Cybercrime
,
Fraud Management & Cybercrime
,
Information Sharing
InfoSec Officer Shervin Evans on the State of Cyberdefense, Meeting the Challenges
Cybercriminals are launching increasingly sophisticated and relentless attacks in today’s rapidly evolving digital landscape. The potential for breaches and exploitation has increased as the world has become more connected, raising an urgent question: Are we winning the fight against cybercriminals, or are we just sinking deeper into their grasp?
See Also: How to Take the Complexity Out of Cybersecurity
To answer that question, we’ll examine our current fight against cybercriminals, where we’re making progress and where we’re falling behind. I’ll explore how cybercriminals launch sophisticated attacks using advanced technology and global collaboration. In addition, I will discuss how cybersecurity professionals can bridge the skills gap by collaborating, sharing knowledge and using artificial intelligence.
Enhancing threat intelligence sharing and collaboration between the private and public sectors will unite cybersecurity professionals to strengthen our collective defenses. In the ongoing battle against cybercriminals, it’s time to shift the balance.
The Growing Cyberthreat
Cybercrime is growing exponentially, with global costs projected to exceed $10.5 trillion by 2025. Criminals are becoming more organized, utilizing advanced technologies including AI-driven attacks, ransomware-as-a-service and zero-day exploits. These tools empower attackers to strike globally, compromising entire sectors such as healthcare, finance and energy. The infamous Colonial Pipeline ransomware attack and the 2023 MOVEit breach demonstrate how devastating these incidents can be.
Worse yet, cybercriminals collaborate globally. They share resources, tools and even personnel through dark web forums, selling ransomware kits and stolen data. This level of cooperation allows them to launch coordinated and highly effective attacks. Given the agility of these threat actors, defenders are often left playing catch-up, even with the most advanced security technologies in place.
Are We Keeping pace?
Despite increased cybersecurity investments-estimated to reach $300 billion globally by 2026 – the numbers show a grim reality. Breaches are growing in frequency and severity. The challenge lies in cyberwarfare’s asymmetry. Cybercriminals can launch devastating attacks with minimal resources, but defenders must protect vast, complex infrastructures with the constant threat of human error or technological misconfiguration.
While advanced tools such as zero trust architecture, AI-enhanced monitoring and intrusion detection systems are being adopted by companies and governments, gaps remain – primarily due to a lack of coordination, a skilled workforce and collaboration among defenders.
Cybercriminals Team Up – So Should We
Cybercriminals have the greatest advantage of collaboration. They form intricate networks that facilitate tool, tactics and data exchange. They also coordinate attacks, maximizing their impact and reach. To counter this, the cybersecurity community – cybersecurity professionals, security experts, and organizations – must unite and fight back with equal resolve.
1. Sharing Threat Intelligence
A crucial component of defense is real-time threat intelligence sharing. Attackers gain an advantage not by keeping their tactics secret, but by openly sharing intelligence across sectors and organizations. Defenders can use this approach to stay ahead of the curve.
Platforms such as Information Sharing and Analysis Centers, or ISACs, and the Cyber Threat Alliance facilitate this by enabling the exchange of information on emerging threats, vulnerabilities and attack techniques. When one company detects a sophisticated phishing campaign or malware strain, they can immediately share it with others. This allows organizations to bolster their defenses before they are targeted.
Using AI, these intelligence-sharing platforms can be enhanced with automated threat detection. AI tools can sift through vast amounts of data, identify patterns and quickly disseminate insights, providing organizations with early warning systems. For instance, MITRE ATT&CK, which catalogs adversary tactics, techniques and procedures, enables AI systems to track, predict and counter potential attacks across sectors.
2. Using AI in Cyberdefense
While cybercriminals increasingly deploy AI to automate attacks, defenders must use the same technology to their advantage. AI-driven cybersecurity solutions detect and respond to threats faster than human teams in several respects:
- AI-enhanced monitoring systems can analyze network traffic and identify suspicious behavior, isolating potential breaches before they escalate.
- Machine learning algorithms can detect abnormal user behavior, flag insider threats or compromised credentials.
- Automated response systems powered by AI can shut down malicious activities in real time, without human intervention.
