• COVID-19 is proving to be a boon for cybercriminals and fraudsters all over the world.
  • The only way to beat them is through strong collaboration between the public and private sectors.
  • Here's what a proposed global architecture to facilitate this kind of cooperation could look like.

Cybercrime is a major threat to global prosperity. Even now, in the midst of the worst public health crisis in a century, the cybercriminals just keep at it.

Global COVID-19 campaigns include lures themed on regional health authority impersonations, fake vaccination information, purchase or delivery of personal protective equipment (PPE), employee targets spoofed from HR, medical and pharmaceutical supplies, and even false job promises.

This should not come as a surprise. Cybercriminals have proven highly adept at exploiting a crisis or global event, and a digital ecosystem where the risk of getting caught remains very low and the potential returns are very high. Moreover, the profits from these malicious activities allow for continuous improvement in capabilities that often surpass the intensive cybersecurity investments made by government or corporate victims.

Acting against cybercrime

As argued in a previous Agenda article, we must confront cybercrime at its source to systemically reduce its global impact. An effective response to cybercrime requires exploring many possible courses of action and taking the interests of both the public and private sectors into account. Further, an optimal plan of action should leverage the expertise of both public and private sectors.

Designing and implementing such responses requires creativity in the conceptualisation and implementation of collaborative actions. We need to quickly disrupt cybercriminal infrastructures and services in ways that raise the cost to criminal actors, in a coordinated effort. And, where possible we need to attribute and prosecute cybercrime to raise the risk to criminal actors and offer justice to victims. This ultimately slows the adversary in their tracks; agility is often a luxury they enjoy.

Unlike other criminal areas, the private sector often has superior access to technical information and the capacity to identify, track and analyse cybercriminal infrastructures and services. This capability gives the private sector the ability not only to uncover criminal activities, but also to undertake targeted, disruptive actions by dismantling the criminals' infrastructure. However, these capabilities have limits and only governments have the legal authority to prosecute cybercriminals and impose penalties. Thus neither the private nor the public sectors have sufficient capabilities reduce the global impact of cybercrime on their own.

Partnership against cybercrime

Given the limitations on each sector, the only way to achieve the goal of reducing global cybercrime is through public-private cooperation. To this end, The World Economic Forum's Partnership Against Cybercrime initiative launched in April 2020 with the mission to explore ways to amplify public-private collaboration, improve the effectiveness of cybercrime investigations, and enhance the potential of disruptive actions against cybercriminal infrastructures. The initiative includes around 50 representatives from cyber-related service and platform providers, multinational financial organizations, government agencies, international organizations and leading non-for-profit alliances.

More than one in two companies fears cyberattacks as a result of new working practices
More than one in two companies fears cyberattacks as a result of new working practices
Image: World Economic Forum COVID-19 Risks Outlook

Building constructive cooperation

The initiative’s working group has highlighted four factors that enable sustainable, repeatable and effective cooperation. Firstly, while the end goal of cooperation serves a greater good, any collaboration must take into account the respective interests and missions of the participants. This consideration does not mean that the return on investment has to be immediate or direct, but ultimately all participants must derive value from the cooperation. For those who share the vision and values, this return could be achieved through simple steps like public recognition and bidirectional feedback. This allows for further enhancement of the sharing model as time progresses.

The second factor is trust. Trust is the scaffolding that enables collaborative groups to function. As a result, trust-building behaviours are an important dimension in the discussion. Ensuring transparency, promoting equity and fairness, making voluntary sharing the default option, and favouring joint decision-making are some of the ways to build trust over the long-term. Concerns and challenges, such as consumers’ privacy or geopolitical constraints, need to be acknowledged as well.

The third factor is strategic alignment. All operations have concrete objectives; however, the participants also need to agree on the strategic goals. All participants must understand each other’s respective needs, goals and values and continuously identify mutual ground.

The fourth factor is structure. Effective, long-term cooperation requires transparent, repeatable business rules, processes and governance. While much of the current cooperation is based on personal relationships, we need to make cooperation more systematic and durable.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

Facilitating cooperation

Many public, private and non-profit organizations cooperate to fight cybercrime today - and yet current collaborative efforts are not sufficient. What else is required? The initiative has identified the need for a global architecture that will increase the scope, scale, speed and sustainability of public-private cooperation. Such a structure would need to support both small groups focused on concrete operations and long-term alignment, trust-building, and agenda-setting within the broader community. In addition, this global architecture should build as much as possible on the many existing cyber-related structures and initiatives, rather than adding new bodies to the already complex global cyber landscape.

One possible collaboration structure being considered by the Forum’s initiative would be to establish a loosely-coupled global alliance connected through permanent nodes and temporary threat cells. This global alliance would provide the overarching narrative and commitment, and allow for long-term dialogue to achieve strategic alignment. Permanent nodes would maintain the necessary infrastructure (technical, legal and business) over time and would provide a place for temporary threat-focused cells to work on specific operations and take action. Finally, this model also allows for a more robust and balanced model, which is essential for high availability and continued support.

Conclusion

The internet is built to enable collaboration – in fact, that concept drove its creation. Unfortunately, malicious actors have learned this lesson all too well and it is part of what makes them so dangerous and effective. On the defenders' side, we’ve known for a long time that we need to collaborate to combat cybercrime, but we haven’t figured out how to do so effectively. With the conceptual framework emerging from the Forum’s initiative, we now have the first step needed to make collaboration a reality.