Cybersecurity

How hackers can help in the fight against cyber crime

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news.

How can businesses find people capable of tackling cyber crime? Image: REUTERS/Pawel Kopczynski

Derek Klobucher
Moderator of SAP Business Trends, SAP

The FBI recently cracked a terrorist’s iPhone without Apple, but it still had outside help. And the U.S. government is teaming up with others all over to fight cybercrime.

In addition to the Defense Department recruiting the most tech-savvy Americans earlier this month, the FBI last week urged security experts and businesses to inform the agency if they’re attacked, especially by ransomware.

Security professionals say how confident they are in their company's detection and response ability.
Image: Quartz

This malicious software encrypts data on internal computer systems, in effect holding it hostage until hackers receive a ransom in exchange for a decryption key, as The Hill noted on Tuesday. Law enforcement often tells victims to “just pay the ransom,” which helps fuel an almost $1 billion-per-year ransomware industry.

“The sectors hardest hit by ransomware include industries that rely on computer access for performing critical functions, such as healthcare and law enforcement,” Reuters stated on Monday. “Friday’s FBI alert was focused on ransomware known as MSIL/Samas.A, which the agency said seeks to encrypt data on entire networks, an alarming change because typically, ransomware has sought to encrypt data one computer at a time.”

Holding Your Banking Data for Ransom

“Financial institutions are likely the next major sector to be targeted by ransomware, if their systems have not been infected already,” according to a report by the Institute for Critical Infrastructure Technology. “Law enforcement has neither the time nor the resources to track down the culprits.”

Recent regulatory efforts, such as Basel III’s new data storage requirements for financial institutions, are decent, but they don’t change the fact that governments and businesses don’t have enough trained people dedicated to fighting cybercrime. So some organizations are crafting cutting-edge alliances.

“Outgunned and sometimes outfoxed by criminals, security companies are urgently trying to add skilled staff,” Inside Bay Area stated last week. “And [they] are cooperating -- instead of competing -- to counter attackers.”

Training Future Hackers

These security companies are teaming with universities around the world to help prepare students for the 1 million or so unfilled cybersecurity jobs worldwide, Inside Bay Area noted. A Silicon Valley firm is leading the charge to combat cyber-threats, such as theft, data piracy and ransomware, in part because about 200,000 (one-fifth) of those vacancies are in the U.S.

That may be an uphill battle, with government and media sources often portraying hackers as the bad guys, according to The Wall Street Journal last weekend. An op-ed calling hackers “a valuable asset to society and national security” also says that negative stigma discourages people from seeking careers in cybersecurity, leading to a shortage of professionals in that field.

But some organizations have already embraced outside hackers.

Bug Bounty Hunters

Uber is building its cybersecurity apparatus the same way it amassed its legion of freelance drivers, the online transportation network company announced last week. Uber will pay its hacker allies up to $10,000 ferret out malicious code, hackable bugs and the like from its apps and Web site.

“Uber ... has gone a step further than older programs run by Google, Facebook and Microsoft,” WIRED stated last week. “It’s trying out a bug bounty ‘loyalty system’ that gives hackers bonuses for repeated bug discoveries in Uber’s platform.”

Handing out “treasure maps” to your Web site’s weaknesses may seem strange. But it’s surely preferable to the horde of unknown hackers now clamoring to defeat the iPhone’s encryption, following the FBI’s success with a San Bernardino shooter’s smartphone.

And bug bounties might be your best bet.

Partners in Cybercrime Fighting

“The idea of a bug bounty is that you’re engaging the entire global community to ... find flaws so that we can fix the system and make it better for everyone,” Wickr co-founder Nico Sell told All Things Considered on Tuesday. “This is something that many technology companies do.”

In a similar spirit of collaboration, the U.S. Department of Homeland Security this month started sharing information about new digital threats with private businesses and others. The voluntary program encourages participants to share information about how they were hacked -- details they would normally keep under wraps -- in order to help others detect and defend against similar attacks.

But the U.S. Department of Justice isn’t sharing any information with Apple about how the FBI broke into an iPhone, perhaps because of the bitter legal battle that preceded the hack. So, for now, Apple seems to be on its own to figure out what happened -- and how to prevent others from doing the same.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Data Science

Related topics:
CybersecurityResilience, Peace and Security
Share:
The Big Picture
Explore and monitor how Data Science is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum