At the National Association of Corporate Directors Global Board Leaders Summit on Monday, Federal Bureau of Investigations (FBI) Director Christopher Wray stressed that the FBI and corporate executives must work together to keep companies safe from cybercrime. Wray called on executives to report cyber incidents to the FBI as soon as possible, explaining that the FBI needed the info to have a clear understanding of the current threat landscape.
“Getting the FBI involved early allows us–and our Federal partners–to mitigate any ongoing damage to your networks and your data,” Wray said at the summit. “It helps us connect the intrusion on your systems to any larger threat streams, and give you the information you need to understand what happened. It helps mitigate any risk to your reputation from a delayed notification. And it helps us notify other potential victims.”
Wray acknowledged that executives may be afraid or worried about reporting cyber incidents to the FBI, but said those fears are unfounded.
“I know there’s sometimes a reluctance out there to turn to the Feds when you’ve been hacked,” he said. “But we’re not going to rush in wearing raid jackets and shut down your operations. In our eyes, you are–and you should be treated as–a victim. But time is of the essence in these cases. So, please, when you see indications of unauthorized access or malware on your systems, when an attack results in a significant loss of data or control of systems, when there’s a potential impact to national security, economic security, or public health and safety, or when an intrusion affects critical infrastructure, reach out to us.”
Wray said that impacted companies should contact their local FBI field office, explaining that every office has a private sector coordinator dedicated to engaging with companies. He also stressed the importance of building relationships between the FBI and private sector companies, saying it’s much easier to work together during a time of crisis when a baseline relationship has already been established.
“We want to be ahead of the threat; we want to prevent you from being victimized in the first place,” he said. “To do that, we’ve got to have a full understanding of what you’re seeing. We want to know what keeps you up at night. We’ve got to get to know each other, and the challenges we’re facing. We’ve got to build these relationships now. If a crisis does strike, it’s much easier to work together when we already have that baseline relationship–that initial sense of trust and understanding.”
The FBI wants to work with companies, Wray explained. But the agency can’t help companies stay protected unless they share threat information.
“We want to work with you, we want to help you,” Wray told executives. “But we can’t do anything to help if you don’t turn to us.”
