Cross border tracking will combat the 'clear and present danger' of cyber crime
Computerworld Asia (17 August 2012)

Police, law enforcement and cybersecurity agencies should establish intelligence collection and analysis capabilities to overcome cross border limitations when tracking cyber criminals, said speakers from national agency CyberSecurity Malaysia and analyst firm Deloitte.

During an interview on 14 August 2012, Deloitte Risk Consulting executive director, Thio Tse Gan said: "[This move to enhance tracking abilities] would allow the police, and other enforcement agencies around the world, to more effectively track cyber criminals, especially the actors, their techniques, and their 'digital footprint.'"

"These organisations [including national cyber security agencies] should also consider using automated case investigation tools that are able to leverage the collected intelligence with the ability to dynamically update Cyber-Investigator with new discoveries," said Thio. "Similar approaches have been adopted by a number of our clients worldwide, where we have helped build their capabilities to alleviate their exposure to cyber threats."

Also responding on 14 August, national CyberSecurity vice president of cyber security responsive services, Adli Wahid, agreed with the need for cross-border solutions. "Crimes committed in the cyber world tend to be global in nature. For example, the criminals could be in country X, using infrastructures or computers in country A & B to execute the crime. Cyber security agencies or crime prevention organisation must (i) have the technical capabilities to investigate and (ii) collaborate and work together by sharing intelligent and information pertaining to the crime."

"One of the areas that should be focused is the standard operating procedures (SOP) for handling request of evidence or action that tends to be cross-border," said Adli. "Oft times, excessive bureaucracy, legal and sometimes language/cultural differences make investigation or tracking the source of crime really challenging. And this can lead to frustrations to the stakeholders - victims, enforcement agencies and the country."

Deloitte's Thio said: "Cyber crimes are international in nature and as such, not only are collaboration important within the country's law enforcement agencies and its judiciary systems but cross border and international collaborations are also critical to the success of combating them."

"Further, the ability to fend off cyber crime could be improved if partnerships are established between public and private organisations where resources and intelligence could be combined," he said.

Facing this 'clear and present danger'

and CyberSecurity Malaysia held a seminar in Kuala Lumpur on 7 August 2012 on cyber threat management approaches. The topics included advanced persistent threat, and an overview of the top five cyber security threats in Malaysia.

During his opening address, CyberSecurity Malaysia acting chief executive officer Zahri Yunos said the top threats in Malaysia are fraud and intrusion. "The Cyber999 Help Centre of CyberSecurity Malaysia received 5,581 reports on cyber security incidents from the public between January and June 2012. 43.7 percent of those are fraud, such as phishing and Nigerian scams; and 39.5 percent are intrusion, which include Web defacement or attack against .MY domains."

One of the seminar speakers, Deloitte USA senior manager, privacy and resiliency practice, Peter Makohon, noted that advanced persistent threats required urgent attention to mitigate their impact on national and business activities.

"It is important to develop mechanisms for cyber defence in a way that we will be able to defend the country against new viruses," said Makohon. "Cyber security legislation is essential in protecting the nation from emerging threats, including attacks that could come from the advancing cyber capabilities."

"Organisations today cannot afford to deal with security only when incidents happen," said CyberSecurity Malaysia's Adli. "This is because attacks can be easily executed and their impact can be detrimental to the organisation."

A panel discussion with Adli, and Deloitte's Thio and Makohon tackled advanced persistent threat profiling & analysis, ongoing vulnerability posture dashboarding, remediation techniques and implementation.

"We are seeing an increasing level of sophistication in the attacks targeting both business and government enterprises," said Thio. With growing security threats, we will require new approaches in dealing with cyber threats. The traditional 'Whack-a-mole' and 'Block the World' is no longer effective. It is important to focus on the technique and not the tool."

"There is a need for organisations to align strategies, processes, operations and integrate leading edge technologies to mitigate against the exposures of cyber threats," he said. "Organisations need to upgrade their current detection, prevention, and mitigation capabilities and we have the unique capabilities in the marketplace today, to help our clients deal with this clear and present danger."