Joining Forces: A Public-Private Sector Collab Against Cybercrime

With weaponized and productionized malware now available on the dark web, cybercriminals no longer need deep technical expertise to develop toolkits and launch attacks. Cybercriminals also share and learn from each other, working together to plan and execute attacks that grow more damaging with each passing year. Gorka Sadowski, Chief Strategy Officer, Exabeam, looks into how organizations can fight cybercrime better by evolving, collaborating and staying ahead of threats.

Cybercrime has become increasingly dangerous for the broader public, employees, companies, and government agencies—and profitable for attackers. Strategies have evolved from unsophisticated phishing emails and brute-force attacks to sophisticated crime for sale. 

In 2021, attacks grew dramatically as cybercriminals took advantage of the chaos and confusion created by COVID-19. To enable hybrid work models, companies loosened corporate security controls. Attackers took advantage, targeting individual users and endpoints to penetrate corporate networks. In the first nine months of 2021, 1,291 data breaches were recordedOpens a new window , surpassing the 1,108 recorded for all of 2020 –– and those numbers are just the publicly reported ones. 2021 numbers will likely show a substantial increase when the Identity Theft Resource Center publishes its year-end wrap-up. 

The Cost of Being Vulnerable

While attacks against companies are severe and costly, those against public infrastructure threaten national security and effective social functioning. Cybercriminals, including nation-state actors, know this well. They use zero-day vulnerabilities and supply chain attacks to gain a beachhead into third-party vendors such as Microsoft and SolarWinds, where they can penetrate thousands of customers’ networks. And they tap open-source software bugs to penetrate the networks of companies that don’t update code or patch fast enough. 

The ransomware attack against Colonial PipelineOpens a new window caused U.S. East Coast fuel shortages and price increases for six days, with the firm ultimately paying $4.4 million to restore systems. Another attack targeted a global meat supplier, JBS, which wiped out a fifth of the nation’s meat supply, and forced the company to pay $11 million to recover data and operations. Less publicized, but equally concerning, a remote attack on a water treatment plant in Oldsmar, Florida, altered chemical levels but was detected before contaminated water left the plant. 

See More: How to Move from a Reactive to Proactive Cybersecurity Strategy

Public-Private Sector Cooperation Is the Key 

Amid all of this bad news, there are some promising developments. Government and company leaders realize they need to work together and be just as united (if not more so) as their adversaries in sharing information and combatting attacks. These encouraging developments include the following.

1. Increased federal governmental oversight:

In May 2021, President Joe Biden issued the Executive Order on Improving the Nation’s CybersecurityOpens a new window , underscoring the need for the federal government to evolve its cybersecurity capabilities. The order states, “The Federal Government must bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).”

Much of the nation’s infrastructure uses OT developed decades ago and wasn’t designed for an era of constant connectivity and remote access. However, since this infrastructure runs critical functions, these systems must evolve and be fully secured to continue functioning in the digital world. The Executive Order will serve as a forcing function for this work to complete. 

The Department of Homeland Security’s Transportation Security Administration has announced two new Security Directives to protect the nation’s higher-risk railroads and trains, transporting freight and passengers around the country. Similarly, 150 electric utilities are working together through the President’s Industrial Control System Cybersecurity Initiative to deploy new control system cybersecurity technologies, beginning with gas pipelinesOpens a new window . Ideally, agencies will be able to implement changes before a widespread infrastructure attack proves successful. 

2. Shared threat data among key actors:

President Biden’s Executive Order calls for greater sharing of threat data between IT and OT service providers, such as cloud service companies and the government agencies they serve. These providers will now be contractually obligated to share this data, leading to faster detection and mitigation of bugs and incidents. Already, infrastructure owners and operators are sharing threat data with the federal government through the Cyber Information Sharing and Collaboration Program. 

Information Sharing and Analysis Centers (ISAC) and Information Sharing and Analysis Organizations (ISAO) extend the circle of trust to include industry organizations, allowing for greater cooperation and faster innovation on new initiatives. More recently, the Cybersecurity and Infrastructure Security Agency (CISA) has announced the formation of the Joint Cyber Defense Collaborative, bringing together public and private partners for planning, threat analysis, and defense operations. Industry heavyweights such as Amazon Web Services, Google Cloud, Microsoft, and several others, lend much-needed expertise to their agency partners. 

3. Stronger state response:

The California Department of Technology and its Office of Information Security recently published Cal-Secure, a five-year roadmap to strengthen the state’s cybersecurity using industry best practices. Analysts are heralding Cal-Secure as a comprehensive, collaborative approach that others should follow. In addition to Cal-Secure, states can tap the National Governors Association’s (NGA) Resource Center for State Cybersecurity to evolve their programs. 

Seven states are already leading the way, participating in the NGA’s annual cyber-readiness program to investigate and adopt best practices. And with the passage of the bipartisan Infrastructure Investment and Jobs Act of 2021, states and local governments can finally tap a $1 billion cybersecurity grant program to strengthen their digital infrastructure.

4. Pre-planned responses:

As federal government and state agency teams draw up multi-year cybersecurity plans and roadmaps, they also strengthen business continuity and recovery plans. Across industries, organizations typically work with partners to hold regular tabletop exercises, explore the impact of escalating attacks, and study analytic trends and past incidents to plan new investments or redesign processes. This work helps agency leaders pre-plan and codify their responses in playbooks. Then, when disaster strikes, cybersecurity responders can follow a pre-planned approach, triaging incidents to limit their damage.

CISA has also set up a network of 50 state cybersecurity coordinators to help coordinate a cross-state approach to an attack on specific sectors, among other duties. When an attack on the agriculture industry impacted two regions, the coordinators helped lead a multi-state response that restored systems in less than a week. An extended crisis would have impacted up to 18 percent of all grain production from 14 million acres of farmland, harming farmers, businesses, and the consumers they serve.  

Fighting Cybercrime Together 

As cyberattacks grow in volume, velocity, and ferocity, government agencies and businesses must present a united defense. They can do so by increasing information transparency at all levels, sharing information in real-time, accelerating their joint response, hardening defenses proactively, and testing systems. 

While cybercrime abounds, cybersecurity partners can work together to combat adversaries. By collaborating effectively, governmental and business partners can strengthen the nation’s defenses, making cyberattacks more costly and challenging to execute and far less rewarding in their payoff. These partners can reduce attacks, protecting our nation’s security and way of life for the American people and our worldwide allies.

What steps are you taking over the coming months to fight cybercrime better? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

MORE ON CYBERCRIME:

• Why Transnational Cooperation Is Key in the Battle Against Cross-Border
• CybercrimeCybercrime Is a $6T Issue: And Your Collaboration Platforms Are the Weakest Link
• Are Cybercrime Laws and Penalties Good Enough?