really is.
There are, of course, different reasons why there is no single point of contact in many countries for reporting cyber crimes.
First is a significant lack of resources. Cybercriminals are legion in number, well funded, and well equipped. Local law enforcement not only has budgeting issues for dealing with cybercrime, there is also a significant lack of people. There are simply not enough qualified cybersecurity professionals available for employment in law enforcement, an issue in fact shared with the entire cybersecurity industry.
Second there is the problem of the users of online technology, i.e. us. Most don’t think twice about security, which is like leaving your doors wide open. (read about the dangers of neglecting security here).
John Flory III, CEO of Harbor Networks, said with law enforcement completely overwhelmed, good planning is the best offense against criminals.
“It could take days before they even get back to you, You have to have a plan before you get hacked,” he suggested.”Secure legal counsel, designate an incident team and contract with an outside advisory firm. (Flory’s suggestions are outlined in this video.)
A more streamlined process for reporting cyber emergencies to the authorities is needed. But becoming more aware of the dangers of cybersecurity and taking appropriate measures can avert waking to an emptied bank account.