Home NEWS WORLD NEWS The great data robbery: Modern capers can leave US broke, vulnerable

The great data robbery: Modern capers can leave US broke, vulnerable

Matin Karim
-
0
The great data robbery: Modern capers can leave US broke, vulnerable

The Hill, April 1, 2018

 

Why rob a bank?

 

“Because that’s where the money is.” Willie Sutton claimed he never uttered those words. Regardless, it makes for good lore and a cautionary tale. The reality is bank robbery is down almost 50 percent from 2003, and the amount taken has dropped from $73 million in 2003 to $28 million by 2015 according to the FBI.

 

What’s gone up

 

Data breaches. Ransomware. Intellectual property theft. According to the 2017 IBM and Ponemon Cost of Data Breach Study, the average cost of a data breach was $7.35 million. With a reported 1,579 breaches, the potential impact just to recover was $11.6 billion.
The business sector accounted for 91.3 percent of all breaches.
Damage from ransomware attacks (not just the ransom, but downtime, lost business, etc.) was $325 million in 2015. In 2017 it’s expected to top $5 billion.
The average cost per capita of a breached record in 2017 was $225, up from $188 in 2013. With over 178 million records exposed last year, that means the impact was over $40 billion. A billion here and a billion there and pretty soon we’re talking serious money.
The profile of the attacker has also changed. Instead of individual hackers and small-time criminal organizations, Russia, China, North Korea and Iran now make up the quartet of adversaries the United States should be most concerned with when it comes to cybersecurity. The resources and technical capability of nation states can easily overwhelm the vast majority of private sector cyber defenses.
According to the Commission of the Theft of Intellectual Property (the IP Commission), the cost to American business annually of the theft of trade secrets could reach as high as $600 billion.
When these ill-prepared companies are hacked, the CEOs get punished. Failures in leadership are being dealt with faster than ever when it comes to a breach or intrusion. The massive Equifax hack was reported on Sept. 7, 2017. On Sept. 12, two senior security executives “retire” — a euphemism for quitting before getting fired. On Sept. 26 the CEO, Richard Smith, also “retired”.
Disasters have consequences.

 

The times they are a-changing

 

The penalties for stealing intellectual property usually result in litigation and a settlement. For example, Uber was sued by Waymo for a variety of offenses, including theft of trade secrets from the self-driving car division at Alphabet.
Try suing China, or Russia. Forget North Korea or Iran. It won’t stop or deter them. Criminal indictments mean nothing to state actors. The threat of the insider working for one of our adversaries, combined with the resources of an entire nation, change the nature and complexion of the problem for the private sector.