Stronger Together: How Industry and Law Enforcement Can Fight Global Cybercrime

Overcoming Barriers to Effective Collaboration

During the two-day event, I joined a panel of fellow experts from across the cybersecurity, legal, and financial services sectors, respectively, to discuss ways in which industry and law enforcement can more effectively collaborate in the fight against cybercrime.

All panelists shared insights and stories regarding their experiences working with law enforcement, and their stories echoed a similar sentiment: Effective information sharing requires clear communication and well-defined parameters from both sides. Another common theme that emerged during the conversation was that requests are often either too broad or lack specific detail, which makes it challenging to collaborate and provide the needed information in a timely fashion.

Event participants emphasized a strong commitment to supporting law enforcement efforts and were enthusiastic about the idea of streamlining processes in a way that would benefit both parties. There was collective agreement that establishing clearer guidelines and more focused requests would significantly enhance the efficiency of these data sharing partnerships, ultimately reducing processing time and improving outcomes for cyber defenders.

At the conclusion of the discussion, the panelists and attendees identified three key challenges that industry and law enforcement regularly face when working together to fight adversaries, along with initial solutions for overcoming these barriers.

Streamlining Communication Channels

One major challenge we identified during the discussion is an overreliance on commodity messaging tools, such as instant messaging and chat room applications, used by organizations worldwide. Due to the proliferation of communication apps available on both mobile and desktop devices, we talked about how a simple phone call or email is usually the most effective, as these are typically the professional communication channels that individuals engage with most.

Embracing Periodic Updates for Greater Visibility and Better Outcomes

Ongoing communication between industry and law enforcement is paramount to collaboration. In addition to identifying the appropriate communication channels, we discussed the importance of frequent check ins-even if those updates merely involve letting the other party know they've received information, or that they have no current updates and are still investigating. These simple touch points offer a valuable way to keep the lines of communication open and strengthen the relationship.

Establishing Common Communication Frameworks

Finally, panelists discussed the benefits of bringing those with a vested interest in disrupting cybercrime under a single "communication umbrella." We talked about a scenario in which the entity that is conducting the investigation could serve as "air traffic control," bringing all stakeholders together as a group to articulate the agenda and goals, coordinate information sharing, and delegate tasks.

Additionally, we offered ideas for specific nomenclature that law enforcement and industry could use to streamline requests for information (RFIs). For example, instead of saying, "Please provide as much detail as possible for known cybercrime related campaigns in Eastern Europe," law enforcement agencies might specifically ask for indicators of compromise (IoCs) such as timestamps, usernames, URLs, and IP addresses related to threat actors involved in a specific type of cybercrime in a specific region or country. More specific requests enable cyber defenders to provide actionable information that better supports law enforcement agencies in accomplishing their goals.

Building Bridges to More Effectively Fight Our Adversaries

With the proliferation of cyberattacks and the threat landscape constantly changing that have been reported - moving from cyberpunks and script kiddies to transnational organized cybercrime syndicates with capabilities previously only available to advanced cyber actors - the next five years will inevitably produce a few surprises, yet the tools we use in the fight against cybercrime will largely remain the same. We foresee malicious actors will advance their efforts, and social engineering scams will continue to proliferate, especially as cybercriminals use AI to make these kinds of attacks more convincing. And let's not forget about various malware and ransomware strains, which are now increasingly being offered as services for sale on the dark web.

If there is money to be made, an attacker will find an opportunity to capitalize on it. For cyber defenders and law enforcement agencies, the continued adversarial shifts mean that we'll collectively need to determine how to manage and share threat intelligence in a more streamlined and sophisticated way to continue to advance our own efforts and effectively disrupt the cyberattacks of tomorrow.