Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs
As we emerge from lockdowns and survey the challenges and changes of a post-COVID digital world, it would be understandable if many security and IT teams were suffering from a sense of breach fatigue. It is the idea that the rising tide of cyberattacks simply can’t be pushed back—that cyber criminality is simply too widespread and too heavily armed, networks are too large to adequately defend, and there are too few security professionals to do the job.
While all these challenges are very serious and very real, there is a simple tool to beat back the discouragement of breach fatigue and the defeatism it creates: The truth. The fact is that there are amazing things happening in—and as a result of—cybersecurity.
There is no sugar coating it though. Cybercrime is truly a global pandemic. It is growing year over year, and is already in the trillions. With enterprise organizations increasingly targeted, the extortion of ransomware is more and more expensive. The average cost of a data breach is nearly $4 million, with everything from hospital medical records to companies’ competitive secrets targeted and held hostage with malware.
Thankfully, those that fight cybercrime syndicates are in greater alliance than ever before—collaborating in ways that have made not just networks, but the whole world safer. Just as cybersecurity strives to always be an enabler of business, the issues surrounding the implementation of cybersecurity have driven an urgency and need for collaboration that is improving global security as a whole.
I see this every day at the World Economic Forum’s Partnership Against Cybercrime, where we focus on disrupting cybercrime syndicates by using cybersecurity as a strategic offensive weapon. You can’t hack the hackers, but there are other ways to bring them down. Arrests, obviously, but also ways to disrupt their supply chains and make it more expensive for their business models to operate.
To do this requires an incredible commitment to collaboration—across public and private partnerships, different governments, law enforcement agencies, departments and jurisdictions. In a world where borders are often barriers—creating the delays, havens and blindspots where cybercriminals thrive—the Partnership Against Cybercrime is creating a new and highly effective working model for how countries can come together to protect global networks.
I see the same commitment at the Cyber Threat Alliance—where across the cybersecurity industry, business competitors share near real-time, high-quality cyber threat information to improve the cybersecurity of our global digital ecosystem. That means that in addition to the innovation that is driven by competing for the best solutions, the nature and tactics of threats are understood and identified better and faster than ever before.
There are now more stakeholders more invested in protecting networks. As a result, silos that made cybersecurity more difficult are coming down. Now, when a cybercriminal operation is identified, we have built the teamwork between security companies, international law enforcement agencies like INTERPOL and national agencies to execute those takedowns. Takedowns need to be orchestrated strategically otherwise they are not as effective, hence the importance for tight cooperation among specific organizations which has progressed considerably. We are also working on raising awareness and resources among prosecutors and local law enforcement to build understanding of cybercrime and its business models—which spills over into money laundering and all the different criminal activity it touches—so that punishments meet the severity of the crimes.
Even with all this focus and cooperation, though, it is a relentless and ferocious daily struggle that spans global businesses and organizations, all the way down to local networks and individual users. And unfortunately, many of the organizations and companies that are at greatest risk are also the greatest enablers of cybercrime.
It’s a hard truth, but for all their relentless sophistication and technical firepower, the vast majority of cybercrime is driven by relatively low-grade phishing with malware that is entirely preventable with the slightest amount of caution. Having said that, it is still impactful and they are increasingly weaponizing automation and ML/AI to make it more sophisticated at a more grand scale. Suspicious links are clicked despite warnings; some updates are not installed for years. Even a mid-level cybercrime group of under 50 people can rake in $50 to $100 million dollars a quarter. The money generated when companies pay ransoms (against FBI and other organizations recommendations) allows the entire industry of cybercrime to flourish, invest and innovate, always making the challenges harder.
It is Time to Flatten their Curve
That may be the hard truth, but it is also the good news. Huge strides are being made in both the technology of cybersecurity, and the very real and very human collaboration it requires to execute and implement it. The commitment and the innovation is there, in a way that is more encouraging and inspiring than it ever has been. Additionally, we can learn from our accomplishments by taking COVID as an example. We need to flatten the “curve” of cybercriminals, meaning their profits, ROI, etc., similar to how we flattened the curve of the COVID-19 pandemic. We can disrupt their businesses too.
The more we can get people to understand these alliances and commitments are happening—and, importantly, to understand the reasons why they are happening—the more we will be able to inspire people and organizations alike to take the small steps that make a huge difference in the fight against cybercrime.