The security industry needs to work together on a more proactive strategy for fighting cybercrime, according to...
a report from security firm McAfee.
Criminals appear to be gaining the upper hand, with a record number of six million malicious files found in the past three months, according to the latest McAfee threat bulletin.
"Every time we release a new statistic about the rise in malware, it points to our failure as an industry," said Jeff Green, senior vice-president of McAfee Labs.
McAfee's industry report based on strategies compiled by international experts issues a call to arms to the security industry in the face of an increase in the volume and sophistication of malware.
Security firms have traditionally taken a defensive posture, but the time has come to take a more aggressive stance, aligning forces and involving law enforcement, the report said.
"If we want to stop being victims, then the good guys need to advance security efforts as threats evolve," said David Marcus, director of security research at McAfee Labs.
The report details several strategies for building a more offensive security strategy that require the security community to band together to help take down criminals.
First, the report says organisations should use hacker techniques such as fuzzing and penetration testing to find and close vulnerabilities in their own products and systems.
The report calls on internet body ICANN to take a stronger stance on cybercrime by applying stricter rules to domain name registrations.
Another key strategy is increasing risk for criminals by publicising their names, increasing fines, and freezing accounts linked to fraud.
The report calls for more "shuns" such as ostracising malicious networks, and "stuns", which incapacitate botnets, as strategies that have proved effective.
McAfee also suggests building communities for trusted information sharing across governments and international law enforcement to help catch criminals.
Creating and funding a framework for these organisations to play a greater role in reporting abuses and enforcing laws should be a priority for lawmakers, said Joe Stewart, one of the report's authors and director of research at the SecureWorks Counter-Threat Unit.
"This is a long-term effort, and one that will require great political bartering and global treaties," he said. But, once achieved, it could increase the risks for cybercriminals significantly.