The Doyle Report: After Years of Hacks and Breaches, There May Be Reason for Optimism in Cybersecurity

If you follow cybersecurity, you know that every week seems to bring more bad news. Just today, for example, Corero Network Security (LSE:CNS) released findings from a new survey that found that DDoS attacks pose a greater security threat to businesses than ever before. Nearly a third of IT security professionals and network operators surveyed said they have experienced more DDoS in recent months while 40 percent said they were experiencing “attacks on a monthly, weekly or even daily basis.”

But not all news emanating from the world of cybersecurity is grim. In fact, at least one expert says there is reason for optimism when it comes to protecting people, devices and data. In an interview this week at the CompTIA Annual Membership Meeting (AMM) in Chicago, SolarWinds Global Cyber Security Strategist Ian Trump highlighted progress made by the industry.

“Law enforcement is starting to crush the bad guys,” Trump says, citing stepped up efforts by both the U.S. Department of Justice (DoJ) and Europol, the European Union’s (EU) law enforcement agency, to prosecute cyber criminals. These organizations are better coordinating efforts, reallocating funds and manpower, and developing better strategies for fighting cybercrime. The results are impressive.

So how are the gains being achieved? Several ways.

Authorities are getting better at stopping money laundering
One way law enforcement authorities are gaining an upper hand is by targeting the soft underbelly of cybercrime, which is money laundering. “The bigger the cybercriminal you are, the more law enforcement you are going to attract. And to combat the big players, law enforcement is going after where cyber thieves keep their money,” Trump says.

While some thieves still covert their ill-gotten gains into piles of cash that they must hide, many have resorted to putting their wealth into Bitcoin and other crypto currencies. But these can be difficult to secure, protect and covert when authorities come baring down. Crypto currency also becomes “evidence on your hard drive,” if and when you get caught, says Trump.

^{Ian Trump, Global Cyber Security Strategist, SolarWinds}

Organizations have improved their risk assessment
Another reason for optimism is the amount of work done by private and public institutions to properly assess the problem. Five years ago, for example, private businesses, governments and publicly traded companies did not have a good handle on their exposure to cyber attacks. Now they have a much better risk assessment of their empires. Armed with this information, millions have taken out more insurance against cybercrime, and increased their investments into better technology.

Victims are fighting back
Then there’s the growing chorus calling for the legalization of “hacking back” one’s attacker. Earlier this year, Georgia Congressman Tom Graves proposed the “Active Cyber Defense Certainty” (ACDC) Act, for example. Similar laws are being considered overseas. In addition, some in the U.S. are calling for the government to investigate and possibly retaliate against foreign attacks on our public and private networks and data centers.

As these efforts play out, watch for more victims to seek out “self-appointed” retaliators to work on their behalf, Trump says.

Security tools and techniques have improved
Instead of being overwhelmed, some Internet users are gaining an upper hand in their fight against cyber attackers. In December 2016, Forbes published an article that chronicled how British Telecom (BT) applied big data to fight against cyber attacks.

Helping Customers and Beyond
When asked how to MSPs can best help their customers, Trump mentions all the usual steps, including keeping customers’ systems and devices updated. But he offer this advice for every security services provider: increase the amount of end user training you provide. When you do, he says, you immediately reduce the number of support-related calls you receive. You also prevent at least one major intrusion at every customer site, and you help customers better securitize the tools and processes they rely on in the atom-based world.

One last piece of advice from Trump: “If I were an MSP today, I would consider extending my managed security services to the home. Why? Because users work in the office, at home and on their mobile devices wherever they are. There is no technology that can safely protect someone in all three places; they need help.”