How Public-Private Collaborations Can Fight Ransomware

/in


Making any public-private partnership work is tricky, but a new report stresses the importance of such team-ups to fight ransomware, a pressing and societywide problem.

The report is from The Institute for Security and Technology, and it takes a look at three existing public-private partnerships designed to fight ransomware: Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative, Europol’s European Cybercrime Center, and the institute’s own Ransomware Task Force. Authors of the report reviewed research and interviewed the collaborations’ participants.

The study focused on entities that chose to join their collaborations, looking at why they chose to take part as well as what helped groups stick together.


“A lot of private-sector actors really want to be collaborating more than they already are,” said report co-author Elizabeth Vish.

Indeed, companies said they joined collaborations out of a desire to boost collective cybersecurity and better understand threats.

Many also appreciated that the partnerships created neutral space for competitive companies to share cybersecurity info. Some companies also said the collaboration helped establish their expertise and raise their brand awareness, enabling them to work with recent cyber victims without triggering suspicion.

Public- and private-sector partners bring different information and insights. Additionally, government can do things companies cannot, like pursuing perpetrators, while private entities can share important details learned from attacks hitting their organizations or clients.

But launching and maintaining partnerships means both assuaging fears and watching out for potential pitfalls.

Private entities are often concerned about sharing info with government and about the risks of regulatory retaliation or reputational damage. Collaborations should create information-sharing agreements and establish expectations around confidentiality. This might mean using the Traffic Light Protocol to govern what info can be shared and how widely, applying the Chatham House Rule to meetings, deploying encrypted communication channels…

Source…