By collaborating on the development of open-source AI security tools, cybersecurity professionals can pool their expertise and create powerful defenses that benefit the broader cybersecurity community. Platforms like Snort – for intrusion detection – and Zeek – formerly Bro, for network monitoring – are examples of collaborative tools that when integrated with AI, could further strengthen defense systems.
3. Closing the Cybersecurity Skills Gap
One of the greatest challenges in cybersecurity is the skills shortage. With an estimated 3.5 million unfilled jobs by 2025, the closing the skills gap will require collaboration between governments, academic institutions and the private sector.
AI-powered training platforms can fill this gap by offering personalized, adaptive learning experiences. By simulating real-world attack scenarios, AI can train the next generation of cybersecurity experts, helping them develop critical skills in incident response, ethical hacking and security operations. AI also can identify weaknesses in trainees and adapt the learning process to ensure they are equipped to handle evolving threats.
Capture-the-flag competitions in which teams solve simulated cybersecurity challenges, also offer real-world experience and training. Collaborating across sectors, companies can offer incentives for students and professionals to attend these events, closing the gap between academia and industry.
4. Global Cooperation and Public-Private Partnerships
To combat cybercrime, global cooperation is essential. Cybercriminals operate across borders, making international collaboration between governments, law enforcement and the private sector critical. A recent example is the dismantling of the Emotet botnet, which involved coordinated efforts by multiple countries and companies to take down one of the most dangerous malware infrastructures in the world.
Public-private partnerships must also be used to protect critical infrastructure. Governments and industry leaders should collaborate on creating national cybersecurity frameworks – such as NIST in the U.S., ISO 27000 or COBIT internationally or adapt one that is best suited for you that provide clear guidelines for protecting critical sectors such as healthcare, energy and finance.
5. Collaborative Bug Bounty Programs
Cybersecurity professionals can significantly contribute by identifying vulnerabilities before they are exploited. Bug bounty programs incentivize ethical hackers to find and report security flaws, preventing potential breaches. Collaborative platforms such as HackerOne and Bugcrowd have allowed organizations to crowdsource security, improving their defenses by using the global cybersecurity community.
Integrating AI-based vulnerability scanning into these programs can accelerate vulnerability discovery. AI can perform constant security assessments, flagging potential exploits for further investigation by human experts.
Collaborative Strategies for Fighting Cybercrime
- Build threat intelligence sharing networks: Organizations need to join formal intelligence-sharing networks, such as ISACs and CTAs, to rapidly exchange information on threats. AI tools should enhance these efforts by processing and sharing data in real time.
- Global cooperation: Cybercriminals operate internationally, so defending against them requires global collaboration. Governments, private companies and law enforcement must work together to dismantle criminal networks.
- Foster public-private partnerships: Governments and industries must collaborate more closely to secure critical infrastructure, develop AI-driven defenses and share threat intelligence.
- Invest in cybersecurity education and AI training platforms: Closing the skills gap requires investment in cybersecurity education. AI-powered training platforms can enhance learning, while the public and private sectors collaborate to offer hands-on experience through programs like CTF competitions.
- Utilize AI for detection, response and prevention: AI-driven monitoring systems and automated response platforms should be widely adopted to detect and neutralize threats in real time. Collaboration between companies and AI developers will be crucial to staying ahead of cyber criminals.
Are We Sinking or Swimming?
Despite increasing cyberthreats, the answer to whether we are winning or sinking deeper lies in collaboration. Cybercriminals are teaming up, pooling resources and launching sophisticated attacks. Cybersecurity professionals, security experts and organizations must do the same, combining forces to share knowledge, develop new technologies and close the skills gap.
The use of AI in cyberdefense provides a crucial advantage, helping us detect and respond to threats faster than ever before. But technology alone won’t win the war. Collaboration across sectors, industries and countries is essential to building a resilient defense system. By working together, we can prevent the world from sinking into chaos of unchecked cybercrime, ensuring a secure and prosperous digital future.
CyberEdBoard is ISMG’s premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community – CyberEdBoard.io.
Shervin Evans has extensive experience in risk management, compliance, system/network design and crafting robust security strategies. Before Deltec, he played pivotal roles in renowned financial services firms and multinational corporations, enhancing protection for critical assets and sensitive data. He specializes in areas such as cloud security, threat intelligence, SOC implementation, regulatory framework and incident response.