Why collaboration is key to disrupting the economics of cybercrime

Businesses worldwide are embracing digital evolution. Yet cybersecurity implications inevitably emerge as technologies evolve and push us into a new era of connectivity.

Adopting new technologies, devices and platforms increases potential points of compromise, widening an organization's attack surface. Having more digital systems to configure, integrate and manage leads to greater complexity and an increased likelihood of error.

And more systems mean more data is being collected, stored and analyzed, which creates new risks. Given the myriad of changes organizations face, it’s no surprise that 87% of enterprises report experiencing at least one breach in 2023.

Meanwhile, cybercriminals are expanding collaborative efforts within their ecosystem as they look to exploit and capitalize on weaknesses in organizations and their targets.

As the threat landscape continues to evolve and malicious actors harness new technologies like artificial intelligence (AI) to increase the volume and velocity of the threats they deploy, they have effectively built a resilient and profitable ecosystem that continues to elevate risk to businesses and critical infrastructure.

This evolution presents a very real challenge for defenders everywhere, creating a situation that is exceedingly difficult to course-correct.

As the state of cybersecurity continually shifts, one thing is clear: no single organization alone can effectively disrupt cybercrime. By working together and sharing intelligence across industries and borders, we’re collectively better positioned to fight against adversaries.

Public-private collaborations like the World Economic Forum’s Cybercrime Atlas project offer us vital insights and a practical, scalable partnership model.

The Cybercrime Atlas, which has been in operation for one year, is a collaborative effort to build an action-oriented, global knowledge base​ on cybercrime to support the mitigation and disruption of adversary activities.

Building on expertise from the Forum’s Partnership Against Cybercrime, the initiative is developing a comprehensive picture of the cybercrime landscape that details criminal operations, shared infrastructure and networks, all of which helps law enforcement and government agencies take down global cybercrime groups and their infrastructure.

When an organization suffers a breach, the impacts are often far-reaching and time-consuming to remedy. The time between vulnerability discovery and exploitation is also shrinking, with bad actors exploiting new vulnerabilities in under five days – 43% faster than before.

First, remediating cyber incidents frequently requires an extraordinary amount of time and money. More than 60% of leaders said it took longer than a month to recover from a cyberattack, and 53% indicated that breaches cost their enterprise more than $1 million in lost revenue, fines and other expenses.

In addition, board members and executives are increasingly being held accountable when breaches happen, with 34% receiving financial penalties.

Many organizations do not have the necessary resources to protect a growing attack surface against an increasingly sophisticated threat landscape. Leaders say the following attributes contribute to breaches: an IT and security staff without the appropriate skills and training (58%), a lack of general cyber awareness among employees (56%) and a lack of cybersecurity products (54%).

When faced with an increasing number of cyberattacks, many organizations think in terms of what additional security tools they need.

However, building alliances is one of the most effective – and frequently overlooked –actions organizations can take to address the urgent challenge of cybersecurity and combat cybercriminals.

Building relationships and exchanging information fosters trust, and when public and private institutions have more trust in one another, more intelligence can be shared in an effort to not just keep pace with but also stay ahead of cyber threats.

Looking ahead, adversaries will embrace bigger and bolder attacks, adding new tactics to their toolboxes, setting their sights on fresh targets and launching meticulously planned attacks crafted to fool even the most savvy end-user.

Threat actors will continually advance their efforts, making it essential that organizations adjust accordingly, taking a comprehensive and collaborative approach to risk management.

As the saying goes: “Change starts from within.” Every enterprise needs to first strengthen its own cyber resilience through efforts like building a culture of cybersecurity, identifying ways and implementing programmes to shrink the cyber skills gap and dismantling internal silos to increase cross-department collaboration related to cybersecurity.

Embracing these shifts enhances the organization’s security posture and is the first step to the entity being able to more effectively collaborate in the larger fight against cybercrime.

Then, the way forward is systemic disruption of this ecosystem.

To address the industry's challenges with disruption, broad and collaborative efforts, including the World Economic Forum Cybercrime Atlas initiative, are in motion and are already gaining traction to disrupt these criminal ecosystems systemically at scale.

The Cybercrime Atlas, which became operational earlier this year, was created to build a shared knowledge base to disrupt cybercrime. This collective disruptive force of education, resilience and law enforcement offers the way forward to start minimizing risk to business and disrupting the very economy that is fuelling the campaigns from the adversary.

The atlas is also a source for evidence-based recommendations to shape improvements to public policy and practical guidance to enhance operational collaborations that counter cybercrime. This will make the internet a higher risk environment for cybercriminals.

Effective partnerships can help us identify choke points on the attacker chess board, finding opportunities to meaningfully disrupt cybercrime operations. But what makes these partnerships successful, and how can we emulate existing successful collaborations?

To expand on and introduce new collaborative efforts, we must examine common traits of existing effective partnerships and frameworks and apply those to future work.

The World Economic Forum’s Centre for Cybersecurity recently released its Disrupting Cybercrime Networks collaboration framework, which articulates three core pillars of collaboration relating to anti-cybercrime efforts.

First, organizations must have an incentive to participate, such as a clear mission and impact. Next, the effort must have a solid governance structure. Finally, having the proper resources – ranging from common taxonomies and data normalization practices to technology and people – to set up, maintain and accelerate the partnership is paramount.

The first year of the Cybercrime Atlas initiative also offers us a roadmap for the systemic disruption of cybercrime, as detailed in the group's impact report.

During this time, Cybercrime Atlas contributors shared more than 10,000 community-vetted and actionable data points, created seven comprehensive intelligence packages on emerging threats to distribute broadly to law enforcement agencies and supported two cross-border cybercrime disruption efforts.

Knowing that there are inherent hurdles often associated with threat intelligence sharing, the Cybercrime Atlas group made deliberate decisions to remove those barriers to facilitate the exchange of insights.

For example, Cybercrime Atlas relies strictly on open-source intelligence, eliminating privacy concerns and facilitating frictionless information sharing. The group draws expertise from defenders worldwide and targets cybercrime globally, as most cybercrime groups are transnational and have multiple operation centres.

Finally, the Cybercrime Atlas research findings pinpoint where threat actors and their operations are the most vulnerable, which paves the way for domain takedowns, communications account closures, crypto wallet seizures and more.

Collaborative efforts to disrupt cybercrime will only become more critical as the threat landscape intensifies.

Effectively halting cybercrime requires a global and collaborative approach. By embracing best practices and proven frameworks for anti-adversary partnerships, we can jump-start new and enhance existing initiatives, collectively creating a safer digital world for all.