- Cybercrime is a growing global threat, with instances of illegal online activity increasing particularly during the COVID-19 pandemic.
- Law enforcement agencies face challenges in tackling the ever-evolving world of cybercrime, including a lack of resources, border limitations and underreporting of cyberattacks.
- Law enforcement agencies across the world must work together to raise awareness of cybersecurity among the public and to prevent a ransomware pandemic.
Cybercrime is a global threat that knows no borders. With law enforcement limited to national borders, cybercriminals exploit the digital world’s limitless playing fields with near impunity. The escalation of cybercrime worldwide means a global law enforcement response has never been more crucial.
As an inter-governmental organization with the vision of connecting police for a safer world, INTERPOL has been analyzing a broad range of cyber threats since the inception of its Global Cybercrime Programme in 2015. In the past year, INTERPOL witnessed an exponential growth in the scale and impact of cyber threats as criminals and fraudsters exploited fundamental social needs and anxieties in the cyberspace during the COVID-19 pandemic.
Have you read?
Facing the challenge
In particular, ransomware attacks targeted governments, hospitals and other institutions on the front lines of the fight against the pandemic. By attacking these critical organizations, criminals were able to maximize the damage inflicted as well as their financial gain. Indeed, ransomware provides a highly enticing and lucrative business model for cybercriminals, especially with the development of double or triple extortion and ransomware-as-a-service models.
The COVID-19 pandemic has also opened up new avenues for cybercriminals to carry out various forms of online criminality regardless of the region. New and increased vulnerabilities and attack surfaces have emerged due to a surge in internet use during the pandemic, which outpaced business’ ability to secure remote workforces and online individuals. In addition to ransomware, prominent threats now include online scams, attempts to compromise business email, illegal data-harvesting operations, misinformation and the re-emergence of older types of malware, which were repurposed to take advantage of the global pandemic.
Finding a solution
At its High-Level Forum on Ransomware on 12 July 2021, INTERPOL called on police and their partners around the world to commit to stop this potential ransomware pandemic. In the face of the continued evolution of cyber threats on a global scale, the secure and swift exchange of actionable information will be fundamental to locating evidence, suspects and victims in multiple jurisdictions simultaneously.
Cybercrime investigation involves challenges that are not typical to “real world” investigations, however. For example, it is difficult for law enforcement to know first-hand that an attack has occurred, and even then, reporting rates are low. In the UK, only 1.7% of estimated total offences were referred to authorities in the 12 months to 30 September 2020. This underreporting problem limits law enforcement’s ability to accurately assess threats and effectively respond to them. This can cause cybercrime to fall down the priority list within many law enforcement agencies worldwide, which further exacerbates the situation.
Investigating cybercrime also requires specific skills and technology that are not universally available such as malware profiling, darknet tracing and cryptocurrency analysis. The gaps left in law enforcement cyber capability or regional capacity as a result can enable online criminal networks and activities to slip through the net.
Moving out of the comfort zone
Recognizing these challenges, the global law enforcement community has been making efforts to be open and inclusive. In 2019, for example, INTERPOL’s General Assembly endorsed Gateway, a legal framework that enables INTERPOL to share information with certain private sector companies.
These partners have a clear view on cyber threats on a global scale coming from different sectors. INTERPOL is therefore able to receive up-to-date cybercrime data from them, as well as tapping their expertise on recent trends and gaining technical assistance. Endorsing such partnerships is a departure for law enforcement, demonstrating its willingness to accept institutional and technological innovation in order to tackle cybercrime.
Among the various ways to collaborate with these partners, one of the most successful examples has been global public awareness campaigns on cybercrime. INTERPOL has been running these campaigns with its partners annually since 2019, reaching more than 7.5 million users across the globe each time. This year, about 90 member countries signed up for the #JustOneClick campaign.
These campaigns address the challenges global law enforcement faces in preventing a ransomware pandemic in three ways:
1) Prevention is the best cure
Stopping harm before it happens is clearly the optimal outcome in most situations. In the world of cybercrime prevention, however, mitigation or recovery measures are not always available or up-to-date. Prevention campaigns can promote cyber hygiene amongst the public and remind people that just one click can let malware into their system. Raising awareness can also boost reporting of cybercrime because the public gains a better understanding of the issue.
2) Partnerships increase effectiveness
Global awareness campaigns allow law enforcement to work with the diverse actors in the global cybersecurity ecosystem under the common goal of making cyberspace safer. This strategic alignment leads to effective collaboration and active participation in sharing prevention tips with the public. We have found that some law enforcement organizations even voluntarily translate our prevention campaign strategies for their local communities.
3) Cross-collaboration builds public trust
Throughout these campaigns, cross-sector collaborations are visible to the public. This boosts these relationships and helps build trust. Public recognition of mutual efforts was identified as a key element of a successful partnership by the World Economic Forum’s Partnership Against Cybercrime Insight Report. The synergies that the World Economic Forum and INTERPOL are creating together further induce trust between the public and private sectors in a neutral environment.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
Taking the next step
Cybercrime poses a formidable challenge to security worldwide and inhibits the potential of digital economies. Greater participation by the international community in building the global response to cybercrime will help overcome these issues.
A proactive prevention culture must be instilled in every organization, regardless of location or size. Further investment in raising awareness of cybercrime risks, mitigation strategies and enhancing cyber hygiene will also maximize downstream preventive benefits.
For law enforcement, digitalization has brought an opportunity to be inclusive and open, collaborating beyond national borders and sectors. And while awareness-raising and prevention efforts have made great progress in this area, challenges remain, including underreporting and gaps in cyber capability and capacity. A multi-stakeholder approach would also help to address these issues.