8 reasons why we should learn from cyber criminals
National strategies on cyber defense are discussed more actively than ever before. Representatives from politics, business, and research are discussing practicable methods and strategies for effectively protecting our society from cyberspace threats. The scope is ever growing and includes industrial IT systems, public authorities and private individuals, critical infrastructures such as hospitals, power and water supply, as well as autonomous vehicles and medical equipment for private.
It’s well known that our IT systems are vulnerable, manipulable, or simply hackable from a distance. So what is the reason it feels like we’re left miles behind the attackers? Or more importantly: how can we use the advantage of the attackers to our advantage and learn from it? Where can the attackers set an example for us?
First, cybercriminals are far more cautious than the majority of us. There is good reason for this: mistakes made by criminals are increasingly ending up in jail and must therefore be avoided at all cost. The awareness of not allowing oneself to make a mistake under any circumstances must manifest itself in our patterns of action in digital space. In every one of us. Do I really never enter my password in the wrong place? Should I really click on the link?
Cybercriminals are more persistent in their attacks than we are in our defense. Attack strategies are more sophisticated and better planned than defense strategies. If an attack does not work the first time, a new attempt is made. The same must apply to defense. Day after day, hour after hour, we must be vigilant and protect ourselves. If manage to beat an attacker in one attempt, we must not become negligent.
Attackers from cyberspace are always technologically up-to-date. Dedicated high-performance hardware, specially developed attack tools, state-of-the-art cloud architectures, and last but not least, the very latest vulnerabilities (0-day exploits) are used by most attackers. Why not consistently by us? We should counter the latest vulnerabilities with comprehensive protection mechanisms and threat intelligence.
Attackers are better organized than we are. In closed discussion forums on the darknet, attackers worldwide coordinate to the latest trends and attack vectors. They exchange experiences and consult within seconds. Companies, organizations, and individuals should also organize themselves better and actively seek contact with each other — not just when an attack is underway. But preventively in advance, during an attack and during the analysis afterwards. In Switzerland, the confederation, the cantons, industry, research, and private individuals should cooperate more closely and fight attacks together. An international exchange should not be withheld from the attackers.
Fifth: Attackers do not fall by the wayside; they are constantly training themselves. The educational offer is huge and is a prerequisite for long-term development. This does not apply to the dark side, but also to the vast majority of those who are exposed to risks on a daily basis and have a high need for protection. That is for each of us. In addition to the nation-wide training of the population, more cyber experts need to be trained who can meet the international attackers at eye level. Switzerland already has an efficient network that can serve as a basis, but still has great potential for expansion.
Sixth: Many attackers strive for media presence, we shy away from the media when it comes to attacks. What was regarded as fame in the early script kiddies is now also attributed to larger criminal actors. An attack is successful if it receives a lot of media presence. Let us take up this thought and speak more openly about attacks that have taken place. We should publish attacks that have taken place, talk openly about them, and learn together from mistakes and successful prevention practices. We can only learn from our mistakes.
Seventh, cybercriminals make large scale investments. The black market for zero-day exploits is growing strongly. Detecting and selling security vulnerabilities is a very lucrative business. The market for security software is growing too, but it is growing slowly and miserably compared to the marketplace on the darknet. Above all, politicians and companies should massively increase their budget for investments in Cyber Defense in order to reap the rewards later. The damage will be smaller in the future if more is already being invested today. In software, infrastructure, and awareness.
Finally, cybercrime lives a high degree of innovation and regularly reinvents itself. Today, ATMs are not blown up, they are outwitted — often without leaving a trace (jackpotting attacks). Endoscopes, cameras, tiny keyboards, etc. are used. If the defenders’ side were just as innovative, the attackers would certainly be less successful. The same applies to modern technologies such as the use of artificial intelligence. Here, too, we are dependent on cutting-edge research, which not only offers results but also incentives for companies to establish themselves in attractive environments. Only then will we succeed in bringing innovation to our society so that we no longer have to rely on vulnerable processors from abroad.
There’s a lot to be done. Let’s do it. Start today.
Disclaimer: the article is a cross-post to this article.