Cybercriminals and cyber defenders are battling online. Here’s how the defenders can win

Industry, government and law enforcement agencies are in race to keep up with the vast cybercrime ecosystem, experts say, as cybercriminals and malicious actors increasingly exploit the digital economy.

"The global law enforcement community is struggling with the sheer volume of cyber-related crimes," Jürgen Stock, the Secretary-General of INTERPOL, said during the World Economic Forum's 2024 Annual Meeting in Davos, Switzerland. "The crime statistics only go in one direction, which is up. Going up dramatically in many parts of the world."

Cybercrime rose significantly during the COVID.19 pandemic. According to a 2020 INTERPOL survey, instances of online scams and phishing increased by 54% following the outbreak of COVID-19 while the registration of malicious domains rose by 22%. The use of ransomware and distributed denial-of-service (DDoS) attacks by cybercriminals also increased dramatically.

Large and sophisticated cybercrimes continue to be deployed today. In October 2023, Google announced it had blocked the largest ever recorded DDoS attack, which reached a peak of 398 million webpage requests per second.

"The bad guys are better organized in many ways than the good guys," John Doyle, President and CEO of insurance company Marsh McLennan, added in Davos.

Cybercrimes – which in recent months have been directed at everything from the British Library to shipping ports in Australia – are also becoming more expensive for the targeted companies and organizations. The average global cost of a data breach reached $4.45 million last year, according to IBM's latest research, the highest level ever recorded.

In Davos, cybersecurity experts in the private sector, law enforcement and academia detailed how cyber defenders can increase their capacity to prevent and combat cybercrime.

Experts maintain that so-called security be design is key to bolstering cyber resilience. The concept of security by design entials building cybersecurity protocols into software and hardware products from the earliest development stage. This approach allows safeguards to be embedded at each state of operation and limits the chances of cybersecurity vulnerabilities emerging as products develop and are put into use.

"It has become an imperative for the digital public infrastructure," Debjani Ghosh, President of Indian technology non-profit NASSCOM, said of security by design. "You have to build your resilience because at some point in time there are going to be breaches, there are going to be attacks."

Increased cooperation, experts note, is also critical to combating cybercrime, which is by nature largely oblivious to national borders.

The international community needs to “start thinking about the processes we can put in place to make sure that we can support each other and defend each other's public infrastructures," Sadie Creese, a Professor of Cybersecurity at the University of Oxford, said in Davos.

In December, US and European cyber agencies did increase coordination with the signing of a new Working Arrangement. The agreement between the European Union Agency for Cybersecurity (ENISA) and US Cybersecurity and Infrastructure Security Agency (CISA) entails the exchange of best practices and capacity-building measures as well as increased coordination around protection for critical infrastructure systems.

In a statement, EU High Representative of Foreign Affairs and Security Policy Josep Borrell said the increased collaboration strengthens "transatlantic cooperation and our collective resilience to combat the escalating cybersecurity threats we confront globally."

Businesses also play a critical role in curbing cybercrime, governments and law enforcement agencies say.

"We need the support from the private sector to build an effective global architecture, because you cannot fix that problem just on a national level or on a regional level," Stock stated. "We all know that it's a global problem and it requires a globally coordinated response."

For years, experts have urged companies to develop more coherent cyber strategies and invest in cybersecurity. However, obstacles such as high costs and a lack of tools and expertise continue to limit many organizations' capacity to boost cyber resilience – especially the capacity of small and medium enterprises (SMEs).

In fact, the World Economic Forum's Global Cybersecurity Outlook 2024 found that in 2023, the number of organizations that maintained a minimum viable cyber resilience was down 30%, with SMEs making up the bulk of the decline. "SMEs, despite making up the majority of many country’s ecosystems, are being disproportionately affected by this disparity," the report notes.

Nonetheless, the Forum's report notes that there has been an increase in the level of cybersecurity awareness among private sector leaders. "There is broader awareness today at leadership level in boardrooms," Gary Steele, President and CEO of software company Splunk Inc, added in Davos. "That's a huge advancement frankly from where we were even five years ago."

The rapid development of artificial intelligence (AI) is also impacting the cyber arms race between criminals and cyber defenders, with both sides increasingly using AI technologies to boost their capabilities.

Cyber criminals, for instance, are using AI to make phishing attacks more visually and linguistically convincing while IT professionals and law enforcement agencies are using AI systems to build new defences, detect anomalies and analyse risk.

Moreover, the use of AI in cybercrime and cybersecurity will only increase in the coming years, experts say. As the Forum's Global Cybersecurity Outlook 2024 notes, "as organizations race to adopt new technologies, such as generative AI, a basic understanding is needed of the immediate, mid-term and long-term implications of these technologies for their cyber-resilience posture."