Threat actors are able to continue to use their same methods to victimize other organizations when entities choose to keep quiet about a cyber incident, warned the assistant director of the FBI’s cyber division.
“When organizations report, our response to the incident allows us to collect information so we can find those responsible, work with our domestic and international partners to disrupt the activity and hold them accountable,” said the FBI’s Bryan Vorndran during SC Media’s Finance eConference on Dec. 15. “And equally important, so we can share that information to warn others.”
Vorndran shared that the federal government is aware of less than 25% of all computer intrusions in the U.S. While the number of ransomware incidents increased by 20% in 2020, ransoms paid by organizations rose by 225% that same year, he continued, while the most recent data for 2021 shows another 20% increase in reported ransoms paid.
Regarding legislation that would require organizations to notify the government of a breach incident, Vorndran said the FBI strongly supports notification in certain incidents, including ransomware attacks and in instances affecting critical infrastructure. As is often the case, timely notification is important in responding and recovering, he said.
“The FBI has invested enormously in being able to put a live, technically trained agent on victims' doorsteps in hours or less nationwide, but we can only move as fast as we learn about the breach,” Vorndran said.