ASSOCIATE Magazine FBINAA Q1-2026

YOUR

STILL WORK IN CYBERSPACE: SEEING THE CRIME IN A CYBER INTRUSION SPIDEY SENSES

INEZ MIYAMOTO, NA SESSION 266

A cyber intrusion follows the same logic as a break-in: find a weak point, get inside, carry out a crime, stay in touch, hide, get out, and cash in. Pairing each physical step with its cyber twin gives leaders a simple model to understand risk, prioritize evidence preservation, and decide where to investigate. Results hinge on how quickly the intru sion is recognized, how promptly evidence is preserved, and how effectively risks are mitigated.

AT THE SAME COMPANY, TWO BREAK-INS HAPPEN IN THE SAME WEEK T In the first, a thief walks through a corporate office during business hours, flashes a fake badge, and slips into the Hu man Resources (HR) department to copy personnel files before anyone notices. The evidence is clear: surveillance footage, fingerprints, and a witness statement. In the second, the same files vanish, but this time the door is digital. An intruder gains access after a targeted phishing email

tricks an HR contractor into handing over credentials; those cre dentials are then used to log in from overseas and pull the same records. There is no broken glass, no camera footage, and no alarm. The only trace is a few lines of digital artifacts buried in log files. In both cases, the target is sensitive corporate data: the HR and payroll systems that hold employee names, addresses, Social Security numbers, banking information, and background-check records. Whether those records are taken from the file room or

continued on page 28

26 FBINAA.ORG | Q1 2026