APWG Introduces New eCrime Incident Reporting

Written by Carl E. Reid on March 24, 2009

report1The Anti-Phishing Working Group (APWG)  is at the top of their game, where ecrime is concerned.  APWG is a consortium that tracks Internet fraud and scams. This organization  recently submitted a plan to automate submissions of phishing and other ecrime related incident reports. This plan is pending review by the Internet Engineering Task Force (IETF)

As reported in PC World by Jeremy Kirk , “The challenge facing law enforcement and security organizations is a lack of a coherent reporting system, said Peter Cassidy,  secretary general of the APWG. Until now, there was no standard way to file an e-crime report. That makes it hard to coordinate the vast amount of data that is collected on cybercrime, Cassidy said.”

Once the IETF approves this electronic reporting system, it may still be a while for a complete roll out of this ecrime reporting system.  In the meantime, the APWG has published an industry advisory, which provides guidelines for developing a company ecrime incident reporting process.  This can be immediately implemented.

Having well documented incident-reporting procedures ensures everyone in the company understands the various roles played in the reporting process. This minimizes confusion, delays, and errors in responding to a security breach caused by a phishing or other ecrime incident. Management will worry less over the public embarrassment or a tarnishing effect in company brand. More importantly, having an ecrime incident-reporting process expedites containment, recovery, and resolution.

As you prepare company ecrime reporting procedures, the APWG advisory provides detailed  recommendations in considering when and how to report an ecrime incident to:

  • Anti-phishing networks
  • Anti-virus and anti-malware organizations  (In cases where you discover malicious executables or scripts)
  • CERT organizations
  • Common Vulnerability and exploit (CVE) disclosure list administrators (in cases where you discover a vulnerability or “bug” in commercial software)
  • Customers
  • Law enforcement, e.g., through the Internet Crime Complaint Center
  • Regulatory compliance agencies
  • Software developers (in cases where you discover bugs in custom application software or webware developed exclusively for your organization)
  • Any individual or organization directly affected by the phishing attack, even if they do not fit into one of the other categories listed above.
  • The general public

About Carl E. Reid

Developing his career from the mail room to the board room, Carl E. Reid has achieved success by skillfully blending 40 years of technology and business intelligence experience with his passion for helping companies succeed. Carl is founder and CEO of NetTECH Systems Reid & Associates, Inc., an emerging technology consulting company located in the New York City area. One of his specialties is 15 years as a collaboration and email infrastructure consultant. He has implemented and supported Lotus Notes/Domino and other types of SMTP gateway/network configurations in small to large global companies up to 33,000 employees. Some of his clients have included IBM, Citi, JPMChase, Oxygen, LVMH - Moet Hennessy, MeadWestvaco, non-profits and professional organizations. Carl is a Savvy Business Owner, Public Speaker and Author. His articles have appeared in Network World, Computer Monthly magazines and hundreds of web sites. Combining business technology consulting with professional blogging, Carl specializes in advising clients how to best leverage the Internet as a tool for high impact visibility. Carl's speaking style combines humor with expertise, and his advice is always down-to-earth and practical. He personally publishes Library of Congress recognized newsletter blog, http://www.SavvyIntrapreneur.com and http://www.iTechSpeak.com. Carl wrote the original "Professional Blogger Job Description", being used as standard document within companies. As a business career coach, Carl teaches professionals how to run their career as a profitable business.
  • (required)
  • (required)