Teaming up to fight cybercrime
Cybercrime is insidious. It’s global, relentless and fueled by resourceful cybercriminals. They take advantage of technologies like machine learning or inexpensive exploit kits bought off the dark web. And now, a global pandemic, worldwide economic stress and an unprecedented upswing in remote work have created a target-rich environment for cyber thieves.
The stakes have never been higher. Research from Accenture points out that in just one year, the average annual cost of cybercrime increased by 31% in the United Kingdom, 30% in Japan, 29% in the United States and 26% in Australia.
Organisations are struggling. What’s the answer? Yes, we should invest strategically in cybersecurity tools and services. We also need more cybersecurity talent. But even a Marshall Plan–like investment in hiring and training cybersecurity professionals won’t bridge that chasm for years.
Instead, we need to look ahead and anticipate, rather than simply react to what’s happening now. The legendary hockey great Wayne Gretzky said it best: “Skate to where the puck is going, not to where it’s been.”
From a cybersecurity perspective, we need to acknowledge that the “puck” is going places where it’s never gone before. Global denial-of-service attacks. Runaway ransomware attacks. A more determined set of cyber adversaries than ever, including state-sponsored cyberterrorists.
Looking ahead and putting together the right cybersecurity defence is going to take a higher, more committed level of collaboration. Security professionals have always understood that battling cyber threats requires a team effort, and that has never been truer than it is today.
The value of public-private partnerships
Cybercriminals are smart, move fast and often are much more sophisticated than us at leveraging the power of partnership.
To counter that, we need to embrace a stronger, deeper partnership between the private sector (technology providers and enterprises using that technology) and the public sector, specifically law enforcement. This public-private partnership is essential to overcome mounting cyber threats and help lighten the load of overburdened law enforcement.
Much of this public-private partnership will lead to greater threat intelligence, a vital component of an effective cybersecurity framework. Most organisations can get only a patchwork view of the threat landscape by ingesting data from numerous sources and figuring out what it all means. Organisations have begun moving aggressively to artificial intelligence and machine learning to take a more automated approach to threat intelligence. But neither private-sector companies nor law enforcement agencies can do it all on their own.
Partnership between the private sector and law enforcement can be an accelerator in gathering, analysing and acting on threat intelligence. In my former career as an executive for the FBI, I made it a priority to conduct outreach with private sector businesses for two simple reasons. First, no single entity sees the full spectrum of cybersecurity threats; and second, responding to actual breaches can be a scary proposition, even for very large organisations.
A bigger picture
Law enforcement agencies look beyond local and even national boundaries to get a big-picture view of activities, trends and outcomes. They can provide critical context around activities, and routinely share this information among their colleagues in friendly governments. Their intelligence, private industry notifications and bulletins often allow cybersecurity analysts in the private sector to elevate their understanding of threats.
While I am most familiar with the extensive threat intelligence capabilities of the FBI here in the U.S., I know that my counterparts in Interpol, Europol, Scotland Yard, the Australian Federal Police and many more cybersecurity units of national and international law enforcement agencies have unique insight that the private sector can learn from.
And law enforcement professionals share with the private sector a powerful, common belief that guides our actions: we all want to stop the bad guys.
Law enforcement has particularly insightful information that organisations can benefit from, but public sector agencies are faced with a challenge. Often, the nature of the data from federal law enforcement prohibits the sharing of its sources and methods. There are times when aggressive cooperation among government agencies has actually yielded some fascinating reporting by threat analysts. But there are hundreds of instances where the information cannot be shared, making it much more difficult for private sector organisations to see and act on those threats.
How can we bridge this gap? This is the exciting potential of the partnerships between private-sector organisations and law enforcement agencies.
For instance, in the U.S. alone, nearly every major city – and even many smaller municipalities – has a contingent of cybersecurity investigators attached to both the FBI and the U.S. Secret Service in the form of cybersecurity task forces and electronic crimes units. If you are not already a contributing member to those groups, I encourage you to reach out to those entities and enhance your ability to receive timely alerts and threat intelligence.
The FBI also has a programme in most cities called INFRAGARD, which provides threat intelligence sharing and networking for the business community. The local INFRAGARD chapters have a particularly digital landscape bent, which has evolved over time in direct response to the rapid developments in cybersecurity. If they have not already reached out to your organisation, I encourage you to take that step.
There also are industry groups you can join to promote collaboration between the private sector and law enforcement groups. The International Cyber Security Protection Alliance describes itself as a “business-led organisation” that recognises the importance of providing additional resources and support to law enforcement agencies in cybersecurity endeavors.
A culture of collaboration
Collaboration between public and private sectors is not new, as we previously noted: “In the evolving world of cybercrime and data manipulation, law enforcement can – and should – play a critical role in preventing criminal activity.” But this partnership is more imperative today. And it must be supported not only by business executives, but also driven by the C-suite and the board.
Public and private sector organisations each must leverage all available resources, and partnerships need to be a strategic part of their commitment. Of course, you must continue to ensure the development and advancement of your organisation’s own capabilities by maximising use of next-generation technologies and techniques such as machine learning. At the same time, you must adopt a “culture of collaboration” both inside your organisation and with third parties.
Partnerships and collaboration are essential in cybersecurity. After all, even Gretzky, “The Great One”, relied on the talents and hard work of his teammates rather than trying to score solely on his own.
M.K. Palmore is the Field Chief Security Officer for Palo Alto Networks. His responsibilities include support of the initiatives headed up by the office of the global Chief Security Officer and providing thought leadership in the cybersecurity arena through both writing and speaking engagements. Prior to joining Palo Alto, Palmore served as the Head of the Cyber Security Branch for FBI San Francisco capping a career of public service spanning 32 years.