Collaboration between infosec professionals and law enforcement agencies is vital, says Victoria Baines, the European Cybercrime Centre's strategy and prevention chief.
Like the information security community, which is close-knit and coherent, we need to mobilise the cyber crime law enforcement community to work together at all levels – from policy development, working practices and mitigation approaches to skills development – if we are to make a tangible impact on controlling cyber crime.
In fact, there is a huge opportunity for the information security and cyber crime law enforcement communities to work together. We in law enforcement are always looking to identify the new trends and methods being used by cyber criminals, but we don't have all the answers to mitigate the threats and reduce the risks.
Information security professionals, on the other hand, are the experts in these areas – they are working on the ground, day in and day out, to proactively protect their organisations from sophisticated cyber attacks.
In an interconnected digital world, and given the ever-increasing volume and international structure of cyber crime, we cannot treat every incident as a ‘burglary'. Law enforcement is becoming better at informing the infosec community of upcoming threats, but we need to rely on the expertise of professionals to devise ways of pre-empting the threats. Social engineering is a case in point: CISOs are seeing these attacks in real-time.
Technology will go the way it needs to go – after all, no one can refute the benefits it delivers to businesses and individuals alike. But technology and cyber crime are evolving at the same pace, making it impossible to predict with absolute certainty what the next big cyber security threat will be, and so the information security community must invest in continuous skills development to, at the very least, keep in step with developments.
Often a key challenge for many CISOs is getting board-level buy-in for investing in the skills development of the information security team. Law enforcement has experienced a similar challenge in recent years. The establishment of Europol's European Cybercrime Centre and the EU's new cyber security strategy are important steps forward, but there is still a good deal of work left to be done.
Project 2020 is one such initiative on a global scale, but there is scope for many more.
Project 2020 is an ongoing study led by Europol to anticipate the evolution of cyber crime in the next few years and help citizens, businesses and governments prepare. Contributors include enforcement agencies, enterprises, security solutions providers and international information security organisations such as (ISC)2.
(ISC)2 chapter launched
The inaugural meeting of (ISC)2's North-West England Chapter was held in Manchester in March, and was attended by 48 members, ranging from technical professionals and software security developers to chief information security officers. Dominic Ryder, pre-sales consultant at Network Defence, is president of the chapter.
“We are keen to increase security awareness in the region and build a community of like-minded information security professionals that serves as a secure forum for imparting knowledge to help over-come common challenges or help members improve their job functions,” says Tony Butler, the chapter's communications director.
Participation will enable (ISC)2 members to earn CPE points.
Butler adds: “In addition, we are looking to build links with the community socially. We are keen to engage with schools through our Safe & Secure Online programme, which is aimed at children between the ages of seven and 16 to teach them online safety.”
The chapter meets quarterly, with the next meeting scheduled for June in Warrington, Cheshire. For more details, go to www.isc2nwch.co.uk.