| | JUNE 20208CIOReviewIN MY OPINIONSEARCH & DESTROY: THE IMPORTANCE OF CYBER THREAT SHARING IN DEFEATING CYBERCRIMEBy Gregory Crabb, CISO, VP, United States Postal ServiceThe American criminal justice system is most effective when citizens work in partnership with law enforcement organizations, reporting crimes and suspicious activity in a timely manner. When a burglar crashes through a window and robs a home, most victims report the incident to local police, who gather the evidence necessary to catch the thief. As members of a community, we report a crime because we understand the central role active communication with law enforcement plays in maintaining a safe environment for our neighborhoods, schools, and businesses. These observations provide law enforcement organizations with the insights they need to identify and eliminate potential threats and prevent future criminal activity.While many victims don't hesitate to report criminal activity, victims of data breaches or similar cyber-attacks are far less likely to share these incidents with law enforcement. Most people place blame for data breaches or other high profile cyber-attacks squarely on the shoulders of the affected organizations without considering the actions of the criminal who launched the attack. Responsible organizations go to great lengths to protect their networks, yet cyber threats are ever evolving in sophistication and prowess. Cybercriminals can victimize even the most hardened IT environments. As members of the cyber community, it's critical that we understand the inherent cyber risks companies face in the digital age and resist the urge to shame companies that fall victim to cyber theft. As one of the few federal information security officers with a background in law enforcement, I've come to appreciate the importance of cyber threat sharing during my 20+ years of service with the United States Postal Inspection Service, the federal law enforcement arm of the United States Postal Service. In the early 2000s, I led a team of Postal Inspectors in investigating sophisticated cybercrime schemes operating out of Eastern Europe. One investigation led to the arrest of cyber criminals connected to hundreds of cybercrime attacks.Central to the success of this investigation (documented in Misha Glenny's 2011 book, Dark Market) was a commitment to threat sharing between several public and private sector organizations. Cases like this demonstrate the critical role that proactive and sustained threat sharing plays in limiting the effectiveness of cybercriminals, from amateur hackers sending out phishing emails to nation states engaging in international cyber espionage. As long as companies hoard knowledge of cyber-attacks for fear of public shaming and loss of business, our
< Page 7 | Page 9 >