3.7 Data breaches and network intrusions - Recommendations
- If law enforcement is to successfully investigate these attacks, it must invest in the appropriate training, particularly forensic expertise, and capability to do so. Developing a more professional capability to act in this area will also increase the confidence of industry partners.
- To redress the lack of reporting in this area law enforcement should seek to build trusting relationships with industry to encourage reporting of sensitive crimes with the confidence that they will be investigated tactfully and discretely. This should include information on failed attacks which will still add to the intelligence picture.
- Industry standards already exist for the storage and transmission of payment card data (PCI DSS). For other data however there is no such industry standard. The implementation of such standards within and across industry would act to protect consumer, client and customer data. Companies offering greater levels of security may also gain a competitive edge.