Davos panorama picture

How knowledge can beat the threat of cybercrime

Mark Fox, CEO, Zonic Group

At last week’s World Economic Forum get together in the ski resort of Davos, cybersecurity was front of mind for many delegates. All were agreed that the fight against cybercriminal activities is too often uncoordinated and fragmented.


Stakeholders in the cybersecurity space, whether at governmental level, from the world of enterprise or from the technology development community, were eager to hear what progress had been made on a global cyber initiative launched at last year’s event. In January 2023, the Forum’s Partnership Against Cybercrime members debuted the Cybercrime Atlas, offering the good guys a better way to map and understand the cybercriminal ecosystem.


For the last 12 months the initiative has provided a platform for cybercrime investigators, national and international law enforcement agencies, and global businesses to share knowledge and generate policy recommendations to fight cyber threats. It’s proved an effective way to narrow the space in which cybercriminals operate, offering insights into the criminal habitat showing how the criminal ecosystem creates dependencies across different types of activity.


The Atlas is backed by a number of institutions, including Banco Santander, Fortinet, Microsoft and Paypal. Partners such as Forum Global Innovators ShadowDragon and SpyCloud also provide tools and systems. Other organizations have also supported the initiative through in-kind donations of time, expertise and capabilities. Their joint efforts have seen the sharing of unique and actionable information with the World Economic Forum’s partners in international law enforcement. The mission for 2024 is to accelerate the work of the Atlas and scale up its impact.


“The Cybercrime Atlas is a collaborative research initiative that gathers and collates information about the cybercriminal ecosystem and major threat actors operating today,” noted Jeremy Jurgens, Managing Director of the World Economic Forum, speaking last week. “The insights generated will help promote opportunities for greater cooperation between the private sector and law enforcement to address cybercrime.”


He explained how the Atlas acts as a database about cybercrime that partners can draw from. Correlations and analysis of multiple sources can provide vital insights to support the steady erosion of cybercriminal capabilities with the resulting collaboration providing the groundwork for more impactful actions. To support collaboration between members, the Atlas focuses on building a shared knowledge base, beginning with open-source research and publicly available materials that are a launch pad for understanding the entirety of the criminal ecosystem.


“To mitigate and disrupt global cybercrime in today’s interconnected world, we need robust platforms to share intelligence and facilitate more meaningful institutional collaboration,” commented Assaf Keren, Chief Information Security Officer and Vice-President, Enterprise Cyber Security with PayPal at this year’s Davos. “The Cybercrime Atlas represents a key next step in this work and an opportunity to unite global businesses, law enforcement and experts around concrete opportunities to protect the world’s citizens and their safety.”


Perhaps what is most encouraging about the initiative is showing how joint action can yield great results. Providing visibility is always going to be a critical first step in efforts to help disrupt cybercriminal ecosystems and infrastructure. Enhanced visibility will assist in more successful cybercrime investigations, takedowns, prosecutions and convictions.


Forewarned is forearmed

Success in cybersecurity is also about being forewarned and prepared for what is coming down the track. Those seeking insights here could do worse than to check out a brand new report from crowdsourced cybersecurity platform Bugcrowd. Titled ‘Inside the Platform: Bugcrowd’s Vulnerability Trends Report’, it highlights the security weaknesses that are most on the rise today, according to global hackers. Bugcrowd works by unleashing the collective ingenuity of the hacking community to better uncover and mitigate risks across applications, systems, and infrastructure.


According to hackers, the last 12 months have seen a 30% increase in Web submissions created on the platform compared to 2022, as well as an 18% increase in API submissions, a 21% increase in Android submissions, and a 17% increase in iOS submissions.


“This report offers critical context, insights, and opportunities for security leaders looking for new information to bolster their risk profiles,” said Nick McKenzie, Chief Information & Security Officer of Bugcrowd. “Looking ahead, we can use insights from this report in conjunction with other key learnings to predict what is coming next.”


Nick McKenzie, Chief Information & Security Officer of Bugcrowd


McKenzie predicts that in 2024, threat actors will use adversarial AI to speed up enterprise attacks – creating more noise for defenders, not necessarily smarter attacks. In addition, and off the back of continued attacks in this space, he says that getting quality insights, coverage and continuous assurance in supply chain security, third-party risk, and inventory management processes will become increasingly important areas for security leaders.


He advises against underestimating the ‘human risk factor’ whereby risks come from malicious insiders and misguided employees who fall prey to social engineering attacks. He suggests that organizations more broadly adopt the crowdsourcing of human intelligence to continuously weed out unique or previously unidentified vulnerabilities that smaller, less diverse, budget, or talent strapped teams just can’t.


Cybercrime impacts everyone, from individuals to global corporations, and affects critical infrastructures and governments. It causes immense, though not always visible, damage to economies and societies. It drastically undermines the benefits of the Fourth Industrial Revolution, increases inequality and hinders international cyber stability efforts. But with platforms like Bugcrowd and the backing of the best of Davos attendees, there is hope for a safer and more secure future.


By Mark Fox, CEO, Zonic Group


Share this article

You might also like

Share this article