RSA 2010: Experts urge firms to speak up on data breaches

An industry panel at the 2010 RSA conference is urging firms to come clean when a data breach occurs.

The panel of justice officials, attorneys, security staff and standards groups all said that cooperation from victims was by far the most effective tool for successfully prosecuting cyber criminals.

US Department of Justice (DOJ) senior counsel Kimberley Kiefer Peretti said that her agency's recent prosecution of a massive data theft operation run by hacker Albert Gonzalez was credited largely to the help of retailers.

"In every case where we had a successful prosecution it was because of close collaboration with the victim," said Peretti.

Despite the importance of internal data to prosecutors, many companies are still hesitant to call in law enforcement after a breach. Peretti said that the amount of reports the DOJs receives over data breaches is believed to be a small fraction of all instances.

"There is always the fear law enforcement is going to rush in and disrupt the business, but I've never seen that happen," she said.

John Woods, a lawyer specialising in information security and internal investigation for law firm Hunton and Williams, said that there should be little to fear.

"There are some companies that do the 'head in the sand' approach, other companies do a lot of forensics, a lot of studying," he said.

"What we found is by giving information to law enforcement, we have found that it does not harm our companies' positions."