Threat actors are maturing, they’re growing up, if not already. However, their tactics are such, they have ‘no code of conduct’, no ‘gentlemanly behavior’. Should this rationale be the driver in combating ‘Cyber crime‘ then, ‘fight fire with fire’!
As governments of the US and UK have their security doctrines, as equally those of Russia, China and North Korea, to name but three, they too would have their respective ‘doctrines’. At this conjecture, the cyber criminals, too have their own doctrines, albeit not within the public domain.
Certainly in the west folks are aware of NATO activities; uniformed and structured, these are publicly promulgated. With the foe of KGB, including belligerents from other state powers, and many unknown. The other player now is the ‘cyber criminal’, selling their wares to the highest bidder or whatever their driver maybe.
However, nation states and the cyber underworld are fragmented, each after their own interest. Using tactics surreptitiously, unknown at this moment in time, until the strike occurs. There is no equivalent of NATO in cyber world, we have no doubt that greed prevails this occurring, but where it to prevail, remediation would be catastrophic?
In the west we’ve seen conflicts in Iraq and Afghanistan, where a uniformed presence, organized and disciplined approach. Equally the Taliban have been organized, but they’ve been content to live in caves, with their own supply routes, not uniformed, but very effective. Consideration to 9/11 is clear evidence of the attack, and its on-going impact, akin to Syria at present.
There is a structured process in basic security recruitment, checking out backgrounds, forms the underlying requirement for security, which could be enhanced as the requirement dictates. We have no doubt that the cyber fraternity, now would employ and equal process.
The recruitment process within the cyber fraternity, would be disciplined and structured, with riches the key benefit. However, fall from grace and you could end up as a ‘John Doe’!
Security ‘Per se‘
We’re aware that any country needs security, physically and defensively, owned by government. However now there is a fine line between defense and human rights or rights of the individual. When any outcome then becomes untactful, people are up in arms. It should be remediated proportionately, timely, auditable with outcomes reported on. However, there are times when you can’t have both, so it’s one or the other, this has to be publicly recognized and accepted.
How would a trainee, male or female on a CISSP or CCNA course be aware that the person sitting next to them are a cyber criminal recruitee? I doubt that the spotty faced script kiddie is seen as a threat, but they obviously start somewhere! (Bill Gates did!). The number of post nominal acronyms that we’ve seen against individuals accreditation, make me now think I spent more time ‘doing implementing, rather than time on training’, though as the saying goes, ‘you talk the talk, now walk the walk’?
Accepting the fact that cyber crime is here, and here to stay, just as much as espionage has always been with us. Security Gladiators strongly suggest that there is nothing as 100% secure, this is a fallacy, driven by naivety!
We suggest that there are a number of strains of the cyber criminal:
- Nation states – formerly espionage,
- Terrorist – globally staged, indiscreet,
- Intra business cyber criminal – business focused,
- Inter business cyber criminal – business indiscreet,
- Cyber criminal – organized, and
- Cyber criminal – disorganized.
No doubt these could be realigned in other interpretations. But cyber crime is the new strain of industry, albeit been around for some time, just as the technology has been with us.
We proffer that the cyber criminal has crept upon us, indiscreetly and caught nation states asleep until ‘the penny dropped’. However, with budget reductions, re-organisations of the defense industry and that of governmental responsibilities, the threat is with us. More so when the likes of J P Morgan, Home Depot and the myriad of other businesses globally that have become subject to this wave of crime.
Meanwhile the criminal has been getting organized. Recruitment, intelligence gathering, monitoring changes within technology and so the list gets longer. So even our governments have limped along, even though academia and industry calls have fallen on the deaf! We’ve read on the ‘new government processes’, but I personally consider it’s too late, just to say ‘look what we’re doing’!