Motive – Opportunity – Impunity: without breaking this cycle in the global private and public sectors cooperation, there’ll be no end to cybercrime nor to politically motivated hacks.
Money. That’s what’s directly behind the majority of cyber attacks today. Another much less frequent but very dangerous motive is politics with state actors seeking influence or leverage over competing nations. Making ransom payments illegal is the first step to breaking the Motive part of the cycle.
That’s what we create for threat actors to target. Unpatched vulnerabilities, poor IT hygiene, understaffing on the defenders side, gaps in security monitoring. It must not be easier to pay the ransom than to run a strategic cybersecurity program. Buying cyber-insurance is not a substitute of a cybersecurity program. It can’t happen that critical infrastructure operator has 2 people responsible for both IT and security. State actors may afford to run unprofitable operations but cybercrime can’t. Costs of compromising organizations defenses must become higher than potential gains.
Cybercrime actors have every reason to feel tolerated or even protected by the governments of countries where they reside. Some are known to take precautions not to target their hosts. Anonymity provided by cryptocurrencies doesn’t help either. State adversaries become increasingly more insolent as even after attribution no repercussions follow. There are plenty of playbooks for traditional conflicts but it seems there are few for cyber.
Law makers around the world have a huge role to play in breaking that cycle and they need to seek private sector cooperation to succeed. But starting today every organization private or public can do a lot to get the Opportunity part out of the window.