Gordon Lawson is CEO of Maskenabling organizations to protect their privacy and security using dynamic obscuration.
At the end of October, 36 countries and the EU gathered for the second annual International Counter Ransomware Initiative (CRI) Summit to continue their mission to fight ransomware on a global scale. Over the past year, ransomware has wreaked havoc around the world, affecting organizations of all shapes and sizes. According to the 2022 Verizon Data Breach Investigation Report, ransomware with almost 13% from 2021, an escalation greater than the previous five years combined.
This year, in addition to participating countries, the CRI included 13 private sector organizations that brought unique perspectives to the forum. It’s no wonder that collaboration with the private sector was one of the main takeaways. This is what that collaboration looks like.
Coordination of information
The first step to private sector cooperation is to ensure that coordination efforts are well defined and achievable. Developing a framework, a forum and a set of objectives sets the private sector expectations for cooperation. Multiple checklist items were put together at this year’s CRI Summit, including prioritizing initiatives, understanding the value private entities can add to the fight against ransomware, and sharing information in multilateral formats. But a productive information coordination plan should go beyond these checklist items to lay a foundation for flawless information exchange.
For successful coordination, the strategy must address the who, what, where and how of information coordination and exchange. The CRI will have to address the following:
• between whom the coordination will be
• what type of information is useful to share
• where that information should be placed, and
• how it will be disseminated to the relevant parties.
The private sector is known for industry-specific forums where organizations in a particular sector can share current threats, attack sequences, mitigation techniques, and other relevant information. For a successful global information coordination plan, the CRI should look to these sector specific forums, such as the ISACs. Coordination at the sector forum level is necessary to establish a foundation capable of expanding to a global scale.
Sharing information
Information sharing will enable the cybersecurity community on a global scale to fuel collective cyber resilience. Threat actors are becoming more sophisticated as they develop their ransomware attack suite. By sharing relevant Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs), organizations and countries can track threat actor changes to ensure their environment is properly configured to protect against the most current threats.
If one of the action items as of this year’s summit, the CRI aims to “establish active and sustainable private sector involvement”. Collaboration with the private sector opens a new avenue for information sharing, enabling organizations whose missions focus on ransomware preparedness, response and/or investigation to become subject matter experts in data sharing with the CRI and out there.
As a leader of a private sector organization, you can prepare your company for effective information sharing by first prioritizing capturing relevant data in a consumption format. While the relevant data for the CRI may exist within your organization, the format of the information and analysis may not be optimal for collaboration and information sharing.
Information sharing in the cryptocurrency ecosystem will become increasingly important. Sharing financial data related to crypto wallets used to launder money can help government agencies and others identify and potentially locate threat actors. As with information sharing in general, it will be important for financial institutions, crypto-based companies and other organizations using blockchain to prepare to share information effectively by ensuring that their data is in a consumable be format. This may require the mobilization of resources previously not responsible for sharing information outside their organization. It is important for these organizations to understand their legal requirements when sharing information and ensure that their policies are consistent with the disclosure of such information.
Joint opinions and partnerships
Only private sector cooperation will have a limited impact. But through joint advisories, information related to threat actors and their TTPs can be disseminated beyond the borders of the CRI. After the summit, the White House shared that these advisories “will provide warning and mitigation measures to the international community, empowering the global community to close vulnerabilities to these cybercriminals, thereby increasing our collective reach.” In the coming months, key members of the CRI will see a capacity-building tool developed that will enhance the ability of countries and organizations to build public-private partnerships. This will help accelerate private sector cooperation by improving coordination and exchange of information through partnerships and joint advice.
Ransomware is an international problem that demands a global solution. In collaboration with the countries involved in the CRI, collaboration with the private sector can improve our overall ability to disrupt ransomware attacks.
businesskinda.com Business Council is the premier growth and networking organization for entrepreneurs and leaders. Am I eligible?
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.