While it might be an intimidating prospect for MSPs to engage with the FBI in the wake of a major cyberattack, the bureau wants to change that, the head of the FBI’s Dallas Cyber Task Force said Tuesday.
FBI cyber agents want to build a strong relationship with the MSPs in their local area so that, in the event of a ransomware attack or other serious breach, the service providers aren’t afraid to contact the bureau, Supervisory Special Agent Richard Murray said during a keynote at XChange Security 2023.
The conference is hosted by CRN parent The Channel Company and is being held this week in Dallas, where Murray is one of two FBI cyber supervisors.
For IT service providers, the ideal is to “be on a first-name basis with your FBI cyber supervisor in your area, in your city,” Murray told an audience of MSP executives at the event.
[Related: Hacker: SMBs Are Increasingly The ‘Jumping-Off Point’ In Cyberattacks]ADVERTISEMENT
Ultimately, regional FBI cyber teams are looking to operate “in a very collaborative manner,” he said. “We will come in as a partner.”
In response to an audience member’s question, Murray pledged that FBI agents will not slow down an MSP’s ability to get their customer back up and running after an attack.
“You do not need to worry about us coming in and taking digital evidence, disrupting operations,” he said.
Crucially, the FBI wants to prove it has direct value to bring to MSPs and their clients, including through supplying cyber threat intelligence via a monthly email, Murray said.
“Our partners, every month, get an email from us that has cyber threat intelligence and our contact information — my cell phone and the other supervisor’s cell phone,” he said. “We are looking to have that seat at the table … as early as possible in a threat response and incident response.”
MSP Perspectives
After hearing Murray’s comments, the idea of engaging with the FBI in the wake of a cyberattack is now “not as scary,” said Dawn Sizer, CEO of 3rd Element Consulting, a Mechanicsburg, Pa.-based MSP.
“Having somebody come in from the FBI, to demystify what that process looks like, makes the process itself a lot less stressful and intimidating,” Sizer told CRN.
John Jackson, founder and CEO of Portland, Ore.-based Bytagig, said it’s helpful to hear that the FBI is “there to be a resource, and not a hindrance” after a cyberattack.
Prior to hearing Murray’s remarks, “I didn’t know that the FBI recommended connecting with the local [cyber] supervisor,” he said. “My hope is that we can get a good relationship with them.”
In addition to knowing who to call in the event of an attack, having a close relationship with the local FBI cyber supervisor could also be seen as a positive by clients, according to Jackson.
“I think that produces a lot of legitimization of our services,” he said.
Jackson said he can envision telling clients, “‘we’re going to have a chat with this supervisor, and talk about what they’re seeing in the world of cybercrime, and help bring more awareness to our customer base.’”
‘Very Transparent’
During the keynote session, Murray emphasized that the FBI relies on victims for the information it needs to disrupt cybercriminal activities.
After the 2021 Kaseya ransomware attack, which impacted numerous MSPs and their clients, Murray said his team took part in the investigation that led to the arrest and extradition of a member of REvil, the ransomware gang behind the attack.
“In any type of case like this, that means that there are victims who are willing to talk to us — partners who are willing to share intelligence with us — to be able to put a case together like that,” he said.
For MSPs, the best approach is to “focus in on those individuals who are working in your area, get to know them,” Murray said. “I think you will find that we’re very transparent and capable of working in this space.”LEARN MORE: Cybersecurity | Current Threats
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security. He can be reached at [email protected].
RELATED CONTENT
Kaseya Ransomware Victim Speaks Out: From ‘The Abyss’ To Recovery With Aid From MSP CommunityWhat Counts As ‘Correct’ Data Is A Huge Generative AI ‘Dilemma:’ ExpertForcepoint To Sell Government Unit To TPG, Creating ‘Leader’ In Zero Trust SecurityNew MOVEit Transfer Vulnerabilities Include ‘Critical’ FlawCiena Says ‘Limited’ Data Impacted In MOVEit Attack TO TOPADVERTISEMENT