Last week, Deputy Attorney General Rosenstein delivered his remarks at the 2017 North American International Cyber Summit. He addressed the current scope of the cybersecurity threat and the benefits to all public-private partnerships.
No matter the industry, and whether public or private, companies and organizations need to protect their infrastructure against cyber threats, says Rosenstein. A successful breach could bring economic loss, bankruptcy and even the loss of human life.
The Deputy Attorney General cited a recent report that estimated global annual cybercrime will double from $3 trillion in 2015 to $6 trillion in 2021. He also shared FBI estimates that ransomware infects more than 100,000 computers a day around the world.
No longer are these attacks “unsophisticated and haphazard attempts by novice hackers to gain a few hundred dollars.” Today, it’s much more serious, originating from sophisticated individuals, criminal enterprises, and even nation-states.
Ransomware is not the only form of cyber-attack. Cybercriminals are also targeting infrastructure, like dams and grids, and digital infrastructures, like cameras and digital video recorders. One day in the future, they may target driverless cars as well.
Rosenstein acknowledged that while every business is responsible for its own cybersecurity, “unilateral action” alone is not enough. Because global cyber threats are growing, public-private partnerships are critical.
While law enforcement is available at any point of a cyber-incident, Rosenstein asserted the safeguarding work must begin well before.
“The first step in safeguarding against cyber-attacks is a good defense, and the best time to formulate your response is before the incident occurs.”
For more information, the Deputy Attorney General recommended two pieces by the Department of Justice: “How to Protect Your Networks from Ransomware” and “Best Practices for Victim Response and Reporting of Cyber Incidents.”
Rosenstein urged businesses and organizations to report cyber-attacks as soon as possible.
“Your actions, together with law enforcement’s help, could disrupt and deter those who would launch the next attack. A collaborative approach will be more effective than merely trying to avoid becoming the next victim.”
The Deputy Attorney General also touched on the matter of encryption. He acknowledged that while it can help secure data, it may also prevent law enforcement from protecting the data. He supports encryption that’s “strong,” yet “responsible.”
“I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so.”
Rosenstein ended his remarks by again encouraging private-public partnerships and the benefits to all in the fight against growing cyber-attacks.
For best practices on cybersecurity for counsel, don’t miss our latest white paper: “Best Practices for Counsel Serious About Cybersecurity”.