RSA 2010: Companies urged to speak up on data breaches

Co-operation is the most effective tool in prosecuting cyber criminals, delegates were told

An industry panel at the RSA 2010 conference has urged companies to come clean when a data breach occurs.

The panel of justice officials, attorneys, security staff and standards groups all said that co-operation is by far the most effective tool in successfully prosecuting cyber criminals.

Kimberley Kiefer Peretti, senior counsel at the US Department of Justice (DoJ), explained that her agency's recent prosecution of hacker Albert Gonzalez after a major data theft was down largely to the help of retailers.

"In every case where we had a successful prosecution it was because of close collaboration with the victim," she said.

However, despite the importance of internal data to prosecutors, many companies still hesitate to call in law enforcement after a breach.

Peretti said that the number of reports the DoJ receives about data breaches is believed to be only a small fraction of all instances.

"There is always the fear that law enforcement is going to rush in and disrupt the business, but I've never seen that happen," she said.

John Woods, a lawyer at Hunton & Williams specialising in information security and internal investigations, insisted that there should be little to fear.

"There are some companies that do the 'head in the sand' approach, while others do a lot of forensics, a lot of studying," he said. "What we found is that giving information to law enforcement does not harm our companies' positions."