Cyber-Crime: Are We Fighting a Losing Battle?
We hear constantly of new online threats, cyber-attacks, scams to watch out for and new technologies that both streamline our lives and yet make it that much easier for cyber-criminals to get hold of our money. Are we fighting a lost cause when it comes to cyber-crime or is the battle strategy simpler than we think?
The truth is that while the fight may seem futile, the first thing to do is shift our mindset and acknowledge that the state of play has shifted, the more digitalised our world becomes. Just as the criminals are finding new ways of breaching us, we must find new ways of fighting and that means discarding the rules-based approach of old and assuming a more proactive and dynamic offensive.
As much as they are out for selfish gain, the cyber-criminal network has a huge advantage in their willingness to collaborate and share new tools and ideas. That teamwork is one of the reasons they are so powerful. When you consider it in that context, that it is a team of criminals targeting individuals and individual organisations, you can understand why they are the side that is more effective. Thus, there is an overwhelming need for collaboration from banks and businesses too. Rob Leslie, Founder and CEO of Sedicii borrowed this quote from a cyber security conference, saying “It takes a network to defeat a network.”
“When you shift as rapidly as we have into a digital paradigm, fighting this challenge on a singular basis is pointless. We have to come together,” said Leslie, in a podcast interview with Mambu.com. This needs to happen on a global scale, in much the same way as the criminals are communicating with each other, businesses must understand the importance of sharing information with one another. With a great deal of onus placed on progressive organisations and regulatory bodies who can impart a top-down ethos that will filter from C-Suite down into the rest of the business; banks and other organisations can be led to share valuable information, from the impact of incidents and various events to emerging tools and technologies and how those can be effectively applied.
Utilising the tools at our disposal, we must recognise that the likes of AI and machine learning are undeniably excellent weapons in our battle against cyber-crime. For example, using AI on a collective basis, which goes back to that collaborative piece. One bank can analyse the behaviour of their few million customers, for example, but if multiple banks were to share their analyses collectively, we’d be looking at data spanning more like 50 million customers.
True the criminals can use AI to their advantage, but so can we. Taking a fraud detection stance, organisations can use AI to learn about their customers, their behaviour, where they’re banking, the amounts of money they’re playing with, the locations they frequent, their activity. Not with the intention of plying them with ads, or phishing for useful information like the hackers but rather to learn enough about them to know when something odd trespasses into their network. The AI approach is all about using that knowledge to hone the ability to spot an abnormality before it compromises the customer.
The human element is the biggest obstacle we must overcome in this fight, as those working in cyber security battle to protect those who sometimes don’t know how to protect themselves. This is where education and increased awareness comes in. Cyber security cannot be cordoned off into its pigeonhole and trusted to behave as some impenetrable icy wall warding off wildlings and white walkers alone. Cyber security professionals are responsible for guiding individuals and organisations in the measures they can take in order to support cyber security in being proactive in the fight against cyber-crime.
Former ethical hacker, Katerina Tasiopoulou, suggests offensive tactics like using Google to share information hackers want kept confidential. Also much like the intruder and fire drills companies implement, the same approach needs to be applied to cyber security. “Managers need to put a game plan in place and execute and practice that plan,” said Tasiopoulou to Mambu.com. “We need to rehearse our response to an incident so we know what to do when the time comes.”
The fight against cyber-crime wages on but it is not yet a lost cause. How will we make a dent? By encouraging banks and businesses to build an offensive community that puts the importance of cyber security front and centre, by working collaboratively across a global network and taking every opportunity to educate everyone across every level.