The Rise of Cyber Threats
The Internet is a real entity but its intangible nature creates a big challenge for security experts. As they try to secure businesses and countries against threats to their cyber-safety, it is helpful to analyze data from the past, recent statistics, and to review forecasts regarding future threats. Norwich University’s Online Masters of Arts in Diplomacy program has compiled helpful but also potentially frightening data regarding the rise of cyber threats and terrorism, its costs, who commits these acts, and what can be done to prevent breaches. The numbers below only represent known events, results, and origins of cybercrime. Many of them go unrecognized or, if detected, are never reported.
Terrorism or Threats: Are They Different?
Although every country is vulnerable, studies below refer to the United States. A cyber threat is defined by the White House as malicious behavior designed to spy on an organization or government agency, deface a website, steal intellectual property (copyrighted research or creative works for example), inflict malware, and stage DDoS events.
The FBI represents cyber terrorism as a planned attack with a political motivation aimed at compromising information systems, programs, and data; or as violence against undercover CIA agents or their equivalent in other countries.
The more common of these two types of behavior is the cyber threat, but security organizations believe that cyber terrorism will infiltrate the United States Government soon and threats will grow in their capacity to cause devastation.
Who Commits Acts of Cyber Terrorism/Threats?
Typically, amateurs are behind threats to identity information found on the Internet. Some of them do not intentionally commit these acts; they are poorly trained or unskilled in their jobs, making it more likely they would spread malware from their computers to those of others. Most threats go undetected, so it is easy to imagine a scenario like this one taking place. Only 9.9% of perpetrators are corporate spies, leave 0.1% among world-class criminals; highly intelligent individuals who use their intelligence to commit crimes for money. Studies show that there were just 1,000 cybercrime experts working in 2010 but that five years later, 28% of organizations were in need of more security experts to handle cyber threats.
Which Groups Are Behind These Threats?
Usual adversaries in the cyber world include BOT-Network Ops, which automatically and remotely infiltrate cyber systems. They are the bots a computer protects itself against by asking a user to prove he or she is human by reading words or letters written in unusual font or picking out images which share something in common from a grid of photos. Checks are becoming more complicated as BOT technology also advances.
Hackers or hacktivists sometimes commit cybercrimes for what they believe are worthy causes, but their behavior is actionable. They challenge content, stalk individuals and organizations. Hackers do this for money, not so-called “ethical” reasons.
Insiders are sometimes contracted, sometimes unlucky and unskilled. Criminal groups commit identity theft and fraud. High-tech teams and individuals are responsible for spying, destruction, and for exploiting critical infrastructure for purposes such as blackmail, fraud, theft, and committing chaos on a large scale.
The Results of Cyber Crime
Communities are becoming fearful of cyber-attacks, which cause inconvenience, or potentially worse, leading to severe financial loss or merely the sense that one’s safety is compromised. Consumers feel a loss of confidence and cybercrimes threaten public morale. Sometimes, acts of exploitation can even lead to physical casualties such as when emergency services and national security are infiltrated and interfered with. The breakdown looks like this: 67% cybercrime, 20.8% hacktivism, 9.8% espionage, and 2.4% warfare. In other words, civilians and professional or personal computers are the most likely targets, not national systems.
Costs of Cyber Crime
In spite of its virtual nature, threats to cyber space cause real damage and substantial costs. In 2013, Americans spent $11.56M repairing the damage, but that figure had risen by nearly $4M as of 2015. Daily loss is estimated at more than $21,000. The most common targets are financial establishments such as retail, financial enterprises like banks, and insurance agencies. Media, entertainment, and high-tech industries are also commonly threatened. As consumers increasingly move their information to digital realms, share more private information over the internet, and use e-commerce for shopping, they are more frequently threatened and the price rises. Detection takes longer as well, up to 200 days currently.
Attacks on Critical Infrastructure
Experts have been predicting a successful attack on U.S. critical infrastructure in 2016 and widespread harm by 2025. There were nearly 300 threats to this infrastructure in 2015, critical infrastructure being local and national security, emergency services, water, and energy. Every company experienced an average of 99 successful attacks of which about 70% were never detected.
Rising Fears in the Greater Community
Of all United States companies, a third took out cyber insurance in 2016. Money spent on cyber-protection is increasing: from $75B in 2015 to a predicted $175B in 2020, so at least one legal type of organization is financially benefiting. Spending on cyber insurance is set to increase too: from $2.5B to $7.5B in the same five-year period.
Studying for Security
In order to prevent widespread security breaches, the United States Government conducted an experiment. Web professionals attacked their own network to find out how employees would respond. Alarmingly, almost 90% of defense systems were easy to breach. Only 4% of illegal entries were detected and, of those, only 5% were reported or investigated. More education in identification, prevention, and resolution is needed to complement additional programs and security methods.
Security for the Future
The U.S. Government realizes they must improve security at the national level. Intrusion protection will involve installation of new firewalls and upgraded, high-tech security programs. They aim to reduce the time it takes to detect and resolve instances of cyber-attacks using special security integration tactics. Ideally, new defense mechanisms such as more application security and better IP filtering will keep attackers out more often than not. IT professionals are working on the detection of malicious code before it gets through the firewall. If threats get through, the time it takes to find perpetrators should be reduced substantially with the training of more cybercrime agents.
Add this infographic to your site