Faced with the rise in cybercrime, the private sector must deepen its partnership with federal agencies to combat cyber predators. Public-private cooperation has already made significant progress, but much more needs to be done to ensure the safety and security of the digital economy, he believes. Anant Adya of Infosys Cobalt.
Climbing the Cyber Threat Landscape
Cyberthreats and cybercrime are on the rise, with predators using new – and more aggressive – tactics. Fighting these predators depends on a multi-pronged strategy, but there is one that is particularly important: businesses partnering with federal agencies. This partnership can open a new front in the fight against cyber predators – and help undermine their ability to profit from their plunder.
Evidence of the growing cyber threat is everywhere, but here’s a scary statistic from Microsoft: in the first quarter of 2023, the number of password-based attack attempts increased tenfold compared to the first quarter of 2022. The volume of these attacks is staggering, increasing from around 3 billion per month to more than 30 billion. “This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities this year. » writes Microsoft in its 2023 Digital Defense Report.
There is every reason to believe that these trends will continue in 2024 and beyond, particularly with the diffusion of generative AI. While its potential is exciting, it can also be exploited for nefarious purposes, such as sophisticated phishing emails and deepfake videos. This is particularly concerning given the widespread use of ChatGPT. It had 100 million users within months of its launch in November 2022 – a figure Facebook hasn’t reached in more than four years.
Under these challenging conditions, the Biden-Harris administration released its cybersecurity strategy earlier this year. Among the strategy’s many dimensions, it helpfully recognizes the critical role of industry in cyber defense, highlighting the private sector’s “increasing visibility into adversary activity,” which is “often broader and more detailed than that of the federal government. The strategy calls for “more regular collaboration” between private sector entities and federal agencies with the means and authority to act.
See more : How to navigate the cyber threat landscape
Importance of private-public cooperation
The importance of such collaboration resonates in other quarters. As the World Economic Forum recently noted, “the only way to respond to cybersecurity threats is through active partnerships between the private and public sectors.”
The fact that cyber thieves are cooperating to increase their efficiency highlights the importance of cooperation between the private and public sectors. Accenture reported on “relationships are being formed between “secure syndicates” who collaborate closely and use the same tools – suggesting a major shift in the way threat actors work together in the underground economy. With union collaboration, the lines are even blurrier between threat actor groups, making attribution more difficult.
The events of recent years also demonstrate the value of cooperation and partnership between the private and public sectors. One of the most damaging examples of malware, Emotet, became “the go-to solution for cybercriminals” after being discovered in 2014, Europol said, noting that its infrastructure “essentially acted as a back door open to computer systems.” worldwide “. » But in January 2021, Emotet was taken down, thanks to a coordinated action involving federal agencies in the United States (and other countries) as well as private sector actors.
Another example of public-private cooperation leading to a positive outcome occurred in 2021. Vulnerabilities were identified in Apache’s Log4j, a security tool used in consumer and enterprise products, websites and other applications. An adversary could cause a vulnerable system to generate code that, in the words of the US government, “allows the adversary to take full control of the system.” The adversary can then steal information, launch ransomware, or carry out other malicious activities.
However, public and private cooperation (under the Joint Cyber Defense Collaborative) has facilitated the sharing of information and ideas, enabling these vulnerabilities to be quickly addressed and minimized the massive threat posed by Log4j.
Partnering with federal agencies allows the federal security infrastructure to develop a more comprehensive understanding of the cyber landscape. Early vulnerabilities can be identified and remediated to benefit targeted businesses and others facing the same threats.
See more : Joining forces: collaboration between the public and private sectors
Business consequences of cyber threats
Government agencies, often working with their counterparts around the world, also have unique powers to combat cyber threats and seek redress – sometimes being able to seize funds obtained by cyber thieves and return them to victims – or even prevent the payment of ransoms.
Earlier this year, the US Department of Justice announced it had waged a months-long disruption campaign against a ransomware group called Hive. This campaign captured decryption keys, over 300 of which were provided to victims, eliminating the need to pay a ransom totaling $130 million. The Justice Department also announced that, working with other government agencies in Germany and the Netherlands, it had taken control of Hive’s servers and websites, significantly handicapping the entity’s predatory tactics. .
Representatives from one of the targeted sectors – hospitals – reported later that the campaign against Hive benefited from “the intensive exchange of information on cyber threats with the private sector”.
As these examples show, public-private cooperation improves the ability to address vulnerabilities across the cyber environment and combat cyber thieves. This is one of the great advantages of such cooperation, but it is not the only one.
Reducing cyber threats contributes to a more stable and predictable business operating environment. At a time when virtually every business has an online presence, strong cybersecurity goes hand in hand with reliable access to electricity as a non-negotiable part of doing business.
There are also collateral benefits associated with a safe and secure cyber environment. Such environments contribute to the dynamism of the private sector, stimulating growth among incumbents and supporting a start-up culture. The competitive excitement that ensues allows companies to be high performers – always looking for innovations that give them an edge over their competitors.
But when a hostile cyber environment exists, businesses are forced to focus more energy on protecting their assets – a recipe for long-term stagnation and decline. And for businesses victims of cyber predators, the damage is not limited to immediate losses. A McKinsey enterprise survey found that 10% of companies surveyed said they had terminated a business relationship with a vendor in the past year due to a data breach at that vendor.
Securing the future of the digital economy
In the future, the digital economy offers virtually unlimited economic opportunities, helping to improve living standards around the world. However, realizing the full potential of the digital economy is closely linked to the state of cybersecurity.
Cyber predators pose an existential threat to the health and vitality of the digital economy – which means they threaten the entire economy. Even closer cooperation between the private and public sectors is fundamental to confronting this threat. This cooperation can lay the foundation for a more secure business environment that contributes to more economic opportunity – and higher standards of living – in the United States and around the world.
How can private-public collaboration improve your company’s cybersecurity? Let us know on Facebook, XAnd LinkedIn. We would love to hear from you!
Image source: Shutterstock