Cybercrime is big business for hackers and cybersecurity professionals alike. Black-hat hackers, a computer hacker who carries out illegal malicious hacking work, cashes in by way of gleaning company and individual bank account information, or by preventing someone from accessing his computer data and then charging a fee (ransom) to unlock it. On the other hand, white hat hackers, a computer hacker intending to improve security, will often receive lucrative positions with large corporations with a mandate to fight and protect company data.
White-hat hackers often from their own companies, providing white-hat services in an attempt to prevent data loss. A good example of the latter is Katie Moussouris, a former hacker and the founder and CEO of Luta Security, a cybersecurity company who’s main claim to fame centers on the issue of ‘vulnerability disclosure.’ Moussouris advises corporate decision makers and other stakeholders, “Don’t hate the finder; hate the vuln [vulnerability]. Prosecute crime not research).
In Terms of Global Dollars
No matter how you slice or dice it, 2017 was probably a banner year where it comes to cybercrime. According to Limor Kessem, a top cyber intelligence expert at IBM Security, “IBM X-Force researchers monitor 35 billion security events per day for over 4,500 companies in 133 countries. In this endeavor, they have found that among the many aspects of cybercrime threats and their detrimental effect on consumers and businesses, a few key threats emerged in 2016 and are not likely to subside in 2017.”
In terms of dollars lost due to black-hat hackers, it’s predicted that the state-wide losses in the United States by individuals this year, 2018, will total approximately $1.4 Trillion. The average per incident for all 50 states is expected to total $144 Million.
“Juniper research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 Trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015,” says Steve Morgan, contributing writer with Forbes magazine.
Addressing the Underlying Problems
Many years ago, local, state, and federal governments, as well as businesses of every size, did not have to spend large sums of money to protect the data they transmitted, collected, and stored. The question is, why is it suddenly necessary?
Technologically and historically speaking, yesterday’s leased telephone lines–which were often used to link company LANs (Local Area Networks) to a central hub, thus forming an enterprise or WAN (Wide Area Network)–limited the number of potential attackers to but a bare few. These leased lines were closed connections that required an attacker to be in physical contact with the line itself in order to tap into the circuit. The use of fiber-optic cables all those years ago also assured that no one could easily glean the data that coursed through it.
Learn how to write a cybersecurity RFP, choose cybersecurity partners, and implement cybersecurity technology. Download this free report for all the details.The Technology Manager’s Guide: Tips for Buying Cybersecurity Technology
Today, however, the Internet allows anyone from anywhere on the planet to attack a business or a specific individual anywhere else. This is because the Internet connects all of us across the planet.
So, is it possible to prevent the penetration of your Internet-connected data networks by resourceful, knowledgeable hackers? Yes and no. There’s no clear-cut, definitive answer, other than you get out what you put in—so the more you do to protect your network and the data that flows into and from it, the better protected it’s going to be.
The Need for User Education and Better Enforcement
User education and on-going training along with better legislation and more stringent enforcement are additional ways to assure data security. Effective laws on the books is a must and that’s not always enough to encourage or force everyone to spend the kind of money necessary to safeguard the data they harbor.
“This absolutely depends on the situation and business vertical. Some are required by law to report a breach (NY DFS) within a certain amount of time—like a couple of days–while in other cases it’s at the sole discretion [of the company involved]. We’ve helped customers draft communications to clients after there’s been a known or potential compromise,” says Karl Knudsen, Managing Partner, HighCastle Cybersecurity, New York. “Ultimately, it’s case by case; depending on laws on the books now, but that list is growing rapidly and we anticipate it being adopted across several industries.”
The solution to the cybercrime problem involves effective decisions at the top of every organization across the globe. Effective decisions rely on having the right information at the right time. For this reason, Corporate Tech Decision contacted several professionals in the cybersecurity arena to offer advice.