As global cyber crime rates continue to rise, the question of how to fight the evolving cyber threat landscape more effectively is increasingly relevant. Many see collaboration between private and public sectors as a viable solution.
On the one hand, cyber security companies help contain the spread of cyber security threats by providing protection technologies. On the other, law enforcement agencies deliver justice to the cyber criminals responsible for the threats – this union is what is needed to successfully curb cyber crime.
Today’s technological challenges require a flexible and adaptive legislation that can effectively respond to new threats, addressing the fact that threat actors are constantly refining their techniques.
As numerous countries tighten their cyber security regulations, we receive an increasing number of requests from national, regional and international organisations to provide expert assistance.
In 2023, Kaspersky provided its feedback on the Proposal for the Cyber Resilience Act, or CRA. Supporting the establishment of new risk- and fact-based rules proposed within the CRA, Kaspersky suggested additional measures to consider in the ongoing legislative process, including:
- Introducing detailed definitions and more comprehensive specifications for the terms and concepts introduced by the CRA;
- Improving the proposed process and obligations for reporting vulnerabilities;
- Specifying the essential cyber security requirements, including those related to “security by design”, and others.
Kaspersky has also contributed to the International Convention on Cybercrime, which is being developed by the UN-created Ad Hoc Committee. Our company suggested defining and protecting ethical security researchers and ethical hackers; enhancing expedited international cooperation; ensuring the protection of users’ rights and privacy; and increasing the role of public-private cooperation.
By collaborating with policymakers, cyber security vendors help bridge the gap between technical complexities and regulatory frameworks, ultimately enhancing the resilience of digital environments.
Cyber security capacity building
The acute shortage of cyber security skills is a well-known fact, with our recent findings showing that nearly half of companies worldwide are struggling with understaffing.
The cyber security private sector can contribute by providing specialised training programs and workshops to enhance the skills and knowledge of other organisations and the public sector.
Kaspersky provides expert training, and recently delivered a cyber security expert training series to Interpol law enforcement officers, educating them on advanced threat detection and mitigation strategies.
The company also offers a Cyber Capacity Building educational program, designed for employees of private and public companies, as well as universities who want to gain practical skills in assessing the security level of their IT infrastructure.
Cyber crime investigations
By leveraging cutting-edge technologies, threat intelligence, and cyber expertise, we can proactively detect, prevent, and respond to malicious activities.
By sharing threat intelligence data and coordinating responses to cyber incidents with law enforcement, we can enhance the overall cyber security posture and lead to a more cohesive and coordinated approach in combating cyber crime.
Cyber crime knows no borders, which is why Kaspersky regularly takes part in operations and investigations conducted jointly with the global IT security community and international organisations such as Interpol, law enforcement agencies and national Computer Emergency Response Teams (CERTs).
Kaspersky’s role is to provide these institutions with our expertise and all the technical information needed to investigate cyber crimes, such as analysing infection vectors, malicious programs, supported command & control infrastructure, and exploitation methods.
Another challenge for law enforcement agencies is the lack of tools and technologies required to probe offenses effectively.
Providing access to cyber security tools can enable law enforcement agencies to leverage advanced technologies and expertise in investigating and combating cyber crime, leading to faster response times and better outcomes.
Boosting software quality through responsiblevulnerability disclosure
Cyber security vendors can leverage their expertise to proactively search for vulnerabilities in software products, reducing the risk of security incidents and helping other organisations minimise supply chain risks.
Kaspersky has been an active contributor to the responsible vulnerability disclosure process in various ways. The company’s experts conduct research and report vulnerabilities in third-party products. Kaspersky also invites independent researchers to analyse its own products for potential vulnerabilities through its bug bounty program.
Among the recent vulnerabilities discovered by Kaspersky experts are a critical vulnerability in the Apple System, which played apivotal role in the iPhone attacks known as Operation Triangulation, and a zero day vulnerability in the Windows system.
Kaspersky’s Sustainability report for H2 2022 and 2023 outlines the contributions that private sector players can make in tackling global cyber security challenges and overcoming the barriers that cyber crime poses to establishing digital trust.
By adopting these measures, cyber security companies can enhance the overall cyber security posture and nurture a more cohesive and coordinated approach in combating cyber crime.
* This promoted content is published as part of Kaspersky's sponsorship of the ITWeb Security Summit 2024.
Share