[BreachExchange] Who really benefits from cyber-attacks?

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jul 24 20:31:29 EDT 2017


http://www.ibtimes.co.uk/who-really-benefits-cyber-attacks-1631680

Large-scale, carefully targeted cyber-attacks are threatening companies and
state institutions like never before.

Whatever the objective of the criminals, be it enrichment or destruction,
these intrusions into information systems raise enormous challenges for
victims. The economic cost of recovery can be high, but the main issue is
that attacks put reputations at risk.

The US retailer Target spent an estimated $252m to restore security and
confidence after the private information of 70 million customers was stolen
in 2013. Intruders hacked the software installed to pilot heating systems
in retail outlets in order to gain access to Target's critical information.
The company selling this system collapsed soon after the event.

Business firms need to take cybersecurity seriously. They must invest in
technical and behavioural protections. But reaching total protection is an
illusion.

Security, like doping, is like an innovation race: hackers identify and
step into security breaches, experts plug the gaps, then crooks find new
ways to break in.

Companies should increase protection and prepare themselves to face
cyber-attacks. The question is not "are we going to get hacked?", but "when
are we going to get hacked?"

At the same time, more and more businesses are moving towards the cloud.
More than half of big US companies have already done it. Instead of
infinitely investing in computer infrastructure, they use third-party
servers to store and process their data. Cloud computing is popular because
providers offer high-capacity networks and computing power, low costs and
good adaptability, thanks to a "pay per use" model.

The main cloud computing providers are well-known: Amazon Web Services
(AWS) controls about half the market. Microsoft Azure is about one third
the size of AWS. Relatively smaller actors include Google, IBM and Oracle.
These companies have achieved impressive growth rates over the last five
years, sometimes higher than 100% per year. And they continue to invest in
computer and network capabilities, in machine learning and artificial
intelligence, creating more and more services.

These companies have no choice than to be among the most secure businesses
in the world. Their internet-based core businesses simply cannot afford to
be disrupted by cyber-attacks. Look at what happened to Yahoo after its
2016 security breach was released. Verizon Communications was about to buy
Yahoo for $4.8bn in July 2016, but the revelation of a data theft
contributed to a drop in the sale price to $4.48bn in February 2017.
Security is undoubtedly an essential business requirement for the main
players in the internet and the cloud.

Consequently, it's likely that Amazon, Microsoft and others will benefit
from the rise of cyber-attacks. As these firms are reputed for their
expertise in security, other companies would do well to accelerate the
movement of their information systems into the cloud. They will profit from
the classic cloud advantages, but also from the advantage of locating their
data in an environment perceived as safe.

Cyber-attacks destroy victims' value. But cyber-attacks are likely to
create huge value for the few dominant cloud actors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170724/bc659486/attachment.html>


More information about the BreachExchange mailing list