As a cybersecurity leader, a large part of my job involves defending companies against cybercrime; the rest is spent figuring out how I can take the fight to the cybercriminals. You'll hear many people say things like "the threat landscape is always changing" or "cybercrime never sleeps." What they really mean is that cybercrime is a global problem — it affects every industry and every time zone. This is why I believe this is a fight we can only win by collaborating across public and private sectors, taking advantage of the skill sets, expertise, and jurisdictions our combined forces offer.
The Power of Collaboration in Action
My journey as a cybercrime fighter has led me into some unusual spaces. Back in early 2020, I helped co-found the CTI League, a volunteer organization that works to defend the healthcare industry from cybercriminals. The CTI League peaked at around 2,000 members, with several hundred members originating from governments and agencies all over the world, representing 80 different countries.
The power of collaboration like this cannot be understated. We were able to track and report vulnerabilities in a matter of hours and/or dismantle threats in a matter of days. Taking down malicious sites became a matter of a quick conversation, while engaging law enforcement involved little more than a quick shout-out or visiting a private channel. The league showed that it was possible to work across borders, organizations, and with governments all over the world.
Borderless Expertise — The Private Sector's Advantage
The cybersecurity industry has grown immensely over the past 10 years, and has continued to try to keep pace with cybercriminals. Some of the brightest minds working on the most advanced technologies have made it possible to gather risk signals, detect threats, and help prevent attacks everywhere, including for government agencies and global nongovernmental organizations. The depth of the private sector's expertise, and, in some cases, the capabilities of organizations' themselves to throttle cybercriminal infrastructure, cannot be overstated. It's key to staying on top of a global, borderless ransomware problem.
This diversification of expertise and the skill sets that are needed to succeed in such a fast-moving, competitive environment means that operationally, the private sector will always be faster, more agile and more focused than the public sector, which is generally spread much thinner and consequently limited to a number of select, specialized priority missions. This means that the private sector will always have a different, likely broader view of the threat landscape than the public sector and, consequently, broader operation scope, too. This puts the private sector in a unique position where it can help inform and expand missions undertaken by the public sector. Missions like taking on the entire cybercrime ecosystem.
The Public Sector's Governance Opportunity
Governmental agencies have the ability to not only centralize insights, findings, and investigative groups, but they can levy the kinds of broad policy enforcements that can change the way the industry and organizations operate. A good example of this is the "Know Your Customer" (KYC) rules enforced on financial institutions.
KYC enforcement has made a huge impact on financial crimes, and is starting to have an impact on ransomware where exchanges agree to enforce them properly. Governance initiatives like this can help the public sector improve its security posture, mitigate modern risks, and improve efficiency. By uniting lawmakers and enforcement agencies, the public sector can change the course of the industry and the landscape in which criminals and private sector outfits operate.
Joining Forces to Combat Cybercrime
Combining the capabilities of both groups and attacking the very ecosystem that they thrive in is the only way we are going to beat cybercriminals at their game. There is already a precedent for this kind of success.
For the last year, I have also been a member of the IST Ransomware Task Force (RTF), a group of industry experts who dedicate time to fighting the scourge of ransomware. Led by the Institute of Security and Technology (IST), the RTF works across industry sectors and collaborates closely with policy makers, law enforcement, and other agencies to ensure that we both protect our nation and take the fight to the threat actors who profit from this crime.
Since publishing its inaugural report, we have seen good progress, as 88% of the recommendations that were in the report have seen some implementation. The complete status of report recommendations can be read here (PDF). Just as encouragingly, Director Jen Easterly of the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Agency (CISA) made it clear that the US government's Joint Ransomware Task Force would include a significant role for the private sector, and the IST Ransomware Task Force specifically.
We still have much work ahead of us. Ransomware is not just the well-known names we read about in the papers, names such as Conti, LockBit, and Ryuk. These are just façades — brands that hide an ecosystem of criminals who move around and change their tactics on a regular basis, because it's profitable. Until we join together and attack that profitability, whether it's through driving up the cost of doing business or seizing their ill-gotten gains, we won't disrupt their businesses. I do believe we can do it, though. There's more of us than there are of them, and we are just as dedicated and passionate as they are — perhaps more so because we are fighting for the common good of organizations everywhere.
Together, we can take away the tools they use to build their software. We can identify and restrict the places that provide them with sanctuary, and we can reach out and empty their pockets, destroying their lifestyle. By hitting at the very heart of what makes them successful — criminal enterprises — we can disrupt every ransomware group at once, ultimately crushing them entirely. However, we should expect these criminals to look for different schemes, and that's why building lasting partnerships to keep the pressure on the whole ecosystem will be so important.