Information Security conferences should form part of the front line when it comes to tackling cybercrime. Unless we learn to share information as an industry, we are always going to be on the back foot. I’m spending a little down time with my family after the relentless pace of the Can Sec West conference in Vancouver, where I had the pleasure of meeting folks working in threat intelligence from some of the “big names” in the industry. The research was impeccable, and the openness remarkable. From all the security researchers I met, the emphasis seemed to focus on sharing information towards building a safer Internet. That is something I will stand behind; there was no sign of political wrangling, nor should there have been. All of us want to build safe systems, and the way to do that is by sharing vulnerability information, indicators of compromise and security failures. With the arrival of IoT, so much of our physical infrastructure is vulnerable. From security software installed on machines and “helper apps” trying to keep you updated, to the very operating systems themselves, cyber criminals have a broad attack surface at which they can relentlessly pound away. It’s, therefore, hard not to get a little bit depressed, especially when you watch the video below and learn that many of the devices we use are about as secure as your car door against a plunger. So, why are information security conferences so vital? They teach humility and the importance of listening. The research provides a valuable lesson on security design and architecture, and each paper gives a whole lot of smart people the opportunity to figure out how to mitigate, fix and prevent system compromise. That’s important, but more importantly, it’s information that is shared in the community. The sharing of information, just like the sharing of a meal/beer, bonds the community together to form a collective intelligence. The friends you make, the requests you accept on LinkedIn and Twitter, add to your capability to defend your systems because you know whom to call when maybe you have a problem – and let's face it, we are all going to have problems. I talk a lot about the evolution of the cyber criminal in my presentations, and I’m almost qualified to do that. My final courses to become a Criminal Intelligence Analyst are underway, and I’ve had some training in this field. Applying a criminal profiling methodology and cybercrime scene analysis, I want to share a couple of observations and some interesting statistics. First, some stats: Adrian Leppard, Commissioner of the City of London Police, claims that around a quarter of organized crime groups in the UK are involved in financial crime. The University of Cambridge showed that 60 percent of cyber criminals had a record unrelated to cybercrime. Interesting. Almost no chance of being bitten by a dog or having to run from the police if you’re working in cybercrime. More cybercrime bad guys are getting online. So what? How dangerous is this? Ultimately, it's very dangerous, and here is why. Cybercrime is an echo system similar to the very same one that defenders like us use albeit perhaps more commercialized and far more mercenary. Knowledge transfer is occurring in the dark places of the internet, as well, making the job of us defenders harder. It’s not a great job to be in a nation state actor’s cyber warfare unit. In some countries, the pay is lousy, the hours are long, and the job is unrewarding except for an opportunity to learn and to express patriotic zeal. It’s a similar kind of learning with regards to system exploitation that unfortunately makes folks in some cases criminally entrepreneurial. In fact, many of the infiltration and exploitation techniques of Advanced Persistent Threat actors show up in common ransomware. So, communication is the key here. If we know the bad guys are talking and we are refusing to share information, then we’re going to lose. The key to success here is not forcing cooperation against the bad guys; the key is to enable cooperation, and that happens at information security conferences.
About the Author: Ian Trump, CD, CEH, CPM, BA is an ITIL certified Information Technology (IT) consultant with 20 years of experience in IT security and information technology. Ian’s broad experience on security integration projects, facilitating technological change and promoting security best practices have been embraced and endorsed by his industry peers. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. Currently, Ian is the Security Lead at LogicNow working across all lines of business to define, create and execute security solutions to promote a safe, secure Internet for Small & Medium Business world-wide. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
