The Fourth Industrial Revolution is well underway. It is transforming how we live, work and play. We share information about everything. We’re constantly plugged in. And as consumers, we expect the same experience at work and home.
People want their technology to be fast. They want it to adapt to their device. They want it to be available everywhere.
To do this, organisations need to open their networks securely. But adding more controls at the cost of flexibility and agility only increases risk. The challenge is getting the risk and reward balance right, as they’re two sides of the same coin.
Does crime pay?
Governments and businesses are in an arms race with cyber criminals. They’re ruthless, breaking into systems with more and more sophistication each year. But they’re not just doing it for fun; they’re doing it for profit.
They run their activities like a business – sharing resources, coming up with highly rational business models, and competing with legitimate business for the best talent.
In total, cybercrime costs the public and private sectors around $400 billion a year. So it’s no exaggeration to call these cyber criminals ‘criminal entrepreneurs.’
But it’s not just businesses that are affected. In May 2013, the identities of 16,000 whistle-blowers were uncovered in an attack on a national police force in Africa. More recently, there have been many high-profile hacks on gaming companies, revealing personal information. Not to mention hacks done for political reasons, where a group will deface a website in protest.
If businesses stand any hope of keeping ahead of these cyber criminals, they need to collaborate and challenge these hackers.
Working together to stay ahead
While cybercrime is increasing, it isn’t a technology problem. That’s like blaming an influx of houses for a rise in burglary.
It’s a business problem. But legislation limits the power of business to retaliate. And it hampers the help they can give law enforcement agencies. Cyber criminals, by their very definition, are not bound by any rules or restrictions and can collaborate freely.
So how can businesses keep ahead of these cyber criminals? We suggest three ways to begin.
1. Share what we know
Just like the criminals, businesses need to talk more about and share knowledge on all cybercrime incidents. They need to be open with each other about when the incidents happened, how they happened, and what the consequences were.
When Europol and the FBI worked together in 2014 and 2015, they took down four major bot networks – a series of infected computers that act like puppets for hackers. This was a significant blow to the cyber criminals. Imagine how much better it could be if every business worked together.
2. Build a united platform with trust
Businesses have many disparate agencies and platforms out there to collaborate on security issues, but there needs to be a coordinated approach to these. Companies need a forum to discuss issues like encryption, cloud servers, data access and protecting people’s privacy: a forum that not only facilitates that discussion, but can enforce the decisions it makes.
There’s already good progress here. For example, the Budapest Convention. This was the first international treaty seeking to address internet and computer crime by harmonizing national laws, improving legislative techniques and increasing cooperation among nations.
But more needs to be done. When cyber criminals threaten our national security, unusual teams develop – like the British code-breaking centre at Bletchley Park. And these teams thrive on the creativity, the need to do something, and the original thinking necessary.
The world needs similar approaches, if we’re to take on the challenge of cybercrime.
For starters, those of us in corporate businesses need to learn from the Budapest Convention, understand what we are fighting against and change how we work to help enforce and comply with the laws it sets out.
One good step forward is in the UK. There will soon be a new National Cyber Security Centre in October. There needs to be more like this, to make it easier to report and share information on cybercrime.
3. Challenge the criminals
Organisations need to treat cyber criminals the way they treat brands that challenge them – by understanding and disrupting their business model.
It’s clear there’s a challenge to develop a digital business model tough enough to survive a cyber-attack. Businesses need a strategy that addresses the digital risks facing the business as a whole. It’s not just about the information systems, but the customers and supply chains.
It’s time for businesses to stop thinking it’s enough to build a wall around themselves. As the fourth industrial revolution continues, that wall will cease to exist. Instead, we need to patrol our networks – continue to detect the invaders and work together to catch them.