Government // Cybersecurity
01:37 PM
Connect Directly
Repost This

McAfee Says Security Industry Failing On Cybercrime

Report outlines proactive, offense-based strategy needed to battle increasingly sophisticated threats.

Antivirus vendor McAfee has called on security researchers and the security industry at large to go on the offensive against criminals and pursue "a more proactive strategy for fighting cybercrime."

"Cybercriminals prosper because they have very little reason to fear the consequences," said Jeff Green, senior VP of McAfee Labs, in a statement. "As security experts, it's time to take a hard look at what we do, how we do it, and what our ultimate goals are."

In the arms race against online criminals, and their increasingly sophisticated yet inexpensive crimeware, malware, and spam-generating capabilities, arguably the good guys are losing. "Every time we release a new statistic about the rise in malware, it points to our failure as an industry," said Green.

What can be done? For starters, a new report from McAfee recommends making it riskier for criminals to operate online, noting that "like any enterprise business model, the psychology of organized cybercrime follows the three major factors: risk, effort, and reward."

Accordingly, why not pursue strategies that increase the risk, effort, and punishment for online crime? "Some of those tactics include publicly disclosing the names of cybercriminals, increasing the fines against cybercriminals, increasing the shutdowns of affected domains, more effective spam filtering, closing 'dropped' e-mail accounts, and freezing payment accounts that are suspected of fraud," said McAfee.

The company also called on the Internet Corporation for Assigned Names and Numbers (ICANN), the not-for-profit organization that coordinates the Internet's naming system, to "take a stronger stance against cybercrime," especially since it's the body that "accredits the registrants that sell the domains which cybercriminals use to host malicious sites."

Another recommendation is to pursue more "shuns and stuns," meaning routing traffic around known-bad networks, as well as actively disabling botnets. "Shuns and stuns have beaten the odds in the past, and industry experts as well as law enforcement should embrace these methods as a common security practice," said McAfee, pointing to Atrivo, MoColo, and Mega-D as relevant success stories.

With the Obama administration and Congress focusing more attention and resources on combating cybercrime, McAfee also suggests fostering more cross-border collaboration, as well as coordination with private industry. Notably, that combination recently helped get alleged Estonian hacker Sergei Tsurikov extradited to the United States.

According to Joe Stewart, director of malware research with the SecureWorks Counter Threat Unit, "creating a framework for these organizations to play a greater role in reporting abuses and enforcing laws -- along with a greatly increased budget -- is where lawmakers seeking to make an impact on cybercrime should turn their attention."

Make no mistake, "this is a long-term effort, and one that will require great political bartering and global treaties," he said. But if handled correctly, it could make online crime a significantly more risky endeavor.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.