Data Manipulation, Law Enforcement and Our Future
While we have traditionally considered data manipulation as the practice of altering documents and other information, that definition is changing. When we think about data manipulation now, the alteration of documents and information done with a criminal or harmful intent has become a major concern, but not the only one.
We also think about things like fake news, social engineering through the discrete mining of social media information, and the use of data as a tool—or a weapon—to shape people’s thoughts, ideas, opinions, and, ultimately, their actions.
Data manipulation has become a moving target for those of us in the business of combating criminal activity online, building trust and protecting our way of life in the Digital Age.
Adversaries who manipulate data with malicious intent are constantly developing new tactics and attack modes, seeking any edge in a world where all of us are increasingly dependent on digital connections. This includes activities by criminals who hide their identity, mask their location and obfuscate their financial transactions.
Cooperating, Collaborating and Collecting
If there is one thing we’ve learned about today’s cyber environment, it is that we are all in it together. We can gather strength in numbers and in pooling our knowledge, experience, and resources. Our adversaries try to take advantage of our uber-connectedness—we should do the same in fighting them.
In order to attain the levels of collaboration and cooperation necessary to address data manipulation, we must trust our people, processes and technologies and build trust-based relationships between industry partners and law enforcement. This means we have to also address issues around transparency and oversight, which are becoming far more complex as technology innovation continues to accelerate and flourish.
This touches upon the question of safeguards against and regulation of data manipulation, as well as responsibilities. Should it be left to tech companies to self-regulate when it comes to issues around data mining, data privacy and data manipulation, or should the discussion involve all stakeholders, including industry, law enforcement and the public? I would argue for the latter approach.
Regulatory and legal frameworks are just one example. If you look across the cybersecurity spectrum, you will see that every facet involves some level of cooperation and collaboration—from technology platforms designed to work seamlessly together, to law enforcement agencies that work together to not only investigate crimes, but also to detect, deter, divert and to help defend.
Moving Forward
Data manipulation is on the verge of becoming one of the largest criminal industries. Law enforcement has a vital role to play in creating a more impactful and proactive response, not merely reacting to criminal activities. Everyone benefits from a holistic, adaptive and complementary approach that involves all relevant partners, one where organizations can leverage the capabilities provided by law enforcement agencies. For example:
- With prioritized and coordinated joint actions against the key cyber threats—supported by adequate legislation—we can increase the risks for cybercriminals and impose real consequences.
- With effective prevention and disruption activities, we further tip the scales to the detriment of criminals by leveraging cooperation and partnerships across law enforcement, government and private industry.
- With advanced technologies and open platforms, we can use shared threat intelligence, machine learning and automated decision-making to reduce risk and improve responsiveness. This enables us to eliminate manual processes and use software to fight software while adhering to strict data protection regulations.
- With greater collaboration and commitment to sharing, we can band together as a community to use combined resources in the war against data manipulation. The cyber industry has made great progress in this area through the establishment of platforms such as the Cyber Threat Alliance (CTA), a not-for-profit organization that enables near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field.
Looking Ahead
How do we turn this vision of cooperation and collaboration into reality. Europol and its European Cybercrime Centre (EC3) and its many different partners in law enforcement, industry and academia are a prime example of the power of a networked response to cybercrime at scale.
We need to continue to improve and forge new alliances, further our cooperation with other partners and continuously adapt our response. We also need to focus on areas such as regulations and technology to clarify criminal activity, improve our preparedness and enhance our ability to coordinate a response:
- Regulations: With General Data Protection Regulation (GDPR) in Europe, we are seeing the benefits of proactive regulation with a strong cybersecurity element. GDPR forces organizations to understand what data they have, where it is stored, who works on it, who can manipulate it and how to protect these assets. That is linked to quality and information management, with organizations defining how they run their businesses in relation to cybersecurity risk. It also promotes the idea of designing security protections and products into services. Taking a broader perspective, GDPR is about improving business and management practices, understanding core business processes and identifying assets of an organization as well as its risk posture.
- Technology: Cybercriminals are adopting new approaches to increase their capacity to manipulate data and commit cybercrime. We must use current and emerging technologies to prevent them. This means the use of shared intelligence, open platforms, AI, machine learning and more. It also means we must explore the benefits of innovations such as blockchain technology, to create an environment that is more transparent, trustworthy and resilient. Big data analytics, machine learning and AI can improve cybersecurity through better threat detection and prediction, intelligence collection and analysis, and faster response. With effective use of information, the deployment of scare resources can be better targeted to intervene precisely where issues, crimes and threats can be expected. However, it is important that we use such tools carefully, proportionally and in line with relevant legislation and regulations.
Suggestions for Business Leaders and Executives
Business leaders and executives have a vital role to play in addressing the evolving challenge of data manipulation. They have a responsibility to set the cybersecurity agendas for their organizations and decide on the appropriate investments in people, processes and technologies. Suggestions on steps business leaders and board members can take:
- Develop an understanding of the evolving adversarial mindset: Executives can look to sponsor initiatives that drive your organization to build a proactive trusted partnership with law enforcement agencies. In doing so, you can gain insights into the motivations, technologies, techniques and business models of cybercriminals, which can help to define the steps your organization can take to be better enabled to prevent an attack. Also, look to collaborate with organizations, such as the Cyber Security Information Sharing Partnership, which enable secure threat intelligence to be shared.
- Require organization-wide training and education: We all must be educated about the risks of data manipulation and the need for improved cybersecurity. This often starts in the executive suite, where C-level executives must understand risks so they can make the proper investments and strategic decisions. It also extends to security personnel, who are in relatively short supply in comparison to the need. So inspire, incentivize, and reward your IT security personnel to keep vigilant and informed. And recognize that, as leaders, we must leverage education and training in our work and classroom settings so users are aware of how they can mitigate risk whenever they go online.
- Insist on a holistic approach: Cybersecurity should be part of a holistic approach that should be part of all processes. Business leaders and board members need to establish a cybersecurity culture whereby everybody is aware of his or her responsibility, and security and privacy “by design” are guiding principles. Since humans are often the weakest link, ongoing training, education, and creating awareness are indispensable tools in protecting against cybercrime and data manipulation.
Conclusion
While data is a commodity now, it is increasingly emerging as a cybercrime attack vector through means such as data manipulation, compromised processes and the increased potential to shut down basic infrastructure services and other pillars of our societies.
The good news is that no one is alone. In fact, we are all connected, both literally and figuratively. Our connected networks give us the ability to coordinate and collaborate in the face of data manipulation and cybercrime.
Will we be able to build the trust necessary among our people, processes, and technology to overcome these threats? We must, we can and we will.
Dr. Philipp Amann is Head of Strategy, Europol’s European Cybercrime Centre (EC3).