Cybercriminality
Security researchers, global organizations, law enforcement and other government agencies need to have the right conversations and test potential scenarios without the pressure of an actual attack.
October 11, 2023
•
,
3 minutes. read
Crushing malware groups involves imposing high costs on small, ad hoc groups. But these actions are slowly diminishing in favor of a continuation of much more organized measures. groups of actors aligned to support nation-state aligned ideals. Doing this slowly changes the face of defenders and allows often lone operators to play well together in order to achieve the goal of stopping opponents. Kind of.
It turns out that it can be very difficult to bring together international groups of security researchers, law enforcement, and other government agencies to work together. fight against international threats. Amid a sea of division and divergent views on what the “biggest threat” might be, digital advocates in various countries are learning from the news threat landscape at different speeds, as well as how to get along with security industry researchers in order to protect their own territory.
This requires working with others. And that requires understanding their cultures and their methods. Which in turn requires them to have certain ethics and methods.
Countries rarely prioritize the same things, and it shows in their defensive – and increasingly offensive – operations.
This means businesses and organizations don’t really know who to call or when to call in the event of a breach, ransomware, or other malicious event. Even if they know who to call, they don’t know what to provide, what they can legally provide, what can be done and who should do it he in the investigation.
From lawyers to cyber insurance For law enforcement groups, it’s unclear how the manual should flow. One thing is certain: if something bad happens to you, time is not your friend. The value of actionable data diminishes rapidly over time, while simultaneously your costs skyrocket.
A law enforcement group at VB2023 suggested organizing a desk exercise within your organization to determine who should be involved and at what stage. Law enforcement tends to want to respond quickly, trying to stem the attack, capture data, and provide assistance. But almost as soon as they arrive, you will talk to cyber insurance specialists, and they will attract lawyers. Lawyers slow things down considerably, especially if they are acting against law enforcement, and often even if they are not.
At what point during an attack should you call the police? Do they know who you are? Do their local offices have the capacity to actually help you during an active event? Do you know what their rules of engagement are and what can be expected of them if things go well? And what happens if they don’t?
One way to be proactive is to have these conversations Before you get attacked. Trying to explain all the details of an active attack during your first phone call with law enforcement is a frantic exercise at best, and an exercise in panic at worst.
RELATED READING: Cybersecurity: a global problem that requires a global response
But let’s return to the international aspect. Attacks are usually global. This means that local law enforcement probably won’t be able to handle the brunt of the attack, unless you’re lucky enough to live in one of the areas where they A) can be reached and B) know what to do.
Here at VB2023 there are exercises and conversations to learn exactly that. The creation of centers for the exchange of people likely to help, such as Europol’s new initiativesThan coming face to face with technical practitioners heavily involved in real attacks, it’s a good time to test potential scenarios with each other without the pressure of a real attack.
One of the valuable outcomes is knowing which people you plan to help won’t Or can’t do, preferably before an attack.
Speaking of digital armies of defenders, do you know who they are in your organization? Law enforcement and global organizations are often hopelessly overburdened by defending large swaths of organizations and governments. So if you can offload some tasks internally, they will likely not only be grateful, but able to respond more effectively. You have a team, don’t you? If you don’t, you’re not alone, but you’re also not in an ideal place to withstand an attack. Maybe we should all start with our own armies.