#OnlyTogether can we enhance our resilience against cybercrime

#onlytogether

#OnlyTogether can we enhance our resilience against cybercrime

By Dr Robert S. Dewar and Ms Ellie Templeton

The COVID-19 pandemic has resulted in an alarming rise in cybercrime. Sophisticated criminal actors are taking advantage of the current global uncertainty and exploiting new digital vulnerabilities to steal money and data and disrupt systems. We all share an interest in ensuring cyber resilience in an increasingly digital world, where different types of security measures have taken on a national, business or individual focus. It is only together and across these societal levels that we can effectively enhance resilience against the continually evolving threat of cybercrime. There are opportunities for enhanced collective resilience at each level – so let’s work together.

National level

The national or state level presents the greatest opportunity to establish a collective approach to cybercrime through public education, the allocation of resources and the provision of guidance. An effective national cyber security strategy can bring all levels of society together. Actions as simple as promoting organisational and personal awareness of cybercrime and its many forms can have a significant impact. In particular, with recent online scams impersonating government and health authorities to trick victims into providing personal data or downloading malicious content, raising awareness about legitimate communication methods from official national bodies is more important than ever.

Businesses and individuals can directly contribute to national cyber resilience. One simple way to do this is through the identification and voluntary reporting of suspicious domains or messages to national bodies such as Switzerland’s Cybercrime Coordination Unit or the UK’s Suspicious Email Reporting Service. States can enhance their resilience further by leveraging current legislative frameworks to ensure that individuals and commercial entities are aware of, for example, requirements to disclose cyber and data breaches to citizens, consumers, and supervisory authorities. The reporting of incidents and breaches plays a major role in combatting cybercrime.

It is well known that cybercrime is also not confined to geographical or geopolitical boundaries. This makes it challenging for states to combine their efforts to enhance cyber resilience and present a united front. At the multinational level, states, businesses and citizens can enhance resilience by supporting the efforts of international bodies such as Europol – the European Union Agency for Law Enforcement – or INTERPOL – the International Criminal Police Organisation – to provide international-level guidance and protection, and coordinate collective resilience.

Business level

The rise in cybercrime has also seen an increased targeting of private sector businesses, institutions and health-associated organisations during the pandemic, including the World Health Organisation (WHO). While key aspects of an organisation’s resilience include an array of preventive and reactive cyber security measures, conventional security measures such as firewalls and anti-virus security systems are no longer enough.

Institutional resilience against cybercrime can be enhanced by working together with external organisations and national bodies. The rise in public-private partnerships to enhance cross-jurisdictional and cross-culture resilience has seen successful cybercrime investigations and the protection of privatised critical national infrastructure. The recent launch of the Trust Valley initiative, which brings together Geneva-based organisations, businesses, public authorities and universities, is another innovative example of efforts to increase regional cyber resilience.

However, we must always remember that cyber security is about people. The cybercriminals’ targeting of the WHO’s employee accounts to gain access to the organisation’s system demonstrates that institutional security is also dependent on internal staff – particularly in light of the new vulnerabilities that accompany the global transition to remote digital working. Organisations can enhance their resilience by empowering their employees to be digitally literate, with upskilling and cyber security training rapidly becoming a necessary organisational investment to ensure that digital security is effective.

Individual level

Much can also be done even on the individual level. To safely navigate the World Wide Web and engage with the digital economy, increasing awareness of and competence in identifying common cybercrime tools such as phishing, spam, malware and ransomware are becoming a necessity. Both identification and prevention are key, and practising good cyber hygiene can be a simple, yet effective personal tool. We should all get into the habit of setting strong varied passwords for different personal accounts and checking that our devices have updated anti-virus software.

Taking these personal steps or utilising national and business initiatives, training, and resources creates compound security. With good personal awareness and efficient reporting mechanisms, a single citizen can stop major cyber operations in their tracks. Such was the case with young Briton Marcus Hutchins, who discovered a “kill switch” that prevented the large-scale ransomware attack Wannacry from spreading further in 2017. Individuals working together in communities, businesses, institutions and nations have the power to limit or even completely close the operational space in which cybercrime is currently flourishing.

While each societal level addresses cyber security in a different way, working collectively from the national to individual level can enhance our resilience against the unpredictable nature of cybercrime. INTERPOL has reported that cybercrime is highly likely to continue increasing, as criminals exploit new vulnerabilities generated by the changing economy, working techniques and daily lives in response to the global pandemic. While good practice on each societal level contributes to the mitigation of cybercrime, it is only together that we can truly enhance our collective digital resilience.

 

ABOUT THIS BLOG SERIES:

As the world attempts to navigate yet another major disruption, we continue to look to one another to identify sustainable solutions and rebuild better. It is time for our world to take conscious steps towards unity and to work together so as to move beyond our preconceptions and challenge our stagnation. This #OnlyTogether blog series provides you with expert insights and the beginnings of a roadmap to a more peaceful and secure future. This blog series was launched to celebrate our 25th Anniversary, discover our 3-day event programme here.

 

Disclaimer: The views, information and opinions expressed in the written publications are the authors’ own and do not necessarily reflect those shared by the Geneva Centre for Security Policy or its employees. The GCSP is not responsible for and may not always verify the accuracy of the information contained in the written publications submitted by a writer.

Dr Robert Dewar is Head of Cyber Security at the Geneva Centre for Security Policy, leading the Centre’s cyber security activities. He provides executive education courses on cyber security and defence, the European Union and international relations as well as developing innovative pedagogical approaches to the teaching of cyber security. Robert initiates and engages in international dialogue activities on cyber security and defence and conducts research into cyber security and defence policy, security studies, active and blended learning, the European Union and historical institutionalism. He also specialises in designing, developing and staging policy-based cyber security simulations. Robert has a PhD in EU cyber security policy and an MSc in Global Security from the University of Glasgow, and an MA (Hons.) in Modern History from the University of St. Andrews.

 

Ms Ellie Templeton is a Cyber Security Research Assistant at the Geneva Centre for Security Policy. She has an International Master’s Degree in Security, Intelligence and Strategic Studies awarded by the University of Glasgow, Dublin City University and Charles (Prague) University, and an LLB Law Degree from the University of Birmingham, UK. Ellie has an academic background in national and regional law, policy and regulations analysis. Her research has particularly focused on the Europeanisation of security policy within the European Union, cyber security norms and international frameworks, transatlantic intelligence relations and strategy, and conflict studies.