Op-Ed by Portland Special Agent in Charge Kieran L. Ramsey: Cyber Risk is Business Risk
This op-ed was published in the Portland Business Journal.
Cyber risk is business risk.
That’s the mantra the FBI has recently emphasized to our partners. It is this very real risk that drives us to ask businesses to partner with us and share information and report cyber breaches. While we understand the meaningful concerns a business might have when disclosing a breach and working with law enforcement, the cyber risk is only compounded exponentially by not partnering with us from the outset.
The upsides of partnership with the FBI when a cyber breach is discovered are many—and why more and more companies are accepting our invitation for a seat at the table:
It’s the information sharing and resources.
It’s why more than 600 of the Fortune-1000 companies are a part of our Domestic Security Alliance Council—a partnership with the FBI to share, in part, cyber best practices and updated guidance on cyber infrastructure, vulnerabilities, and emerging intrusion techniques. In fact, more than 70,000 professionals in the U.S. workforce can claim a relationship with the FBI through our InfraGuard program—all of whom are focused on protecting critical U.S. infrastructure, commodities, and private industry that Americans consume each day. For the FBI, your company’s cyber security is a priority, just like our national security.
We’re working to make the relationships between the FBI and the private sector intrinsic by strengthening them and sharing information. But we’re also helping companies across the U.S. who fall victim to cyber actors. Every year our teams cull through thousands of cyber reports and recover millions of dollars and massive amounts of data lost to cyber crime.
But the problem isn’t going away. Between 2019 and 2021, the number of ransomware complaints reported to the FBI increased by 82 percent. Many more businesses across the country fall victim to business email compromise schemes through phishing and email impersonation scams.
This is why the FBI has committed more and more resources to attacking the problem. In each of the FBI’s 56 field offices, including here in Portland, we’ve set up Cyber Task Forces—specializing in various cyber expertise to work with you to go after cyber criminals. The FBI has also established the RAT team (Recovery Asset Team) which has developed partnerships with nearly all the top 50 U.S. banks, including all of the top ten. No doubt you’ve seen some of our RAT team successes in the news, recovering huge sums of money paid out as ransom.
But if you don’t report victimization, we won’t know.
That’s a problem for two reasons: First, we can’t help you recover assets and data without knowing you’ve lost it. But second, we can’t warn others who might be victimized by the same attack or bad actor. The quicker you report it to us, the faster we can spring into action in several ways—by connecting the attack to other similar attacks, by providing you with technical information and support to stop the attack, by helping you recover data and assets, and by warning others.
The FBI encourages business to report victimization, and the FBI is ready to help you navigate that process. But, my pitch to you today is to take the proactive step of becoming a partner before a cyber intrusion. We provide world-class capabilities, international reach, and information about ongoing vulnerabilities and cyber intrusions. And if your company does become the victim of an attack, we’re ready to serve as a force multiplier for you to augment information security and incident response.
My ask of you is this: First, make sure you have a formal cyber incident response plan for your company—and that the plan is battled tested again and again. Second, if you are a business leader or cyber professional, get to know the FBI. Feel free to give us a call and let’s see what resources and support we can provide to you. Finally, in your response plan, make sure we’re on your list of people to call. We can be at your doorstep within an hour with whatever help and resources you need.
Remember, while a cyber breach may be new to you—it is not new to the FBI—and we want to work with you to mitigate the threat. Working together as partners, we can protect your company and our nation’s critical infrastructure.
— Kieran L. Ramsey, special agent in charge of the FBI Portland Field Office