Cybercrime not “solvable”, requires data-based harm minimisation

Online criminal activity has become so pervasive that it is “not a solvable problem” and, rather than focusing exclusively on defensive techniques, organisations are better advised to ensure they have a way to gather and quickly analyse data, the head of a fast-growing local software success story has warned.

Wynyard Group, which was founded in 2012 and raised $100 million in a 2013 initial public offering, has grown rapidly – from around 50 staff to more than 250 people in offices across 4 continents – on the back of surging demand for crime analytics solutions that collate and churn through masses of incident-related information.

The company's solutions are targeted at forensic work and have gained strong support amongst law-enforcement and intelligence communities, with recent wins helping track the US-based 'Felony Lane' gang of fraudsters and a deal with PCSU to use Wynyard's technology for internal fraud analytics.

The tools are designed to not only enable analytics, but to do so within a context of strong governance and forensic controls – and, CEO Craig Richardson told CSO Australia, such controls are increasingly becoming relevant to ever more-complex cybercrime investigations.

“We're not in the network defence game,” Richardson said. “We're in the prevention game – but in our view of the world, the cyber threat is not a solvable problem, it is an unsolvable problem. And, so, corporations and government are moving to consider how they can best manage and reduce the harm it causes.”

Wynyard's technology was, for example, recently selected to be used in conjunction with New Zealand's Child Protection Offender Register, which will be analysed by the New Zealand Police in an effort to predict reoffending.

With sophisticated organised-crime networks offering “more efficient command-and-control networks than most government agencies”, the value of a data-analysis tool in correlating relationships between elements would increase over time in both real-world investigations and investigations into cyber-criminal activity,

This requires sorting through mountains of both structured and unstructured data, sourced from a broad range of systems and stored in a variety of data formats and often produced by a range of statutory authorities. Sourcing this data, in turn, requires a robust defensive framework, with appropriate security tools capable of contributing meaningful data logs.

“Most countries use an approach where they put all the information about offenders in one place and hope it stays up to date,” Richardson said. “They rely on other agencies to keep their data up to date – and this usually falls down.”

The need to take a more proactive approach to the process will be a major component of cybercrime defence as advanced cybercrime activity continues to escalate throughout this year and beyond, Richardson said.

“I think we're just at the dawn of the really sophisticated actors,” he explained. “Whereas before it was a Web site hacked or a few credit cards stolen, we are at the point where you're going to see infrastructure at risk and economies disrupted.”

“Most governments around the world are being quite open about that. They're going to need people pulling data from a number of places to give people responsible for managing offenders, the best chance of intercepting what might go wrong.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Wynyard GrouphackNZ child protection offender registerorganised-crime networkscybercrime

More about CSOEnex TestLab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts