We live in a relatively peaceful time in the history of mankind – the chance to fall a victim to genocide, hostilities or an armed attack on the street is minimal as compared to past epochs. However, we witness a change in the very paradigm of crime today: criminals have moved to the Internet.
Cybercrime is becoming global and more dangerous than traditional organized crime. Experts of the World Economic Forum call cyber attacks to be one of the major global risk next to environmental and geopolitical problems.
Analysts at McAfee estimate that the damage caused by cybercrime was about USD 600 billion globally in 2017, which was 35% more as compared with USD 445 billion in 2014. Theft of intellectual property accounted for at least a quarter of the damage caused by cybercrime.
Banks still are the favorite target for cybercriminals. However, we should note that almost all spheres of the world economy are potentially vulnerable to attacks today. That is clearly demonstrated by the year of 2017, which was distinguished by the data leakage from Equifax, Wannacry and Petya ransomware and attacks on power grids. It took just a couple of days for the WannaCry virus to infiltrate 200,000 computers in 150 countries of the world. The estimated damage caused by WannaCry was at least USD 1 billion. According to the Institute for Social and Economic Change, the losses suffered by Ukraine as a result of cyber attacks by the Petya virus amounted to USD 466.3 million. And according to Kreston GCG, 61.5% of companies in Ukraine suffered from frauds, 40% of which accounted for theft of assets and fake costs. 20% of Ukrainian companies estimated the damage from fraud to be from 100,000 to USD 5 million a year.
It would take us too long to list such facts, so let us focus on the tools to counter such threats and, which is even better, on the measures to prevent them.
I would focus on the following steps to counter cybercrime:
- Establishment of a single decision-making center and implementation of a state cybersecurity policy
The main obstacle in the cybersecurity issues in Ukraine is the absence of a responsible authority.
First of all, it is necessary to develop a regulatory framework and the relevant data exchange regulations. Then, a single repository database for historical data and current information should be established on the basis of those regulations. For example, the Cybersecurity Innovation Center was established in Beijing, and the NATO Cybercenter was opened in Tallinn.
- Cyber hygiene
Experts note that online users today are too self-confident in issues of cybersecurity: they often are not knowledgeable in the fundamentals of cybersecurity using a lot of devices at work and at home every day. They often use the same passwords for access to different accounts. Despite their sad experience, 39% of victims of cybercrime are sure of their ability to protect data and personal information from future attacks, while 33% are convinced that their risk to get hacked is very low.
- Implementation of modern technologies
- Intrusion protection systems (IPS). They not only monitor the network, but also block any suspicious entry or exit operations. This can be a firewall or antivirus software.
- Intrusion detection system (IDS). These systems assess a suspicious intrusion as soon as it happens. When they identify something unusual, they issue the appropriate warning.
- Security information and event management platforms. These platforms collect, analyze and present network data from unrelated sources.
- Application of advanced analytical tools
Traditional instruments for monitoring and reporting are reactive in their nature. One of the reasons for the current inefficiency of systems such as IDS and IPS is the constantly increasing volume of new data they generate, which only makes it easier for hackers to conceal their actions. Analytics helps organizations around the world to process quickly and analyze large data on the network without human involvement. Assessment of these data in their flow in real-time, i.e. at the time they are created, provides organizations with the opportunity to detect abnormal behavior much earlier and to prevent cyber attacks in their early stages. At the same time, they decrease the probability of faulty actuation and duplication of risk notifications.
- Development of instructions and training the staff
Companies should also develop internal policies for using these hardware and software complexes, as the availability of advanced tools in itself is not enough to ensure that you are able to avoid losses caused by cyber attacks. In this context, the main factor is the correct use of the necessary tools to respond risks and, most importantly, to prevent them through monitoring, processing and visualizing all necessary information at once to identify the most vulnerable sections and equipment.
It is not the question “will my company suffer from a cyber attack?” we have to answer, but today we ask ourselves: “what will I do when a cyber attack occurs?”. You should not shift responsibility to the state or to “that guy”. Many tools are already available, and some of our risks are caused by ourselves. By and large, cybersecurity, both your personal and of your organization, is in your hands.