Analytics Brief: Collaborating in the fight against cyber crime
Cyber crime has ballooned into a seemingly uncontrollable monster attacking government agencies and the private sector alike. What can we do to counter and minimize the influx of cyber crime? Just recently US intelligence officials pinned the blame on the Russian government for the attacks on American political organizations. While in the private sector, Yahoo confirmed that approximately 500 million user accounts were compromised. How can law enforcement, government agencies and the private sector work together to combat cyber crime? And who should take the lead in the fight against cyber crime? Experts discussed these questions in this recent Analytics Brief installment.
It takes a village to raise a child. This same principal could apply to partnerships and information sharing between law enforcement, government and the private sector. A child’s development is molded by many individuals and shared values. These experiences create well-rounded, self-sufficient individuals who contribute positive things to an improved world in which they blossom. When many different sectors contribute and share information regarding cyber crime, both pre and post breach, a wealth of knowledge can be gleaned to prevent future attacks. A successful collaboration can only occur when multiple parties each bring something to the table resulting in cyber-crime solutions and prevention.
Cybersecurity is now everyone’s responsibility, and everyone and everything is at risk. Cyber crime was once a distant crime of the future depicted in movies such as Mission Impossible or those featuring James Bond, but is now rapidly expanding and part of our current culture. It has only intensified because of the anonymity of the crime—hiding behind 1s and 0s—and the use of Bitcoins as anonymous digital currency and the rapid pace of information sharing between criminals. These factors make keeping up exceptionally challenging for law enforcement, businesses and consumers. It is often said cyber criminals need to only get it right one time, where law enforcement needs to get it right every time to stop them.
The best way to collaborate against cyber crime is to assume that all these groups have a common enemy and not get hampered by mythical regulatory or other legal barriers that aren’t barriers in reality. Hackers and bad guys do not mind working together and aren’t afraid to share exploits—as long as law enforcement, government agencies and the private sector do not partner, they’ll continue to fight less effectively. Some companies in the private sector are afraid to share exploited data and decrease collaboration out of the fear that the government or law enforcement branches might learn things they shouldn’t. Meanwhile, as companies protect themselves from government agencies and law enforcement groups, they end up getting hacked and having that same or more information shared without their knowledge. Working alone is no longer an option and certainly not as effective as collaborating to combat cyber crime.
No one team exists that can lead the fight; each type of cyber crime needs a different leader. For example, companies that know how to disseminate information widely can lead by educating the public and workers. Those who know how to conduct investigations and perform forensics and post-breach analysis while prevention and focus on pre-breach tasks can be led by law enforcement groups. Cyber crime is complex, and unless we break down the complexity into manageable chunks it will seem like a daunting task.
Fighting cyber crime demands more sharing of threat information. The private sector collects a vast amount of information in ways the government cannot collect legally. The government also collects information in ways the private sector never could. Aggregating this information, applying analytics and distilling new threat vectors is far more effective than operating in silos of information.
Who should take the lead in the fight against cyber crime? You, the end user—the individual. A significant number of successful compromises occur because end users click on a phishing or spear phishing link, open a document from an unknown or untrusted source, enable macros in Word documents when they shouldn’t and more. That manner of prevention doesn’t mean a role doesn’t exist for cybersecurity professionals. First and foremost, the tip of the spear -you- need to always be the front line of defense, not the last.
Government agencies, law enforcement and private companies need to utilize tools with standard frameworks for anonymous information collection and correlation. These systems should not be one way, such as those that give the government visibility into the private sector only. Rather, the data needs to be used by public and private sector entities to help improve anomaly detection, malware identification, account misuse and vulnerability exploitation. Industry groups with backing from large organizations need to help raise the bar in information security and help reduce the cost for smaller companies, partners and government agencies to implement security solutions.
Government agencies and private sector organizations are already collaborating in many ways in the ongoing fight against cyber crime. This collaboration is being done in similar ways to our battles with other forms of crime in the physical world on our streets.
Nevertheless, the online problems are far more complex, with a growing global element that brings in our Department of Defense (DoD) and intelligence agencies such as the National Security Administration (NSA) and Central Intelligence Agency (CIA). Other familiar organization names range from local and state police departments to the Federal Bureau of Investigation (FBI) to the Secret Service to tech companies to Fortune 500 companies around the country. In addition, groups such as InfraGard, Sector-specific Information Sharing and Analysis Centers (ISACs) and the National Institute of Standards and Technology (NIST) bring public and private sector leaders together to work on strategies and best practices to protect critical infrastructure and respond to cyber-crime incidents.
Dozens of diverse roles are required to win this fight, and they range from individual actions that residents can take to protect themselves online—see www.staysafeonline.org—to The National Center for Missing and Exploited Children. Plenty is being done, but we can certainly do more because we are currently losing this battle.
The challenge is that this simple question on how we best fight cyber crime is really many questions. While we may need one overarching strategy, the answers will be very different based on such questions as: what is the specific issue or crime, and are international actors—even nation states—involved?
Clearly, the next president will need to build a comprehensive strategy to address cyber crime during the next decade. But answers will include personal responsibility as well as roles for schools, churches, businesses, police, government agencies, nonprofits and much more. We need all hands on deck.
Putting cognitive computing to the task
With reports predicting that “cybercrime will cost businesses over $2 Trillion by 2019,” containing the monster that is cyber crime, and fast, is critical. Thankfully, the promise and power of cognitive computing gives us considerable hope in the fight against cyber crime. Join us at IBM Insight at World of Watson 2016 to learn more about the role of cognitive computing in cybersecurity.