One of the things helping cybercriminals is that organizations that have been hit don’t often go to law enforcement. FBI director Robert Mueller acknowledged as much in a recent speech at last month’s RSA Conference when he said that disclosing breaches to the FBI is the exception and not the rule today.The problem according to acting deputy assistant director for the FBI’s Cyber Division Jeffrey Troy is that it helps the attackers if companies aren’t disclosing breaches to the FBI or law enforcement. “We are most concerned with gathering that information and sharing it with everyone else [affected] so we can harden the systems,” Troy says. “If you are not telling us you have been penetrated … that [may be] another attack vector we can’t protect everyone else from.
Thanks to Michael Zweiback for this.