Cybercrime is rising at an astonishing rate.
Every second, new malware is created and distributed and new phishing campaigns are launched.
The people who distribute malware or launch denial-of-service attacks are no longer faceless criminals but members of a ruthless, amorphous sub-class driven by profit.
They have their own business models, processes and market positioning and we need to consider who they are and why they do what they do.
Governments and businesses are in an arms race with cybercriminals.
However, only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cybercriminals.
The vast majority of companies feel constrained by regulations, resources and dependence on third parties when responding to attacks, according to research by BT and KPMG released in July.
In total, cybercrime costs the public and private sectors about US$400 billion a year. So it’s no exaggeration to call these cybercriminals “criminal entrepreneurs”.
But it’s not just businesses that are affected.
In May 2013, the identities of 16,000 whistle-blowers were uncovered in an attack on a national police force in Africa.
More recently, there have been many high-profile hacks on gaming companies, revealing personal information, not to mention hacks done for political reasons, where a group will deface a website in protest.
If businesses stand any hope of keeping ahead of cybercriminals, they need to collaborate and challenge these hackers.
While cybercrime is increasing, it isn’t a technology problem.
Cybercriminals are ruthless, breaking into systems with more and more sophistication each year but they’re not just doing it for fun. They’re doing it for profit.
They run their activities like a business — sharing resources, coming up with highly rational business models and competing with legitimate business for the best talent.
Hence, it’s a business problem.
But legislation limits the power of business to retaliate and hampers the help they can give law enforcement agencies.
Cybercriminals, by their very definition, are not bound by any rules or restrictions and can collaborate freely.
So how can businesses keep ahead of cybercriminals?
We suggest three ways to begin.
Businesses need to talk about and share knowledge on all cybercrime incidents.
They need to be open with each other about when the incidents happened, how they happened and what the consequences were.
When Europol and the FBI worked together in 2014 and 2015, they took down four major bot networks — a series of infected computers that act like puppets for hackers.
This was a significant blow to the cybercriminals. Imagine how much better it could be if every business worked together.
Building a united platform
Businesses have many disparate agencies and platforms out there to collaborate on security issues but there needs to be a coordinated approach.
Companies need a forum to discuss issues like encryption, cloud servers, data access and protecting people’s privacy — a forum that not only facilitates that discussion but can enforce the decisions it makes.
There’s already good progress here.
An example is the Budapest Convention. This was the first international treaty seeking to address internet and computer crime by harmonizing national laws, improving legislative techniques and increasing cooperation among nations.
But more needs to be done.
When cybercriminals threaten our national security, unusual teams develop such as the British code-breaking center at Bletchley Park.
These teams thrive on the creativity, the need to do something and the original thinking.
The world needs similar approaches if we’re to take on the challenge of cybercrime.
For starters, those of us in corporate businesses need to learn from the Budapest Convention, understand what we are fighting against and change how we work to help enforce and comply with the laws it sets out.
One good step forward is in the UK.
There will soon be a new National Cyber Security Center in October. There needs to be more like this to make it easier to report and share information on cybercrime.
Challenging the criminals
Organisations need to treat cybercriminals the way they treat brands that challenge them — by understanding and disrupting their business model.
It’s clear there’s a challenge to develop a digital business model tough enough to survive a cyber attack.
Businesses need a strategy that addresses the digital risks facing the business as a whole.
It’s not just about the information systems but the customers and supply chains.
It’s time for businesses to stop thinking it’s enough to build a wall around themselves.
As the fourth industrial revolution continues, that wall will cease to exist.
Instead, we need to patrol our networks, continue to detect invaders and work together to catch them.
– Contact us at [email protected]