Cyber security costs the global economy between $375 billion and $575 billion per annum and 2015 is proving to be a year of unprecedented numbers and innovative, evasive cyber attacks.
From Dyre attacks on Spanish banks to hacks of cars and the latest fervour around the Ashley Madison leaks, the writing is very much on the wall.
The bad guys are extensively connected; they are determined to use our ‘disconnect’; they are becoming bolder; and they are showing increasing ingenuity. Surely it is time for a new approach to cyber security?
>See also: Britain is paying the price of cybercrime
That was exactly the message coming from the Black Hat 2015 conference in Las Vegas last month. In a keynote address at the event, a top US Presidential official called for more trust between the government and cyber security professionals so that information about cyber threats can be shared more openly.
According to the deputy secretary of the Department of Homeland security Alejandro Mayorkas, there exists a ‘trust deficit’ between government organisations and cyber security professionals in private sector firms that needs to change.
There is a pervasive and generally held scepticism about governmental collaboration within the private sector. Anything shared with the government about cyber threats or other potentially sensitive data could be used against said companies, and vice versa.
Furthermore, questions remain over the trust and ability of national security agencies to protect information when governmental cyber security measures have so often fallen short.
Nation states deciding to take more of a prominent role in the global cyber security front line is not an entirely new phenomenon, however. Only last January, Britain and the USA’s special relationship evolved its latest adaptation, as UK prime minister David Cameron, and US President Barack Obama underlined a joint international cyber security initiative.
The announcement elevated cyber security to essentially a bi-lateral military agreement and was underlined by a further statement in February that the UK Land Force was set to deploy a newly formed web-enabled warfare unit (77 Brigade).
In the latest form of state intervention last month, police in China arrested around 15,000 people for crimes that ‘jeopardised internet security’, as the government moves to tighten controls on the internet further.
Since taking over in 2013, President Xi Jinping has led an increasingly harsh clampdown on China's internet, and the Ministry of Public Security said in a statement on its website: "For the next step, the public security structures will continue to increase their investigation and crackdown on cybercrime" with a specific focus on breaking major cases and destroying online criminal gangs.
>See also: How do you solve a problem like cybercrime?
The complexity, rapidity and frequency of cybercrime and data breaches in 2015 raises a number of serious questions, but maybe the most important is to question our readiness as civilised societies to mitigate and fight back against such threats.
The moves from nation states such as the UK, USA and China to make meaningful and proactive changes in their cyber security strategies is promising, as was the far-sighted olive branch extended by Alejandro Mayorkas during his keynote at Black Hat 2015 to private organisations and cyber security professionals.
The key to making a stand against organised and industrial scale cybercrime will be to take a different approach – the current is simply not working. For an initiative such as this to succeed, however, the allies (public and private, organisational and national) will need to put aside national/institutional misapprehensions and dogma, take a look at the bigger picture and recognise the real villains of the piece.
Sourced from Ramsés Gallego, international VP at ISACA and security strategist & evangelist with Dell Software
