If we fight cyberattacks alone, we’re doomed to fail

If we fight cyberattacks alone, we’re doomed to fail

By: Eugene Kaspersky

Taken from: The Guardian

The safety of our online lives has become increasingly important. Whether it be interference in elections, attacks by hostile forces, or online fraud, the security of the web feels fragile. Cybersecurity has reached a crossroads and we need to decide where it goes next. The outcome will touch each of us – will we pay more and yet still be less safe? Will we face higher insurance premiums and bank charges to cover the rising number of cyber-incidents? We stand in the middle of a storm – not just a geopolitical one, but a cyberpolitical one. It feels as if no one trusts anyone any more, and suspicion and confusion reign across our delicate cyberworld. Which way do we turn?

As in many classic tales, there are two roads ahead. In one direction lies “Balkanisation”: the fragmentation and isolation of an industry. Balkanisation is a natural response to fear and mistrust; when we’re scared we go home and lock the doors. But for cybersecurity, Balkanisation means growing political intervention and a breakdown of international projects and cooperation. This could leave every country effectively facing global cyberthreats on its own. For consumers it could mean higher costs as businesses seek to recoup money lost to cybercrime, as well as reduced protection because competition and choice are restricted.

In the other direction lies collaboration and shared intelligence, cooperation between national police forces and cybersecurity companies, and joint investigations: a united community against cyberthreats that know no borders. This open landscape fosters a vibrant, competitive cybersecurity industry that leads to better technologies and stronger protection for all.

We at Kaspersky Lab (my cybersecurity and antivirus firm) are not alone in calling for a return to collaboration. At the RSA conference – a cybersecurity get-together – Marc van Zadelhoff of IBM said: “Tackling the challenges of cybersecurity requires bold action that can’t be done by one company alone”, while Rohit Ghai of RSA affirmed: “We need collaboration – between internal teams, but also with people outside [our own organisations]”, and the mission statement for the new Cybersecurity Tech Accord says: “We will work with each other and will establish formal and informal partnerships … to improve technical collaboration, coordinated vulnerability disclosure, and threat sharing.” I could not agree more. The evolving landscape makes the isolation and fragmentation of cybersecurity not just a bad idea, but possibly a fatal one.

Online threats are increasing in sophistication and severity. We currently track more than 100 major threat actors, most of which are spy groups with vast arsenals of tools and techniques designed to gather intelligence. Our colleagues in other security companies do the same. We research and fight dozens of targeted attacks in many different languages – English, Russian, Korean, Chinese, Spanish, Italian, Arabic, and more. These threats don’t target just government organisations and infrastructure, but their supply chains, other organisations and even individuals. Some victims are targeted directly, others are collateral damage.

 Nations naturally want to protect their citizens, businesses and increasingly connected infrastructure and industries from these threats. And the easiest way to do that is by shutting the door. The easiest, the simplest – but also the least effective.

 The trend of “closing doors” is very real: our industry faces being broken up into units separated by geopolitical and regulatory barriers. State regulation is on the rise, creating additional barriers for companies such as ours, making it harder, or even impossible, to protect citizens and businesses, no matter how much we want to. In the last few years, stringent new requirements have been introduced in the European Union, the UK, the US, Russia, Germany, Singapore and China, among others. Strict regulation can lead to protectionism, making it more difficult for companies to operate in other countries. It also leads to the arming of cyberspace. Over 30 countries have already announced that they have military cyber-divisions, and the actual figure is probably higher. Cyberspace is being militarised at a terrifying rate.

What does that mean for us? Apart from the usual disadvantages of militarisation, such as higher taxes and greater uncertainty, there is one more: sooner or later, cyberweapons end up in the hands of the bad guys. It’s hard to steal and launch a missile, but the opposite is true of cyberweapons. Look no further than the malicious tool EternalBlue. Allegedly created by a nation state to take advantage of an unpublished software vulnerability, EternalBlue was revealed online in April 2017. The tool was almost immediately seized upon by other attackers. It was integrated into the notorious WannaCry ransomware one month later and went on to become the most used “exploit” of 2017. There are other similar examples.

 The way to tackle this is through cooperation, not isolation. Cybersecurity companies want to and must collaborate. To state the obvious: there are no borders online, so it’s hardly surprising that cyberthreats are borderless too. Fragmentation disrupts our combined ability to fight back against this. We can’t turn the clock back, but I’m fairly optimistic. Yes, the online world has grown dark in places, but we have the power to turn the lights back on: to become more transparent and to give people proof that they can trust the cybersecurity industry. We’ve started already: through our “global transparency initiative”. Along with other cybersecurity colleagues, we’ll continue to push for open collaboration and open doors: saving the cyberworld – one change at a time.