The cost, while enormous from a financial standpoint, goes beyond monetary issues — infrastructure, societal stability, national security and mental health, both group and individual, are also at risk.
BY FAISAL HOQUE
Government, business and society as a whole are increasingly relying on technology to manage everything from public services to business processes. As this migration into the digital universe continues and accelerates, the threats of cybercrime and security lapses of all sorts loom large.
The cost, while enormous from a financial standpoint, goes beyond monetary issues — infrastructure, societal stability, national security and mental health, both group and individual, are also at risk.
If that seems like an overreaction, consider the issue from the most specific perspective possible. According to Javelin’s 2020 Identity Fraud Survey, roughly one in every 20 Americans are impacted by identity theft every year. Monetarily speaking, that translates to roughly $17 billion in fraud.[1]
Upping that scope just a bit, according to a recent report by IBM and the Ponemon Institute, the average cost of a data breach in 2021 in the United States was a shocking $4.24 million, a 10 percent jump from the prior year.[2] Security fails are particularly devastating to small businesses — an estimated 60 percent close within six months of being hacked.[3]
There are a variety of reasons why cybercrime is exploding exponentially. First is simply the reality that an array of entities, from small privately run businesses to expansive government agencies, are using digital-based systems more and more. And greater use means a broader variety of targets.
Further, from an entrepreneurial standpoint, the bad guys are also doing a terrific job of coming up with new ways and tools to compromise all sorts of digital systems and networks. In mid-April 2022, U.S. officials announced thediscovery of an alarmingly comprehensive and effective system for attacking industrial facilities — including the ability to cause explosions.
Private security experts speculated it could take months or years to develop strong countermeasures.[4]
That’s discouragingly consistent. While those with malicious intent are proving to be alarmingly innovative, those on the other side have simply not been keeping pace with means with which to fend off such increasing attacks — even to the point of training an adequate number of people to join the fight. As detailed in the report, “The Life and Times of Cybersecurity Professionals 2021,” the Information Systems Security Association found nearly 100 percent agreement among respondents that the so-called “cyber skills gap” — the number of people trained in cyber security — has not improved in the past five years.[5]
Those and other problems are reflected in the increasing frequency and aggressiveness of cybercrime. One glaring example — faltering supply chains — became particularly evident during the COVID-19 pandemic. As has occurred in other areas of commerce, increasing digitalization of physical supply chains created new soft security points. Moreover, supply chains’ reliance on technology providers and other third parties made them equally vulnerable. And it showed — in December 2021, just one week after discovering a critical security flaw in a widely used software library, more than 100 attempts at exploiting the vulnerability were detected every minute.[6]
Another problematic issue is legal in nature. Phrased simply, there are few obstacles to getting into the ransomeware racket. So-called cyber mercenaries are eager to provide access to sophisticated cyber-intrusion tools to facilitate all sorts of attacks. And once you’re in the game, it’s fairly easy to stay. Cryptocurrencies have allowed cybercriminals to collect payments with only modest risk of detection, prosecution or monetary penalties.[7]
Greater sophistication has also allowed cybercriminals to pick targets of choice rather than simply settling for short lived opportunities. This can allow cyberattacks to be carried out at highly specific points with a greater potential payback while still letting them capitalize on short term opportunities such as natural disasters.
Outdated forms of technology also allow for an array of ready targets — even those on a relatively small scale. For example, the information that passes electronically from a work station to a printer can be readily attacked as hackers develop increasingly sophisticated tools for hijacking data bound for a printer. Looked at in another way, a system once seen as cutting edge and ultra-convenient can prove a vulnerable dinosaur to adept cybercriminals — yet another reason to ditch such tools in favor of digital platforms.
Copyright 2022 by Faisal Hoque. All rights reserved.