Industries under Cybersiege: Time for Action
Saturday 29th January 2011 - 9:00am - 10:00am
Saturday 29 January, 09.00 - 10.00
As industries suffer from rampant cybercrimes and data breaches, how can business effectively act against cyberattacks?
The following dimensions will be addressed:
- Emerging enterprise-level risks
- Innovative industry response mechanisms
- Investing in resiliency at the enterprise level
- Cybercrime in on the rise, but many CEOs are in denial.
- Most security risks are known parties – employees or “trusted” partners.
- Cloud computing opens the door for cyberattacks.
- There has been much focus on technology and solutions, but not enough on law enforcement issues. This is changing as governments are becoming aware of their vulnerability.
New cyberthreats are looming for industries, yet many CEOs are in denial. There is a collective “ostrich-like” attitude towards the gravity and seriousness of the risks. Yet, cybersecurity spending is forecast to rise just 9% through 2013. However, companies are increasingly investing in data leakage solutions.
Security on the Internet has been compared to an arms race. There is ongoing development of sophisticated defence mechanisms, such as “cloud security” solutions that stop attacks before they reach their target. But as security solutions multiply, so do newly created weapons. Even more worrisome is the involvement of organized crime on the attack side.
Most security risks are from trusted parties – employees or “trusted” partners. In the past, “trophy hackers” used to target marquis brands such as NASDAQ, but are now scoping out middle-sized businesses to shut them down, blackmail them or exploit a business opportunity. This year, there were 10,000 times more coordinated attacks on mid-market companies on Black Monday, the Monday after US Thanksgiving when consumers either shop at retail outlets or online for bargains. Had those attacks not been stopped, retailers could have lost US$ 20 million in one day.
Although most CEOs would not knowingly risk their company’s reputation by sanctioning cybercrime, competitive business attacks could take the same form as the increasingly “vicious” competition witnessed today between emerging global companies. In a civil lawsuit, Oracle accused its arch-rival SAP of corporate theft on a grand scale. Oracle claimed SAP employees pretended to be Oracle customers to log on to the company’s websites and copy proprietary technical and customer support data. After a three-year legal battle, Oracle was awarded US$ 1.3 billion in damages.
Cloud computing opens the door for attacks. Corporations are increasingly using cloud computing solutions and services to save costs, increase productivity and achieve business agility. But many are vulnerable in this multi-tenant cloud environment to the risk of data leaks, malicious intrusion and breaches of security. Even more dangerous is that the cloud service is used by employees, but also external contractors, vendors or customers. One solution is to encrypt data when it is at rest, a solution that used to be expensive, but is becoming increasingly affordable.
Mobile devices such as smartphones and wireless computing are also vulnerable to attack. By using simple techniques, hackers can use mobile phone numbers to access the user’s name, address and workplace, as well as listen to voice messages and personal phone calls. Firesheep, a Firefox plug-in is a security nightmare. The plug-in makes it easier for even novice users to snoop wireless traffic. It uses HTTP session hijacking to allow hackers access to accounts. As Firesheep demonstrates, many websites encrypt a user’s login, but not the cookies.
Increasing attacks on US Government agencies have prompted the administration to spend a lot of money on solutions to thwart cyberattacks. Standardization could prove to be an effective tool. It is important to share information between and across industries and governments; however, many companies are reluctant to admit they are vulnerable or that they have been attacked.
One solution for mobile phones is to create chips that can assess and detect when apps on smart phones are doing things they should not. Apps should be developed that can sniff out when other apps are doing things they should not be doing.
A major challenge is that society glorifies hacking and theft, which is why a 19-year old can create a worm that infects 50 million computers and not get arrested. In the physical world, stealing and buying stolen goods is illegal and prosecuted. But in the cyberworld, viruses and worms are being created every day that cause billions of dollars of economic damage annually, but nothing is being done. Theft is theft. With no enforcement, there is no deterrent and the result is bad behaviour.
There has been much focus on technology and solutions, but not enough attention paid to law enforcement issues. This is changing as governments are increasingly faced by the horror of potential military cyberattacks and a new arms race to develop cyberweapons.
The openness of the Internet is both a blessing and a curse. When addressing cybercrime policies, it is important to reflect the multistakeholder, collaborative and generative nature of the Internet.
Magid Abraham, President, Chief Executive Officer and Co-Founder, comScore, USA; Technology Pioneer
Alfred R. Berkeley, Chairman, Pipeline Financial Group, USA; Member of the Foundation Board of the World Economic Forum USA
Michael Fertik, Founder and Chief Executive Officer, ReputationDefender, USA; Technology Pioneer; Global Agenda Council on Internet Security
Paul Sagan, Chief Executive Officer, Akamai Technologies, USA
Lynn St Amour, President and Chief Executive Officer, Internet Society (ISOC), Switzerland; Global Agenda Council on Internet Security
David Kirkpatrick, Technology Columnist, Daily Beast, USA; Global Agenda Council on Internet Security
This summary was prepared by Dianna Rienstra. The views expressed are those of certain participants in the discussion and do not necessarily reflect the views of all participants or of the World Economic Forum.
Copyright 2011 World Economic Forum
No part of this material may be copied, photocopied or duplicated in any form by any means or redistributed without the prior written consent of the World Economic Forum.
Keywords: cybercrime, cyberthreat, cybersecurity, Internet, mobile phones, smart phones, hackers, cloud computing, mobile apps
Alfred R. Berkeley
Chairman, Princeton Capital Management, Inc., USA
1966, BA, University of Virginia; 1968, MBA, University of Pennsylvania. 1969-72, with US Air Force;...
XIR and Partner, General Catalyst Partners, USA
1981, BSJ, Northwestern University. 1981-91, positions with CBS, including Director of News, WCBS-TV...
Founder and Chief Executive Officer, Reputation.com, USA
Graduate, Harvard College; JD, Harvard Law School, US. Internet entrepreneur with experience in tech...
Executive Chairman of the Board of Directors, comScore, USA
MBA and PhD, MIT. Technology entrepreneur and inventor. Pioneer of technology applications in market...
- Lynn St Amour
Founder, Chief Executive Officer and Chief Techonomist, Techonomy Media, USA
BA in English, Amherst College. Tech author and media entrepreneur. 1978, exhibited video art at MoM...