by William Dixon and Craig Jones*
The digital revolution is changing the way law enforcement protects communities and the way businesses manage risk.
The World Economic Forum’s Regional Risks for Doing Business 2019 report highlights the scale of the digital threats to the global ecosystem, explaining how the changing risk profile is not just an issue for technologically advanced sectors traditionally afflicted by crime, such as the financial sector, but now also cuts across all industries and regions. And the world’s enterprise leaders rank cyberattacks as the second-most significant threat to their businesses, after the threat of a fiscal crisis but before governmental breakdown or violent conflicts.
Cybercrime is also changing the way police must think about and respond to threats against their communities. The threat is global, outstripping the typical capabilities, resources and approaches of traditional crime-fighting outfits. New models of public-private cooperation must be central to the responses, where enterprises, government entities and police agencies forge collective actions against cybercrime. Investigation, attribution and prosecution of offenders must be part of how the global community builds an effective deterrence against digital crimes, which are becoming increasingly high impact and high volume.
This growth of the cyberthreat has been driven by criminals who have been able to exploit two inherent types of weaknesses:
Human weakness. Humans, not machines, are often the biggest weakness criminals can exploit. Nearly all cyberattacks require a person to click on a malicious link or directly interact with malicious actors. As highlighted during INTERPOL’s #BECareful campaign on business email compromise (BEC) fraud, social engineering is a key element in committing this crime, where criminals trick company employees into transferring money to them.
Technical weakness. Once established in a target system, criminals often find easy-to-exploit legacy networks, unpatched infrastructure and technical controls that are simple to bypass with their level of skill. Of the top 10 vulnerabilities currently exploited globally, all have been around for at least one year, and some have had fixes available for several years. In the case of BEC fraud, criminals also take advantage of technical weaknesses, gaining access to a victim’s devices or systems through malware or other security vulnerabilities to learn enough about the company’s inner working to convincingly impersonate either a high-ranking employee like the CEO or a supplier.
How to attack cybercrime
There are three reasons why the global law enforcement community needs a new generation of public-private cooperation to address the impact of these weaknesses.
1. Globalization of investigations
Crime that traverses the Internet and digital networks has affected even “traditional” forms of physical crime. In the past, a criminal would enter a bank to commit a robbery, but today, that same criminal can rob the same bank remotely using digital means. This shift has made nearly all crimes especially complex and global by default. The law enforcement responses therefore also must be international in scope. This change in the crime landscape requires an urgent need for scalable and repeatable regional and international cooperation across the public-private security ecosystem. An investigative landscape comprised of communication providers, technology companies, threat intelligence and security companies, alongside law enforcement, can be a powerful force of cooperation.
INTERPOL’s recent success in coordinating and working with private sector partners to arrest a Nigerian cybercrime gang that targeted thousands of victims across multiple continents, for example, indicates the effort now required to combat digital crimes at an international level. At a national level, in the United States with entities such as the National Cyber-Forensics and Training Alliance (NCFTA), and at a regional level, with the European Cybercrime Centre (EC3), new models of cooperation have shown to have a major impact. The challenge for the future is how to build an architecture to repeat and scale these successes around the world.
2. Global capacity gaps
There are still significant gaps in cybercrime capacity in emerging regions and countries. Those countries which are rapidly digitizing, but not yet fully capable in cybersecurity, are where there is an urgent need to harness the private sector expertise to scale up defence and investigation capabilities. Sophisticated and high-profile attacks, such as the Bangladesh Central Bank heist in 2016, have been followed by similar attacks in Russia as well as Central Asia, Latin America, Africa and the Middle East. According to one global report, nearly one-third of all global cybercrime now targets East Asia, accounting for $200 billion in annual losses. The new generation of public-private partnerships will need to focus on incentivizing business and individuals to take preventive and protective measures to mitigate the risk and reduce the threat of becoming victims – as well as encouraging corporations and industries to lead in building systems, software and hardware that are more secure by design.
3. Shifting data models
National and local law enforcement agencies often don’t have the data they need to conduct effective cybercrime investigations. At the scene of a “traditional” crime, such as a robbery, the capabilities, processes and data required to run the investigation – CCTV, fingerprints, witnesses – are within the reach of local law enforcement. But with today’s crimes containing a cyber element, the scale of such incidents means a standalone police response is no longer viable. In Australia alone, a cyber incident is reported every 10 minutes, while in the UK, half of all crime is digital crime.
Consequently, due to knowledge and resource constraints, only the most significant incidents merit a direct police response – making the private sector an important partner in incident mitigation, response and investigation. In one recent, urgent case of cryptojacking attacks – in which criminals remotely accesses victims’ systems using malware to hijack their computing power to create cryptocurrency – INTERPOL private-sector partners helped disseminate more than 170 alerts to member countries, helping stop potentially thousands of people from becoming victims.
Building a global ecosystem to combat cybercrime
In an era of developing digital economies, online crime has the potential to threaten the unrivaled prosperity of today. A new generation of public-private partnerships is needed to counter this threat. If left unchecked, cybercrime has the potential to threaten global security – but combating it offers an opportunity to build holistic partnerships based on the shared principles of protecting all communities from crime and building a safer world.
*Head of Operations, Centre for Cybersecurity, World Economic Forum and Director of Cybercrime, INTERPOL
**first published in: www.weforum.org