FROST & SULLIVAN
Cybersecurity: A Global Economic
Security Crisis
|
|
Courtesy of
Growth Team Membership™
Frost & Sullivan
|
|
Governments around the world have acknowledged for hundreds of years that intellectual property (IP) is a key ingredient that can give an economy a competitive edge. Stealing IP is not new, but putting all types of IP into digital formats to facilitate modern business operations has increased the risk of IP theft. It can be done from anywhere in the world without setting foot into a building. After the theft or IP destruction, the perpetrator can move to another city or nation before the victim realizes what has happened. Thus, the ability to protect data and infrastructure is critical because it has real human impact, directly affects the confidence of citizens, and is fundamentally a political issue. At its core, cybersecurity will help to deliver economic growth.
To enable economic growth in the 21st century, governments are beginning to openly discuss the benefits and threats to national economic security through the lens of information and communications technologies (ICT). The importance of ICT across all industries becomes clearer after considering statistics from the Organization for Economic Co-operation and Development (OECD):
Cybercrime’s Four General Categories
Cybercrime encompasses a broad range activities, but cybersecurity professionals tend to group criminal activity into categories based on capabilities and impact. Based on interviews with cybersecurity professionals, Frost & Sullivan has labeled each category as follows:
- Terrorist organizations (al-Qaeda, FARC, ETA, etc.) are responsible for 0.5 percent of cybercrime
- Hacktivists (politically motivated groups such as Anonymous, LulzSec, etc.) are responsible for two percent of cybercrime
- Organized crime (profit-seeking criminals and criminal organizations) is responsible for 80 percent of cybercrime
- Espionage (corporate and government) is responsible for 17.5 percent of cybercrime
The Bigger Picture
Each of these groups uses similar Hacking Techniques with Different Intentions. Experts agree that the techniques used by hacktivists, organized crime, and corporate and government spies for espionage are similar. In fact, government agencies active in the cybersecurity sector assert that the difference between espionage and a CNA is only a few keystrokes.
The mainstream threat has matured and one cybersecurity company stated that in 2011, it was finding up to 150,000 new pieces of malicious code daily. That figure is double what was seen daily in 2010 (75,000 daily), which is also double what was observed in 2009 (approximately 37,500 daily). The troublesome fact about the growth of malware is that both the quantity and the quality have drastically increased. The vast proliferation of malware has facilitated a much broader probing of the Internet, leading some bad actors to realize there is an immense number of interesting targets that might have been ignored five years ago.
In 2011, professionals interviewed for this Market Insight contend that the overall percentage of cybercrime espionage remains relatively small, yet it occurs approximately 2-3 times per week. Conversely, the efforts of organized crime for immediate or short-term illicit profit are disturbingly frequent. It includes credit card number theft, identity theft, and browser hijacking, has thousands of variants, and occurs thousands of times daily.
Cybercrime—The Economic Impact
Cybersecurity professionals interviewed for this Market Insight expressed heightened concern about cyber industrial espionage impacting every sector of the economy in developed countries with desirable intellectual property. The concern was particularly high in the U.S., where the 21st century economy relies on technology innovation, services, and intellectual property due to the hallowing out of the manufacturing sector over the past 40 years.
The problem faced by commercial enterprises is that they do not have the resources to adequately defend themselves against cyber industrial espionage sponsored by nation-states.
Unfortunately, the issue can only be addressed at the political level, which requires governments and politicians to work together to tackle the issue head-on, even if it means risking a trade war with some nations.
The economic impact of cyber industrial espionage is difficult to quantify since most victims refuse to discuss the damage to their organization out of fear that it will impact their brands and their market valuation.
Critical National Infrastructure and Commerce
Critical National Infrastructure (CNI) includes many areas that support national economies through sale of products, services, and processes based on intellectual property.
Concerning private enterprise, governments, and cybersecurity professionals, economic espionage in critical infrastructure areas is most likely responsible for the largest transfer of wealth in recorded history. This transfer of wealth will impact every sector of developed national economies, forcing companies to compete against industries in developing economies that offer products directly based on their own stolen intellectual property (IP).Not only will IP be stolen and reproduced, but the IP thieves will also steal mission critical business information including:
- Customer lists
- Sales prices
- Go-to-market strategies
- Information necessary to outbid the same companies from whom they stole IP
Job #1 for the CNI community is to apply the last 20 years of enterprise security learning to CNI systems. It is not acceptable for CNI command and control systems to be protected by a default password because it’s on a network that few people supposedly access. Laziness towards CNI systems passwords is not uncommon and it can be easily fixed.
To adequately counter the security threat associated with Commoditized Communications Network Infrastructure, CISOs must take the position that the network is already compromised and that data is being intercepted. Advice frequently given by government and private enterprise is that employees should avoid unknown Wi-Fi networks with mobile devices and use cellular networks for data when they are not in the office.
While that advice used to be sound, it is no longer valid, and mobile networks should be treated with the same level of suspicion as other networks.
Get Out of Denial and Demand Accountability
A common problem affecting the business and government organizations regarding cybersecurity is denial that they have a problem. The first step a CISO must take is to acknowledge the inevitability that your organization is or will soon be compromised. This is what separates the good CISOs from the less competent ones. Make everyone in your organization accountable. State the reasons for company security policies clearly and succinctly in a training session. At the end of the session, make everyone sign an agreement to uphold company security policies. This takes away ignorance as an excuse, and since cybersecurity relies in part on behavioral strategies, making everyone accountable is important.
Information sharing and aggregation with a trusted community is a cybersecurity best practice. The use of multifactor authentication is one of the most ignored pieces of advice given today, yet if it were taken seriously, it would significantly strengthen cybersecurity defenses.
There are multifactor authentication technologies that are available and easy to use for the young and old that can be implemented to reduce resistance to using it while delivering immediate benefits. It is unconscionable that banks continue to use 1960s authentication technology that asks a username and password for online transactions. The use of random number generators or another type of multifactor authentication for online transactions should be standard in 2011. Further, the use of GPS systems in mobile phones could also be used as a multifactor authenticator for users making withdrawals from ATMs.
If business leaders refuse to see the long-term benefits of better security, governments will have to legislate cybersecurity requirements.
This is a brief excerpt from
Frost & Sullivan’s Cybersecurity: A Global Economic Security Crisis, an extensive analysis of the cybersecurity and cybercrime. A long but worthwhile read.
|
|
 |
 |
|
|
|
|
|
|
|
| |
|
|
|
 |
 |
|
 |
|
 |
|
 |
|
 |
 |
Share your views and
experiences in GIL—submit a paper,
case study, article or blog |
|
Email
gilglobal@frost.com
for more
information and to contribute. |
 |
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
