HTCIA members will likely remember the survey we sent out last month, in which we asked their feedback on a variety of subjects ranging from their experience level to their training and equipment quality. We got a decent response for such a short period of time (we promise it will be open longer next year!) — 14% — and while the executive summary was one of our handouts at Techno Security, you can find the full report downloadable at http://www.htcia.org.
Survey key findings
Presently, those who investigate cyber crimes do a little of everything: traditional investigation, digital forensics, public education, etc. Instead, investigators would like to see people dedicated to each task, to ensure more effective evidence handling.
It’s not more investigators who are needed – it’s more trained personnel across an entire organization. Training employees on how to recognize and properly handle digital evidence means that investigators will be able to focus on their specialized tasks.
The bulk of cyber crime investigation training comes from organizations’ budgets, not from government grants.
While some agencies and companies have policies, strategy and reporting in place, many do not; furthermore, those that exist are not uniform.
Collaboration happens to a great extent among federal, state and local law enforcement agencies, but much less frequently between law enforcement and corporate investigators.
Other major findings in the report include marked increases in criminal use of digital technology; the fact that all types of fraud was most likely to be investigated across law enforcement and corporate domains; and that, while a greater quantity of affordable training is needed, the quality of both investigative equipment and training were rated adequate by respondents.
We actually timed the report’s release not just for Techno, but also for the President’s National Security Strategy. That report calls for cyber security literacy, better mechanisms for data preservation, protection and privacy; and improved network defense and incident response, but it doesn’t focus on any particular area(s) for those improvements.
Our hope is that this report provides that focus. Cyber crimes are difficult for many people to understand, but as investigators, the HTCIA membership is in the best position to know what is needed and why. The next step is to help laypeople understand, whether through the White House’s own “disaster mitigation” analogy or through other descriptions. This report is intended to start that process.