[BreachExchange] The high cost of cybercrime

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jun 12 18:56:38 EDT 2017


http://www.fortworthbusiness.com/news/the-high-cost-of-
cybercrime/article_646691b4-47e1-11e7-8456-23eee754b229.html

The recent outbreak of ransomware “WannaCry” sent tremors through the
global economy and brought fears of more to come. In the United Kingdom,
the National Health Service network was hit and 16 hospitals lost access to
computer files. In France, Renault factories were idled. Phone service in
Spain was disrupted, Russia’s second-largest mobile phone provider was
affected, ATMs in China went down, and universities in the United States
experienced problems. Hundreds of thousands of systems were affected in the
first weekend alone. Even beyond the immense inconvenience, there is a high
economic cost.

When a major computer breach is detected, such as when account information
for millions of customers is stolen or people around the globe are hit with
a single virus, we are likely to hear about it. What we don’t necessarily
hear about are the countless instances of small- and medium-sized firms
being hacked, not to mention the individuals who are affected. Put it all
together and it’s a big problem for the economy.

The cost of cybercrime has been rising rapidly. Estimates of the global
costs are in the range of $500 billion per year, and they are expected to
be in the trillions just a few years from now. There are other costs not
reflected, such as industrial spying or access to confidential records.

Another consideration is the large cost to productivity. Firms devote
enormous resources to security not only through purchases of sophisticated
firewalls, software and consulting fees, but also in the form of time spent
or lost by employees as they tend to or are slowed down by security-related
tasks. In the wake of an attack, more time may be lost in the recovery
process. In the past few years, a new denizen of the C-Suite in most large
corporations has surfaced, usually known as the CISO (Chief Information
Security Officer).

One hidden but very real cost is increased risk to all aspects of business
activity. When economic actors (consumers or producers) feel more
vulnerable to disruptions, they respond by pricing the uncertainty. The
most obvious place this will be seen is in firms requiring higher returns
to compensate for the risk, with the result being less investment, less
innovation and reduced economic growth and potential. When this pattern is
observed across a large spectrum of activity over an extended time, the
losses can be astronomical.

Both the private sector and the public sector are affected, and there are
also national security concerns. While some attacks are financially
motivated, such as acquiring credit card numbers and other personal
information to then sell, others are more sinister, such as accessing top
secret information or weapons systems. A recent Executive Order mandates
“the use of the National Institute of Standards and Technology
Cybersecurity Framework across government, ensuring the same high standards
recommended for private industry are applied everywhere.”

State and local governments are also potential targets. The government
stores vast quantities of data, and aging systems can be vulnerable to
attacks not only from individuals or entities but also from other nations
or nation-states. Tax dollars are required by governments to maintain
cybersecurity, and we can expect the funding needs to grow.

It is not surprising that the cybersecurity industry has seen significant
expansion over the past few years, with no end in sight. The U.S. Bureau of
Labor Statistics is projecting that the occupation of “information security
analysts” will grow much faster than average job growth, with current
median salaries of nearly $93,000. Insurance for cybercrime is among the
fastest-growing coverage categories.

The need for cybersecurity will continue to grow rapidly as technology
pervades every aspect of modern life. The Internet of Things, which is
essentially the idea of connecting virtually anything with an on/off switch
to the internet, has the potential to change our daily lives in ways we can
hardly imagine. However, while we may be vigilant about maintaining
security on our personal computers, we may be less aware that we should
also be concerned about our thermostat, refrigerator or printer. Some
entities affected by WannaCry, for example, were attacked via aging
computers running print servers or dated production equipment.

Cyberattacks clearly involve notable economic costs, and a major attack
could wreak havoc by shutting down necessary infrastructure such as the
electric power grid or telecommunications networks. Our world is becoming
ever more digitized and integrated, and the Internet of Things is putting
“smart” in a growing list of vehicles, electronic devices, appliances, toys
and other everyday items. The benefits of this shift are many, from
increasing safety to improving productivity and efficiency to enhancing
learning and entertainment. At the same time, each connection involves a
need for security and an opportunity for a criminal to take advantage.

A major issue such as WannaCry can increase awareness and expose
vulnerabilities. Organizations around the world have been forced to place
cybersecurity at the top of their priority lists. The key to thwarting
future attacks is constant vigilance and continued innovation, staying one
step ahead of the attackers.

The benefits of technological advances are beyond measure, and progress
will not be stopped. Ensuring that our cybersecurity keeps pace is crucial
to future prosperity for individuals, companies, governments, and for
society as a whole.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170612/3da46b30/attachment.html>


More information about the BreachExchange mailing list