You’ve probably read some of the startling facts around cybercrime, and likely have been a victim of it yourself. Cyber activity has grown so much that Warren Buffett recently called it “the number one problem with mankind.”
It is indeed a growing and costly problem, predicted to cause $6 trillion annually in damages within the next few years.
Yet, generally speaking, we still don’t know that much about cybercrime, let alone how to combat it. According to a recent survey, nearly half of all new employees don’t even know if their company has a cyber security policy. It’s clear that our approach to cybersecurity, typically one of passive defense, is becoming outdated.
As cybercrime continues to evolve, so must defensive measures. Here are five ways we can begin to defend cyber activity with the level of investment necessary to meet the threat:
Treat it like disease
Dr. Peter Singer argues that treating cybersecurity the same way we treat disease could offer an effective approach. He calls it “cyberhygiene,” and imagines a CDC for cybersecurity.
What if we did treat cybersecurity like disease? As a society, we stay home from work or school when we are sick. When we see someone who appears ill, we take steps to avoid catching the virus.
In Singer’s speculative world, public education about phishing scams is as important as education about the flu. Just as the CDC tracks and reports on trends related to disease, there could be an organization doing the same for cybercrimes, filling in a much-needed gap in public research.
This approach would mean if you suspected your computer was infected with malware, you would immediately disconnect it from the network. If you suspected a phishing email, you wouldn’t click on it and would instead report it to friends, family and coworkers.
Even without an institutionalized approach, if we all treated cybersecurity with a similar approach to public health, it could reduce the threat.
Specialized education, training and leadership
Bootcamps for programmers, data scientists, product managers and nearly any other tech role are popping up across the country and pumping out skilled workers every few months. Yet there are very few bootcamps for cybersecurity, and it’s often grouped under information technology.
While cybersecurity is an important element of IT, should we expect our IT teams to handle and stay on top of the latest cyber risks while simultaneously maintaining our office network — not to mention, handling questions about why the printer isn’t working?
Training and education specialized in cybersecurity is beginning to crop up, but we still don’t treat it with the importance and urgency that it demands. 42% of retailers say they don’t have anyone in charge of information security, an industry that has been hit by some of the biggest and most costly data breaches in history.
More leadership roles specific to cybersecurity are beginning to appear, but this approach hasn’t been fully embraced either.
When the U.S. government has special divisions dedicated to combating cybercrime, it’s a sign that the private sector should follow suit.
Disrupt their business model
What if private corporations treated cybercriminals like competition? It’s an interesting question that the World Economic Forum recently posed.
When Amazon launches a new product, an enormous amount of research goes into it. They study the competitive landscape, knowing their adversaries inside and out, playing out potential scenarios.
What if every corporation did this with cybersecurity? Understanding cybercrime to the same extent that a company understands market trends could go a long way in creating effective strategies to combat malicious activity.
Additionally, treating cybercriminals like a challenger brand could help to develop tactics for disrupting cyber threats. If the criminals aren’t able to reap the rewards of the crime in the first place, the risk is immediately reduced.
Malicious cyber activity will continue to evolve, but if companies are willing to stay flexible and innovate alongside them, it could become an effective approach.
Utilize new technologies
Bitcoin’s blockchain technology is a great example of how new technologies can cut off malicious activity before it ever gets started.
The blockchain records cryptocurrency transactions across a vast, public network of computers. Every single transaction is stored across every computer on the network, and the records are updated with every new transaction. And because the records are publically available, it’s nearly impossible for anyone to commit fraud.
Artificial intelligence could become another major player in the fight against cybercrime, able to mine through mind-numbing amounts of data and contextually identify threats and trends in real-time.
While some corporations may be hesitant to embrace emerging technologies, they should be explored as potential solutions to the seemingly never-ending cascade of cyber threats.
The small town of Farmington, New Mexico, was recently targeted by a ransomware attack. City records were held hostage, but with the aid of the FBI most of the files were retrieved.
No matter where cyber criminals reside, local law enforcement must find ways to respond when local residents become cyber victims, or when local agencies themselves become the victims.
The first step is to utilize resources like the FBI, but by enabling local law enforcement with more resources, they can begin combating and responding to malicious activity on their own.
Local reports can feed data into national databases, and sharing information regionally can help to better equip local law enforcement to deal with this new type of crime.
Rather than relegating the fight to IT professionals and big corporations, local agencies should feel empowered and confident in the fight against cybercrime.
Winning the cyberwar?
Realistically, cybercrime isn’t going anywhere. Malicious activity will continue to grow, and criminals will continue to find new ways to commit their crimes.
Right now, it might feel like the wrong side is winning the cyberwar, but with new approaches and a unified front across private and public sectors moving from passive defense to active defense, it’s very possible that the tide will soon start to turn.