By Rizal Raoul Reyes
A united and global participation is best approach to fight cybercrime as it has become very big in scope and impact, according to a computer security expert.
?We need an international body that can mediate disputes and dispatch resources to share information about cybercrime trends,? said Derek Manky, global security strategist at Fortinet, in his essay ?Why Cybercrime Remains a Growing Business, and How to Put a Dent on It.?
Manky said the disturbing trend in cybercrime is the use of the enterprise space to expand their business. He said the current crop of cybercriminals use hierarchies of participants with roles that mirror or imitate the executive suite, middle management and the rank and file. The executive suite manages the planning and operations to lead the nefarious acts.
Meanwhile, recruiters identify ?infantry? that carry out large-scale attack schemes on a permanent hire or outsource (affiliate) basis.
Furthermore, cybercriminals also craft and distribute malware and develop reward programs to pay affiliates once successful attacks are carried out.
Manky said the strong adoption of cloud computing, social networking, BYOD (bring your own device), and mobile communications, have given cybercriminals more access and to more organizations, databases, desktops and mobile devices.
?Infrastructure advances and the enormous number of avenues for attacks are giving cybercriminals a smorgasbord of attack vectors to choose from,? he said.
?Cybercrime syndicates use recruiters to attract new ?talent? via Web portals, many of which protect them with disclaimers such as, ?We do not allow spam or other illicit methods for machine infection,? Manky said.
This is a method of passing off legal responsibility to the hired ?infantry? while providing the necessary malware needed to execute a full-fledged infection campaign, he added.
Aside from the establishment of central reporting and information sharing channel between the private and public sectors the other vital option is to go after the cash flow itself.
?The best targets would be affiliate programs ? the cash cows that pay out commission and rewards to hired affiliates (?infantry?) who carry out malicious attacks. If the well dries up, so will the rest of the food chain,? he said.
Manky urged companies to conduct a regular accounting of digital assets and assessment of potential security flaws. He added organizations must aggressively educate users about security best practices while implementing enforceable mechanisms for security policy violations.
He said organizations must work closely with security experts and also develop disaster response plan to prepare them for the worst-case scenarios.
?Through collaborative global efforts and organizational commitment to deploying aggressive multi-layered security policies, the cybercrime epidemic can eventually be contained,? he said.