Companies in the UK and around the world are key to replicating Microsoft’s strategy of disrupting cyber criminal operations, says Richard Boscovich, assistant general counsel at Microsoft’s Digital Crimes Unit.
“A lot of these companies are going to be our enterprise customers, who we work with in evaluating what is hurting them and what they feel is a problem for their business,” said Boscovich.
As part of these collaborative efforts, Microsoft provides office space for private partners within the company’s Cybercrime Center, the DCU’s world headquarters in Redmond, Washington.
A current occupant of the partner area between the malware lab and situation room is Fidelity Investment Services (FIS), a global provider of technology and services to the financial services industry.
“FIS is working with us to see what is impacting FIS and its customers, some of whom are Microsoft customers, as is FIS,” said Boscovich.
“I encourage companies to engage with us because I would love to see more organisations, especially outside the financial services sector, work with us on the threats they are seeing,” he said.
Many large enterprises have sophisticated investigators and security operations centres (SOCs) that are able to provide extra pieces of the puzzle in mapping out the infrastructure for the command and control operations of a botnet, said Boscovich.
“They may also have malware samples that we have not seen yet that we can analyse, and vice versa, so they bring with them technical assistance as well as forensic evidence, which is the main way we collaborate with our partners,” he said.
And by correlating all the big data from Microsoft and its partners, Boscovich said investigations are able to get a very good picture of the threat landscape, enabling disruptive actions to be more effective.
More on cyber threat information sharing
- Info sharing key to security, say IT professionals
- CERT-UK to drive international cyber security collaboration
- Government launches cyber security threat sharing service
- Threat info sharing tough, says RSA conference committee
- UK government announces Cyber Crime Reduction Partnership
- IT security leaders debate their cyber threat challenges
Bryan Hurd, director of advanced analytics at Microsoft’s DCU, said partners are not only global companies, but also include local companies.
“There is a great willingness among security researchers to work in partnership and in the public-private partnerships I am seeing greater trust in the process despite natural caution about sharing security information,” he said.
Hurd believes believes businesses are approaching a turning point. “Before, the perception was that the benefit of participation did not match up to the returns.
“But as more CIOs around the world see the massive impact on their sector, or their businesses specifically, of cybercrime, they will realise that not participating is no longer an option,” he said.
Hurd said it is increasingly obvious to members of the business community that it is of mutual benefit to align themselves against a common threat.
“I call on all organisations to participate in anti-cybercrime, information-sharing partnerships because this kind of crime will be stopped only if everyone works together,” he said.
Hurd said fighting cybercrime demands “all hands to the oar” and that every company in the UK or elsewhere is capable of making a contribution.
“Industry groups are the most common way of establishing enough trust to enable companies to feel comfortable about sharing their experiences and talk about trends without giving specific data,” he said.
“Such groups are also good for sharing information on attacker attributes without compromising their own security, but their technical people need to help them understand that and give senior decision makers the right options,” said Hurd.
But, he said, companies can make a start internally by asking specific questions about the number of times a spam bot has affected operations, how many times someone has tried to carry out a denial of service attack on the organisation, and how many times the organisation’s computers have been used to do something to somebody else.
“If you want to start locally, those would be great strategic boardroom questions to be asking, and the next step would be to ask what the organisation is doing to fight the bigger, global problem, because it is the trust in each of those sectors that enables us all to play, live, work in this digital environment,” said Hurd.