How do we beat COVID-19 cybercrime? By working together

Cybercrime is a major threat to global prosperity. Even now, in the midst of the worst public health crisis in a century, the cybercriminals just keep at it.

Global COVID-19 campaigns include lures themed on regional health authority impersonations, fake vaccination information, purchase or delivery of personal protective equipment (PPE), employee targets spoofed from HR, medical and pharmaceutical supplies, and even false job promises.

This should not come as a surprise. Cybercriminals have proven highly adept at exploiting a crisis or global event, and a digital ecosystem where the risk of getting caught remains very low and the potential returns are very high. Moreover, the profits from these malicious activities allow for continuous improvement in capabilities that often surpass the intensive cybersecurity investments made by government or corporate victims.

As argued in a previous Agenda article, we must confront cybercrime at its source to systemically reduce its global impact. An effective response to cybercrime requires exploring many possible courses of action and taking the interests of both the public and private sectors into account. Further, an optimal plan of action should leverage the expertise of both public and private sectors.

Designing and implementing such responses requires creativity in the conceptualisation and implementation of collaborative actions. We need to quickly disrupt cybercriminal infrastructures and services in ways that raise the cost to criminal actors, in a coordinated effort. And, where possible we need to attribute and prosecute cybercrime to raise the risk to criminal actors and offer justice to victims. This ultimately slows the adversary in their tracks; agility is often a luxury they enjoy.

Unlike other criminal areas, the private sector often has superior access to technical information and the capacity to identify, track and analyse cybercriminal infrastructures and services. This capability gives the private sector the ability not only to uncover criminal activities, but also to undertake targeted, disruptive actions by dismantling the criminals' infrastructure. However, these capabilities have limits and only governments have the legal authority to prosecute cybercriminals and impose penalties. Thus neither the private nor the public sectors have sufficient capabilities reduce the global impact of cybercrime on their own.

Given the limitations on each sector, the only way to achieve the goal of reducing global cybercrime is through public-private cooperation. To this end, The World Economic Forum's Partnership Against Cybercrime initiative launched in April 2020 with the mission to explore ways to amplify public-private collaboration, improve the effectiveness of cybercrime investigations, and enhance the potential of disruptive actions against cybercriminal infrastructures. The initiative includes around 50 representatives from cyber-related service and platform providers, multinational financial organizations, government agencies, international organizations and leading non-for-profit alliances.

The initiative’s working group has highlighted four factors that enable sustainable, repeatable and effective cooperation. Firstly, while the end goal of cooperation serves a greater good, any collaboration must take into account the respective interests and missions of the participants. This consideration does not mean that the return on investment has to be immediate or direct, but ultimately all participants must derive value from the cooperation. For those who share the vision and values, this return could be achieved through simple steps like public recognition and bidirectional feedback. This allows for further enhancement of the sharing model as time progresses.

The second factor is trust. Trust is the scaffolding that enables collaborative groups to function. As a result, trust-building behaviours are an important dimension in the discussion. Ensuring transparency, promoting equity and fairness, making voluntary sharing the default option, and favouring joint decision-making are some of the ways to build trust over the long-term. Concerns and challenges, such as consumers’ privacy or geopolitical constraints, need to be acknowledged as well.

The third factor is strategic alignment. All operations have concrete objectives; however, the participants also need to agree on the strategic goals. All participants must understand each other’s respective needs, goals and values and continuously identify mutual ground.

The fourth factor is structure. Effective, long-term cooperation requires transparent, repeatable business rules, processes and governance. While much of the current cooperation is based on personal relationships, we need to make cooperation more systematic and durable.

Many public, private and non-profit organizations cooperate to fight cybercrime today - and yet current collaborative efforts are not sufficient. What else is required? The initiative has identified the need for a global architecture that will increase the scope, scale, speed and sustainability of public-private cooperation. Such a structure would need to support both small groups focused on concrete operations and long-term alignment, trust-building, and agenda-setting within the broader community. In addition, this global architecture should build as much as possible on the many existing cyber-related structures and initiatives, rather than adding new bodies to the already complex global cyber landscape.

One possible collaboration structure being considered by the Forum’s initiative would be to establish a loosely-coupled global alliance connected through permanent nodes and temporary threat cells. This global alliance would provide the overarching narrative and commitment, and allow for long-term dialogue to achieve strategic alignment. Permanent nodes would maintain the necessary infrastructure (technical, legal and business) over time and would provide a place for temporary threat-focused cells to work on specific operations and take action. Finally, this model also allows for a more robust and balanced model, which is essential for high availability and continued support.

The internet is built to enable collaboration – in fact, that concept drove its creation. Unfortunately, malicious actors have learned this lesson all too well and it is part of what makes them so dangerous and effective. On the defenders' side, we’ve known for a long time that we need to collaborate to combat cybercrime, but we haven’t figured out how to do so effectively. With the conceptual framework emerging from the Forum’s initiative, we now have the first step needed to make collaboration a reality.