Home Insights Opinion Challenging cybercrime Tackling cybercrime will require governments to look at the origins of attacks as well as the technologies to combat them, says Simone Vernacchia by Simone Vernacchia May 5, 2018 The global digital revolution has transformed culture and commerce, but also crime and conflict. Despite broad global economic optimism, PwC’s Global CEO Survey of more than a thousand CEOs released in January at Davos shows that 40 per cent of business leaders are now ‘extremely concerned’ about cyber threats – a level on a par with geopolitical uncertainty (40 per cent) and terrorism (41 per cent). Their fears are well founded. In 2016, Cybersecurity Ventures, a US research firm, predicted that cybercrime would cost the world $6 trillion annually by 2021 – with the average cost to an organisation of a data breach running to $3.6m. In 2017, the global cost of damage caused by ransomware attacks, such as the one that brought the UK’s health service to a standstill, is expected to exceed $5bn. According to our Global Analysis of Economic Crime Report, cyberattacks are now the second most reported economic felony, affecting more than 32 per cent of organisations worldwide. Despite increasing awareness of the threat by companies in the Middle East and the early adoption of effective cybercrime legislation in countries such as the UAE, a critical challenge facing all businesses around the world is to accurately identify not only how they are being attacked but also, most importantly, who is attacking them and why they are doing so. To date, most assessments focus on the targets of attacks and the way they are carried out; with very little analysis conducted on the perpetrators and their motivations – largely because it is easier to observe the consequences of cyberattacks than to attribute the sources and reasons behind them. The problem with such an approach is that it only provides part of the overall threat picture and this, in combination with how rapidly cyberattackers’ techniques are evolving and changing, too often affords incomplete information from which to determine an effective and appropriate response. The ability of governments and organisations to bring cyberattacks under control will increasingly require a comprehensive analysis of actors as well as their actions. The challenge however, is that effectively tracking the origins of attacks, and from this attributing them to a specific actor, is far from simple. In order to correctly track down the origin of a cyber security related event, attacks need to be analysed from a number of viewpoints. These include motivation – for example, whether or not a possible incentive exists for an actor to perform the attack; technical origin – such as information about the location of devices deployed or the channels required for paying a ransom; information obtained from malware – through which it may be possible to identify the coder; and an analysis of operating hours, language and tactics – which again might provide clues as to both location and identity. From these initial assessments, the next steps are to categorise the attack as best as is possible – for example crime, warfare or activist related – and from this, using all the clues available, attempt to establish responsibility. The problem however, is that attackers do their best to hide their true identity. In the event of a criminal attack, the perpetrator wants to protect himself or herself from law enforcement and prosecution. Should the attack be politically motivated, they would want to shield themselves from catastrophic, potentially military retribution. Given this, actors often leave trails of fake information in order to redirect retaliation actions elsewhere or to cover their tracks. Adding to the complexity is the recent development of a cyber black market. Here disparate hackers sell services or software tools including corporate emails, credentials, credit cards, exploits, zero-day vulnerabilities, malware and phishing kits that, when assembled, can provide all that is required for a cyberattack and will leave only dead-end clues as to ultimate responsibility. Considering the complexity surrounding tracing and attributing attacks, retaliatory options become difficult and potentially dangerous – especially when it comes to cyber warfare involving nation states. As a result, an on-going effort by both the public and private sectors to develop accurate techniques that provide as full a picture as possible is vital. Such tools may not, as yet, follow the tenets of traditional criminal justice and investigatory processes – cyberattacks and digital attribution are only in their infancy compared with physical crimes. But nonetheless, systems for cyber attribution are slowly developing, albeit understandably based around degrees of certainty rather than absolute levels. Given the pace of change and complexity of subject matter, cyberattacks can often seem a theoretical danger, but the reality is that they either have or will affect all of us. That is why we are committed to working with both public and private partners across the region to make information on these threats accessible, and prevent what can be truly disastrous impacts. Simone Vernacchia is senior director and cybersecurity and infrastructure lead at PwC Middle East 0 Comments