Governments could reduce international cyber crime by putting stronger regulations on cryptocurrency, a security expert has said.
Itai Greenberg, chief strategy officer at Check Point, told ITPro that greater government oversight of blockchain technology and transactions would be an immediate way to improve the threat landscape.
“If we put in regulation, we can dramatically reduce the amount of cyber attacks,” he said.
“It would have a direct impact, because cryptocurrency allows people to get dollars without being traced.”
Greenberg acknowledged that the government’s role in enforcing crypto rules can only go so far, and that the blockchain is here to stay.
“It was never introduced by governments, it will not be disappeared by governments.”
The different blockchains across the world support many legitimate uses, including more secure transactions of finances and synchronization of data in a decentralized format.
Conquering technology risk in banking
Discover the five best practices leaders in technology risk management and resilience.
But Greenberg maintained that clearer rules around tracing and taxing when it comes to the blockchain is still needed.
“There are many, many good people around the world that contribute to the success of blockchain and cryptocurrency. What they do not have is the big brother that will tell them how to do it right, and we’re starting to see it now with Celcius, with FTX.”
Because transactions made on the blockchain are irreversible, it can prove difficult to recover funds stolen by hackers, or cryptocurrency that a company sends as ransom to a threat actor.
Cryptocurrency can be difficult to trace, but not impossible. The FBI was able to locate and recoup $2.3 million of the money lost in the 2021 Colonial Pipeline ransomware attack, and law enforcement can obtain warrants to check the digital assets of suspects.
Third-party exchanges can also work directly with government agencies to help them access funds.
But a fully fledged, international scheme to track and tax cryptocurrency would require the participation of world governments, and this could be difficult to secure.
Nations such as Russia already offer safe harbor to cyber criminals, and could be unwilling to compromise the payment channels of those under their protection.
More comprehensive tax requirements on crypto assets, as well as more stringent enforcement of existing laws, could help to dissuade criminals seeking to use crypto platforms as a basis for obtaining illicit funds.
In recent months, international agencies have become even more aggressive in their pursuit of cyber criminals and ransomware groups in particular.
The US Department of Justice (DoJ) placed a $10 million bounty on a Russian man linked to the groups LockBit and Hive, and has since charged a string of LockBit associates as it embarks on more operations to disable the group.
Greenberg praised this activity, saying the actions further protect the cyber security landscape for organizations and individuals.
Improving cyber resilience
Speaking on the wider strategies that companies can take to be more resilient to attacks, he suggested abandoning the traditional idea of detection and remediation, and to instead invest in real-time prevention.
With increasingly automated attacks such as DDoS bots or even AI-assisted fuzzing, the time delay between detection and response in older systems could mean the difference between resilience and compromise.
Greenberg acknowledged this can change be difficult to implement. For example, while false positives are acceptable in a detection system they can cause unwanted interference and disable core processes if they crop up in a prevention system.
He said many companies try to estimate how many times per year they will be attacked and that this is likely to be in the thousands, but that some companies fall into the trap of thinking that there’s little difference between 95% prevention and 99% prevention.
“It’s not about the 95% that you block, it’s about what you don’t block. And it needs to go as close as possible to 100%.”
Greenberg also highlighted the struggle that chief information security officers (CISOs) face in optimising their limited IT budgets, workforce, and skillsets.
“There are two philosophies here, one that says you split your budget with half in SOC, remediation, engineering people and half in prevention and detection,” he said.
“I would advise a CISO to put as much as they can into the prevention technology. So make it 90% of your budget, because you are no longer in this race of putting people and technology in to deal with remediation.
“Resilient companies will put more in prevention and outsource their remediation and incident response into an MDR service.”
