The problem is that organizations with a large attack surface do not share news on successful hacks - Interview with Joe Shenouda from Cyberpol

CYBERPOL is a non-partisan International non governmental Organization by Royal Decree (King of Belgium)  that researches and monitors the World Wide Web for international organized cyber crime. CYBERPOL identifies, research and identify International Cyber Crimes (ICC), cyber-threats and global cybercrime trends in the contemporary cyber world of today essentially acting as an international independent.

CYBERPOL tracks and monitors cyber criminals worldwide as a global cyber watchdog.

Our mission is to ensure and promote the widest possible mutual international assistance between all international cyber authorities within the limits of the laws existing in the different countries. We create cyber risks awareness, educate and promote cyber awareness to all levels of life.

CYBERPOL is aiming to open its first building complex in Belgium within 6 months. An official announcement will be made in November 2015 during the ECIPS / CYBERPOL conference in Brussels -_> http://ecips.eu/summit/


image00Joe Shenouda has 19 years technical and research experience in IT & Information Security with a successful record in developing and leading technical corporate security programs for global organizations.

He started his Infosec career at Tilburg University in 1999 where he did research on Cybersecurity, cybercrime, cyber forensics, privacy & data protection.

Continuously managing risk and improving cyber security posture in complex enterprises is what he does best. Recent highly-publicized breaches clearly demonstrate the need for the right Information Security skills in your company.

As a thought leader, Joe served both internally and externally as a trusted advisor and architect to senior management of government and industry on the topics of cybersecurity risk management, architecture, technical implementation, operations and compliance, as well as on infrastructure resilience, disaster recovery and business continuity. Joe also spoke frequently on cyber security and risk management at professional conferences, and published articles and blogs on issues relating to cybersecurity.

Joe currently has achieved several high level security clearances from various organizations like NATO and the Dutch Defense and is the technical and strategic right-hand of many Information Security Officers in the Benelux area.


[eFM]: What do you think about cyber security regulations, generally?

[JS]: At the moment a lot of countries have their own national regulations, but as we all know, Internet has no borders. The problem is bigger that the national borders and calls for an international cyber watchdog like CYBERPOL to have a global scope and that works together with law-enforcement and intelligence agencies.

[eFM]: What do you think about the international cooperation in this field?

[JS]: There are some well established international cooperations known but it’s far from a global watchdog situation. You need a global party to tackle this problem of international cyber criminals hiding in countries that don’t cooperate normally with other countries.

Tracking cyber criminals is the easy part. The following-up on that is a different ballgame. It includes political and diplomatic agreements and cooperation with secret services.

What you need to be successful globally is an agency like CYBERPOL who is able to catch cyber criminals physically within 5 days, have a public prosecution following on that resulting in a sentence. By duplicating all the proceedings of real-world law enforcement, a successful cyber security program can exist in the world.

[eFM]: How often do you cooperate with infosec departments from different institutions?

[JS]: CYBERPOL works intensively with intelligence agencies, law enforcement agencies, military organization and local governments. This gives us a 360 degree overview to successfully track cyber criminals and to prosecute them lawfully.

[eFM]: What are some of the biggest problems CYBERPOL has when cooperating with organizations?

[JS]: The larger your attack surface, the more important it is for organizations like CYBERPOL to receive information and forensics on attacks. If you’re a large corporation that gets hammered on a daily basis by cyber criminals, we can be very effective in stopping that if we’re allowed to dive into the evidence..

The problem at the moment is that especially organizations with a large attack surface do not share news on successful hacks that they suffered to save their public image. This however is a loss for Cyber police organizations. Can you imagine being robbed as a shop and not doing something about it, not even telling it to the police? Of course, nothing will happen and things can be even worse if cyber criminals get a hint that they are uncatchable because there is no good system to catch them and that their victims are very afraid to talk.

Getting attack information from organizations means we can mend the cyber security problem bit-by-bit. Knowing how cyber attacks take place and who does it gives agencies like CYBERPOL a very big advantage in making this world Cyber Secure.

[eFM]: And how do you assess the current level of cooperation between countries, in regards to the cybersecurity?

[JS]: Till now countries have been working together on incident basis and in planned raids on cyber criminals in Europe with agencies like Interpol and it’s cyber team. A top of the iceberg is being affected however there is a lot more cyber crime going on that is waiting to be taken care off. These cyber criminals act now in a vacuum area because of the lack of continuous global cyber surveillance. However the way we’re going now is a good one: with CYBERPOL a next generation policing organization is in place with the right contacts and cooperation with governments and other agencies. CYBERPOL has the right authorizations worldwide and is already effective in dealing with cyber criminals.

[eFM]: Is there is big difference in the security knowledge between Europe and USA? And generally in the level of security as most of the data breaches or leaks come from USA. Or UK...

[JS]: At the moment the differences are huge but as mentioned earlier this is changing because there is no other way to tackle this global problems without borders. An international approach is important with a large willingness to cooperate by all governments. Only then the problem of cyber criminality can be tackled successfully.

[eFM]: Can you elaborate on that? What kind of differences are those?

[JS]: Countries tend to have the same goal however the differ on the roads to take. Translating this into the cyber security realm, they create and use regulations and legislation that suits them but is not workable or legal in a different country. Recognition of an international party like CYBERPOL can level the differences and makes it effective in tracking catching cyber criminals within days. Only with a global recognition and global cooperation, the common goals to stop cybercrime and secure digital environments can be reached.

[eFM]: What in your opinion will be going on in 2016 in cyber security field? What will be the trend, can we expect new data breaches and cyber crimes? What companies are the most threatened?

[JS]: One of the biggest problems we see is the emerging of the Internet of Things. More and more appliances and devices that we use daily or even wear are getting equipped with Wifi-chips and are thus connected with the Internet.

At the moment there are 4 billion connected devices on the internet. This includes your laptop, tablet and your E-reader. In 2020, so only in 5 years, the number of connected devices will go up to 26 billion because of smart-watches, smart-fridges and other smart devices that will make our live easier. However, what we see at the moment is that these devices don’t have enough security on-board or even lack complete security measures. Cyber criminals are always on the look for such devices because they serve an easy entry to the rest of the network. In the future we also foresee complete “Smart Cities” and that as a concept itself comes with a huge risk factor.

[eFM]: Do you think it is possible to have security for IoT from the beginning? Or will it emerge with time?

[JS]: Yes, IOT is a problem that wants to be solved through awareness and vendor responsibility. When the customer is aware of the security risks and the vendor builds in security measures, the threat landscape of IOT looks much better than at the moment. The first IOT generation however will have some problems which we will learn from, but that’s normal with every hype.

[eFM]:Is there is anything you would like to tell or advise our readers?

[JS]: ECIPS is launching its annual CYBERPOL Global Cyber Security Summit, a platform aimed at fostering dialogue amongst, key security players - such as Governments, Corporations, Banks, Private Businesses, Academics, Think Tanks, the Military and other partners.

The Conference will review and anticipate multiple security threats such as Cyber Terrorism and Insider Threats in order to gain a comprehensive understanding of main challenges, gather lessons learned and best practices, offer operational insights as well as strategic advice on the way ahead to combat cyber crime.


17-18 November 2015 at “The Square”, Brussels, Belgium

More info: http://ecips.eu/summit/

Find Joe on LinkedIn: Joe's LinkedIn

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013