Existing cybersecurity is no deterrent to criminals
Deterrence plays a primary role in criminal law. Without it, our society could revert to the “Wild West” times. With the knowledge that they are not likely to be caught, individuals with criminal intent may be tempted to abuse others’ resources for their own selfish benefits. Tax evasion is one common example, and shoplifting is another. How does this deterrence principle apply to crimes being committed through the Internet? It’s simply not, according to the statistics.
Recent reports show that cybercrime is more profitable than the global drug trade (which UN estimates to be around $435 Billion/year for illegal drugs), and exceeds $500 Billion per annum (2015, Lloyds Insurance estimate of cyber crime). Looking ahead, Forbes projects cybercrime to be over $2 Trillion by 2019. With no global ‘Sheriff Wyatt Earp’ to keep law & order, the role of deterrence is largely left to the ingenuity and skills of each business targeted by internet outlaws.
The Sheriff has the answer
Why is it so appealing to be a cybercriminal? Some say there is no apparent risk to commit crimes over the wire, and that the penalties are often hard to apply or too light. Others think it is insufficient legislation. Furthermore, many people look to the government or enterprise to deliver solutions which they themselves cannot fund or enact. Looking at the facts – even the well-funded, best-armed companies still end up on our daily news as victims of cybercrime. The pessimists among us can argue that attackers forever gain the upper hand, having an “asymmetrical advantage”.
While there is some truth in all of these statements, they all fail to recognize the core problem – the existing technology to investigate illegal cyber activities is insufficient. Using our historical parallel, without sufficient “fire power & manpower” in 1881 things might have turned out differently for Wyatt Earp at the OK Corral. Current cyber response strategies are not fundamentally changing the statistics. The risk must exceed the reward for deterrence to be effective. Therefore detection must be combined with investigation and identification to isolate and hold criminals accountable.
What should we invest in next?
In the long history of man’s criminal activity, breaking the law can require more ingenuity, but the real breakthroughs have come from better evidence collection (security cameras, cell phone tracking, forensic evidence, etc.) to be used by law enforcement to solve more crimes. What we find with Internet crime is that the necessary capabilities for cyber forensics are still evolving. To date, the investigation tools available to organizations have failed to meet standard business needs. Security teams are often left without the manpower and visibility to provide sufficient answers even to simple questions. This is why we need to find a more efficient way for doing forensics, considering time, manpower and budget.
What would Cyber-Sheriff Earp want in his cache to combat cybercrime? Organizations have invested in dozens of different technologies to prevent attackers at the gate and detect trespassers. Over the past several years we were introduced to many technology innovations – Big-Data Analytics, User Behavior Analytics, Anomaly detection, deception techniques and the remaining list is long. These solutions are doing a great job providing us with better detection rates and tighter funnel to reduce false positives, but most of the hard work is still there. Our analysts end up rolling-up their sleeves and drilling into the data in order to understand what actually happened.
If you have invested in all these tools as a business you must be sure to support robust forensics and investigation processes. An advanced persistent threat (APT) actor will always find his way in and breach the security of your company. As early a point in that kill chain the Security Operations team can interrupt the security threat, the less likely there will be valuable data lost or malicious use of company IT assets. Data forensics becomes a critical element of understanding and remediating any threat. In fact, forensics may be the only way to fight back.