7 ways to bring cybercrime out of the shadows

The need for a firm and integrated response to transnational crime has never been stronger.

In the case of cybercrime, the openness, ease of access and slow institutional response have made it a low-risk and high-reward venture. Cybercrime is not necessarily a new behaviour; the end result is the same as an offline crime but the means are different.

However, the use of new technologies that are accelerating the volume and velocity of cybercrime are of great concern.

The annual cost of global cybercrime is estimated to be between $375 billion and $575 billion. In 2013 alone, there were 253 large-scale cybersecurity breaches in which the personal information of more than 600 million people was compromised – an increase of 62% on the previous year.

One of the core objectives of the World Economic Forum Global Agenda Meta Council on the Illicit Economy is to bring these issues out of the shadows. We like to think of the illicit economy, much of it enabled by technology, as if it were the fastest growing G8 economy. The challenge is to work with all key stakeholders to reduce the size, scope and influence of this shadow economy.

Smart security

At the Organization of American States (OAS), we think cybersecurity issues should be addressed by our member states through a “smart security” approach involving the establishment of best practices; participation across various sectors and stakeholders; methods that are tailor-made to countries’ specific needs; an objective-oriented plan; evidence-based problem analysis; and results evaluation.

This model has been particularly useful in designing our cybersecurity strategies because collaboration is key. A large part of our success is due to our close partnerships with our member states, including experts and institutions, and the implementation of the following seven-point plan:

1. Engaging civil society and the private sector. This is fundamental. More than 80% of the infrastructure that drives the internet and administers essential services is owned and operated by the private sector.

The OAS, for example, has established partnerships with private sector companies such as Trend Micro, Microsoft and Symantec and non-profit organizations including the World Economic Forum, STOPTHINKCONNECT, the Latin American and Caribbean Network Information Center and the Internet Corporation for Assigned Names and Numbers.

2. Raising awareness. With the development of the internet of things, people are connected to the internet in many different ways. This new trend highlights the importance of designing policies to raise awareness among internet end-users about basic cybersecurity measures.

Cyber criminals are targeting popular personal devices like mobile phones to spread their threats and infiltrate high-value sectors of the economy. The OAS has embarked on an aggressive programme of awareness-raising to make sure individuals understand the risks and the need to appropriate measures for their own cybersecurity.

3. Develop a national strategy. A national cybersecurity strategy allows countries to define a comprehensive vision on cybersecurity and set clear responsibilities, coordinating actions between governments and relevant stakeholders.

We have worked in the past with Colombia, Panama, and Trinidad and Tobago to help them design and adopt a framework that suits their needs.

4. Provide training. Remaining current is fundamental in this ever-evolving environment. The delivery of technical training to officials has proven to be a highly successful means of enhancing cybersecurity at the national and regional levels.

5. Rehearse crisis management. In parallel with technical training and the development of response teams, the OAS also conducts crisis management exercises. This allows member states to tailor exercises to their own needs.

Even in countries with robust incident response frameworks and well-trained technicians, these exercises highlight where countries can improve their incident response policies and procedures. Similarly, these exercises strengthen, in practical terms, collaboration at the technical level within the countries responding to threats.

6. Carry out technical assistance missions. The OAS responds to countries’ needs by developing and carrying out technical assistance missions designed to address cyber concerns. This typically involves site visits, policy reviews and presentations by local authorities, culminating in a series of recommendations by experts.

7. Share information. The OAS is working on the development of a network of response teams, which aim to facilitate real-time communication and information sharing. It is also important to ensure that each country has a designated official point of contact for cybercrime response.

Our approach to cybersecurity must be multidimensional, and involve key sectors like the business community, in order to respond to the changing nature of the risk.

To fight crime, particularly dynamic ones such as cyberthreats, it is critical to adopt models that reinforce collaboration between countries and institutions. There is no one-size-fits-all solution, and each country must find a strategy that suits its needs. The best policies are those that promote an adequate assessment of the problems, are tailored to individual needs, and engage all parties in the decision-making process.

Author: Adam Blackwell is Secretary of Multidimensional Security, Organization of American States.

Image: People play “Battlefield 4” on the first day of E3, the Electronic Entertainment Expo, in Los Angeles, California, June 11, 2013. REUTERS/David McNew