If you can’t do the time, don’t do the crime.
If only this idiom held true in the cyber realm. Left unchecked, state-sponsored actors and cybercrime groups have had no reason to pull back and instead, have become more aggressive, marking a paradigm shift across the cyber landscape in Q2 2021. The most flagrant examples are recent supply chain and managed service provider (MSP) compromises, a longstanding nation state stratagem now co-opted by organized cybercriminal elements operating freely within regimes that turn a blind eye to cybercrimes launched from within their own borders.
Naturally, Western democratic leaders are racing to define boundaries on the ever-blurring line between organized crime and national security threats. The rule book is now being written — only, it’s always far more difficult to define and enforce a boundary after the fact. Thus, the strategies and actions of government leaders and the cybersecurity community will be vigorously tested as many of these threat actors have operated with relative impunity over the last decade, using this time and freedom to innovate, continually refine their techniques, and become even more efficient in their malicious endeavors.