Why systemic intervention is key to mitigating cybercrime

From the infrastructure that powers our villages and cities and the way we do business, to the ways we communicate with each other and entertain ourselves, we all rely on the internet. But the rise in internet use has been accompanied by an equivalent rise in attacks and cybercrime.

Internet disruptions can be anything from annoying, to costly, to catastrophic. A massive data breach of background check company National Public Data in April 2024 leaked 2.9 billion US social security records, with class action lawsuits following.

The UK healthcare service was hit by two attacks in June. First, a ransomware attack against pathology services provider Synnovis caused 1,122 acute outpatient appointments and 46 elective procedures to be postponed. Then hackers stole records covering 300 million patient interactions with the National Health Service (NHS).

Back in the US in July, an AT&T hack resulted in millions of customers’ personal information, including call and text records, being leaked onto the dark web.

Such attacks affect everyone. Because of the interconnected nature of the internet, challenges that arise in one part are rarely confined, and readily affect even distant reaches of the internet.

There are several significant challenges when it comes to cybersecurity.

First, no single entity is responsible for cybersecurity or in a position to single-handedly address the growing number of online risks. As a result, despite the risk of financial losses, disrupted essential services and even death, limited progress or investment has been made toward ensuring cybersecurity for everyone.

Second, the internet connects us all in a way no other infrastructure ever has. The insecurity of the smallest entity can have a negative effect on the largest, as a compromised small business can be used to help attack a large company in multiple ways.

Third, today’s digital problems require complex solutions that require the whole community to do their respective parts. However, many stakeholders are ill-equipped to play their part. For example, ransomware is a scourge that requires action by many, but most small businesses and even some governments lack either the knowledge to mitigate cyberattacks or the funds to pay for preventative cybersecurity.

These systemic problems fuel cybercrime. Cybercrime can be highly profitable, with huge financial gains through data breaches, ransomware attacks, and scams. We need a different approach – one that ensures that anyone can play their role in securing the internet for everyone.

If you ask an average person what the internet is, they will probably list big-name tech companies like Apple, Google or Microsoft. But behind the scenes, these web giants rely on an ecosystem of nonprofit and nongovernmental organizations that build and protect key parts and functions of the internet itself.

These organizations build and protect key technical standards that make different technologies work together and distribute open-source code and tools that streamline operations, improve efficiency and enhance reliability. They work tirelessly to monitor, support, educate and protect against ever-evolving threats.

These nonprofits are linchpins in our systemic defence against cybercrime, securing key parts of the internet and vulnerable entities, identifying threats and aiding law enforcement, in some cases.

Imagine a small business. It uses code from open-source libraries like log4J or Django to create its products faster and cheaper. The staff uses open-source software like LibreOffice to keep operating costs down.

This small business uses Quad9 to block malicious websites and prevent things like malware that could cost the company millions if attacked. Its websites are encrypted with Let’s Encrypt certificates, and it gets free reports from The Shadowserver Foundation to understand and fix network vulnerabilities.

Many of the tools this small business depends on are run or supported by nonprofits. Hundreds of nonprofits maintain critical cybersecurity functions for the good of the internet and all its users, including the most vulnerable and under-resourced in our society.

They are not household names, but they are vital to a safe and functioning internet. They are often run by skeleton crews and volunteers, with razor-thin budgets that rely on donations, grants, sponsorships, and other short-term funding which could be pulled at any time.

These nonprofits work to keep people more secure online, and therefore keep cybercrime down. It’s a fragile model, and it needs our help. Communities once came together to accomplish work that was impossible to do alone: one farmer could not build a barn, but a community of farmers could do it in a day. Cybersecurity is like that now: it involves complex problems whose solutions require us all to do our part.

Common Good Cyber is a global initiative launched in 2024 to drive collective action with the goal of funding nonprofit organizations and individuals working on critical cybersecurity functions for the broader internet.

Spearheaded by the Global Cyber Alliance and driven by a secretariat of seven nonprofits, Common Good Cyber seeks to address the funding challenges faced by entities that are essential to maintaining internet security.

The initiative sees volunteers from various governments, international organizations, nonprofits, academia and industry advance Common Good Cyber by providing input, support and funding. In essence, it pools expertise and resources to fortify the foundations of the internet, working to ensure its availability and security for everyone.

The security of all of us depends on the security of any of us. Safeguarding the internet is a shared responsibility that transcends geographical and sectoral boundaries.

By funding the cybersecurity-focused nonprofits that work tirelessly to keep us secure online, together we can build and sustain a stronger internet to underpin our daily lives, drive economic prosperity and ensure global peace.

You can learn more about how to help build a stronger internet, together, at commongoodcyber.org