When you buy through affiliate links in our content, we may earn a commission at no extra cost to you. Learn 
Many companies operate under the assumption that breaches or other security incidents are not a matter of if but when. Because of the increasing sophistication of cyber threats and the complex digital landscape, businesses understand the likelihood of experiencing a security incident at some point.
In 2023, there were a record 3,205 data breaches, a 78% increase from 2022, affecting over 353 million individuals.
According to former FBI special agent and cybersecurity expert Jason Hogg, executive in residence at private equity firm Great Hill Partners, this increase is attributed to more sophisticated cyberattacks and increased vulnerabilities through third-party providers.
As such, it’s critical that organizations immediately report breaches to regulatory bodies — at the very least to comply with legal requirements and protect consumers, Hogg says.
Techopedia sits down with Hogg to discuss how his FBI training has helped in his cybersecurity career, how companies should handle data breaches or other security incidents, how law enforcement and the private sector can work together, and more.
Key Takeaways
- In 2023, there were a record 3,205 data breaches, a 78% increase from 2022, affecting over 353 million individuals.
- Many companies now assume breaches are inevitable due to the sophistication of cyber threats and the complex digital landscape.
- Former FBI special agent Jason Hogg attributes this rise to more sophisticated attacks and increased vulnerabilities through third-party providers.
- Hogg emphasizes the importance of promptly reporting breaches to regulatory bodies to comply with legal requirements and protect consumers.
- The economic and privacy impacts of large-scale leaks are significant, leading to potential identity theft, financial fraud, and operational disruptions for businesses.
About Jason Hogg
Jason Hogg is a former FBI special agent and cybersecurity expert. For more than a decade, he was a senior lecturer and professor of innovation and technology at Cornell University’s Johnson School.
Hogg is the sole inventor of the Acima Ecosystem Platform, created to provide more financial freedom to the unbanked and underbanked through proprietary digital mobile and marketplace consumer solutions.
How FBI Training Led to Cybersecurity
Q: What specific skills and experiences from your time at the FBI have been most valuable in your cybersecurity career?
A: As a special agent with the FBI, I was very fortunate to get exposure to a tremendous number of different opportunities, for example financial crimes as well as opportunities related to organized crime or terrorist activity.
Going through Quantico, understanding how to follow any type of digital forensic case management methodology, investigating [cases], and devising prescriptive tactics and approaches to mitigate risks are all skills that are incredibly valuable and are a direct result of my time with the FBI.
Q: How does your experience with the FBI inform your approach to coordinating with law enforcement during a cybersecurity incident?
A: I’ve had the benefit of being on both sides of the table. When I was at MBNA, I was the chief credit compliance officer, and I regularly worked with organizations like the FBI and the Secret Service.
At the FBI, we ended up working with the private sector. Transparency and communication are the keys, as it is difficult for law enforcement to help if people are holding back information.
So, I think the number one thing is transparency and communication. The second is having single points of contact and people in private sector organizations who are in regular touch with law enforcement, and vice versa.
The FBI has public-private programs to connect with the appropriate people in major enterprises. It’s very important for private-sector companies to take advantage of those programs.
The FBI also shares information through its Internet Crime Complaint Center and its cyber divisions with regard to hacks, threats, and new attack vectors that they’re seeing. And that helps inform chief information security officers and the security apparatus of enterprises about how to mitigate risks before they become victims of cybercrime.
Q: Can you share a notable case that highlights the intersection of law enforcement and cybersecurity??
A: Without giving specific names, there was one incident in which a prominent person, a household name, received death threats through a fake Instagram account. We were able to access the account through an anonymous social media platform and work cooperatively with both company security and law enforcement to create a link analysis.
Through that link analysis, we were able to see who this fake Instagram account had in common with other known people. We were then able to whittle down the actual person behind the fake Instagram account and approach the person directly.
Legal Challenges of Data Breaches, Cyber Incidents
Q: What are some of the major legal challenges organizations face in cybersecurity, especially when handling breaches and cyber incidents?
A: The reporting requirements from a regulatory perspective, thankfully, have advanced significantly. So, you have an obligation to report to the appropriate regulatory body. But you also have to report to customers and tell them if any of their personal information has been compromised and assure them that you’ve taken the necessary actions.
While a company’s first obligation is to its shareholders, the friction point is that it has to do the right thing for its customers at the same time. If you don’t, your customer is going to lose confidence in you, and if you lose customer confidence, you’re affecting your shareholders anyway.
Another challenge stems from companies’ use of third-party providers, which exponentially increases their attack surfaces. Therefore, you have to ensure that those partners have also implemented robust security measures.
Even if a third-party provider indemnifies your company against a breach or some form of cyber incident, it doesn’t really matter.
Because when you explain to your customers that they’ve been affected by a breach of some sort, they don’t really care whether it was your company or a company that you’ve integrated with, or even a company that the integrator has integrated with that caused the problem. You’re the one that’s on the hook with your customers.
Private Sector Security Practices
Q: Can you describe a typical incident response protocol you follow when a cybersecurity breach is detected?
A: First, you have to have an incident response plan in place. And you have to have a firm on retainer that’s knowledgeable and skilled and can handle cyberattacks.
That’s important because the first 24 to 48 hours after an attack are critical. So a best practice is to pull the lever to get your incident response team to begin working through your incident response plan immediately.
The second thing is to isolate the incident from a systems perspective so you can actually understand where the incident is coming from and close the vulnerability as quickly as possible.
Then, you have to notify the appropriate people within your organization. That could be the general counsel or the chief information security officer — whichever executive is responsible for handling the reporting requirements.
Q: What advanced forensic techniques are used in private-sector cybersecurity?
A: I’ll try and break it down into a few categories. The first category is on the preventive side. We call that proactive security services.
In that instance, you have techniques that are more commonly known, such as network penetration tests. That’s where people, or white hats as they’re known, are testing vulnerabilities in companies’ security apparatus.
Less common but, I would say, even more important are red team tests, which actually use forensic practices in both the digital and physical realms to look for vulnerabilities in organizations.
That could be their retail locations, offices, or consumer applications. So, being able to physically go to a location to see if you can get into the office and check that the systems are encrypted as they should be is a forensic method by which you can proactively mitigate risk.
There’s then what they call “I & I” or intelligence and investigative services. On the intelligence side, you can do monitoring on the deep web and the dark web. And you can forensically look at whether or not your employees have compromised passwords that are for sale on the deep web.
You can look at social media footprints for brand exposure, where you can digitally organize and understand what people are saying about the brand. Are they intentionally trying to harm the brand, and if so, who is doing it? Then, you can go back to the proactive things that you can do.
There are also some reactive things you can do if you end up getting breached. You’re able to look to see how a particular password got compromised and what other passwords may have been compromised.
On the digital forensic incident response side, it involves going into the systems, looking at system logs, and understanding where the breach took place, how it took place, what systems were penetrated in the process, and why failsafes didn’t kick in or work.
Q: What do you see as the future of cybersecurity, and how can we prepare for it?
A: The future of cybersecurity is going to continue to be very dynamic, and it’s going to continue to accelerate. That’s because of the proliferation of technology and the accessibility of technology to the masses.
What we need to do as a society is look at lessons learned from past cybercrimes, such as credit card fraud, and ask what methods worked there and then start applying them to the areas where cybercrime is happening now.
