Time to wake up to the cyber threat

By John Reiners

Like many people, I have become a little nonchalant about the cyber threat. We have been told for so long that crime, war, and terror are moving online, yet few people I know have been directly affected. I also treat many of the research reports on the growing threat with suspicion—the story has been the same for so long, the multi-trillion-dollar impact routinely estimated use heroic assumptions, and many are sponsored by cyber security firms. Yet in the past month or so, a few news articles have grabbed my attention.

  • On September 15, the FBI released a public service announcement about the growth of ransomware, asking that all attacks be reported. This year has seen a fivefold increase in ransomware attacks. Kits can be easily bought on the dark web, and many attacks ask companies for relatively small amounts, payable in bitcoin, for decryption keys to restore access to their data. But there is growing evidence that attacks are getting more sophisticated, targeting host servers and systems, and demanding higher payments for more business-critical and valuable data.
  • Also in September, there was a distributed denial of service (DDOS) attack on the website of Brian Krebs, a notorious investigative reporter and blogger on cybersecurity. The significance of this particular attack was the firstly the sheer scale (one of the largest ever recorded) and secondly the fact that it used a different attack method, using a botnet of IoT devices, like camera equipment and digital video recorders, rather than PCs.
  • Last week, I read a report on the growth of cyber espionage, in particular how Chinese companies are being accused of stealing western intellectual property worth hundreds of billions of dollars (which the Chinese government denies). For example Pelamis Wave Power, an innovative Scottish company, lost several laptops after being visited by a 60-person Chinese delegation—and then noticed the launch of a very similar project in China a few years later.
  • I also read about the opening of the UK’s new National Cyber Security Centre, a flashy new building in London with a staff of 700. The centre will have sector focused teams to provide advice to companies on how they can best defend themselves from cyber attack.

All of these stories demonstrate how cybersecurity continues as a race between those working in attack and defense. The proliferation of these reports tells me that this race is accelerating. And to successfully defend against the evolving cyber threat needs more than boffins in a shiny new building—it also needs active policy (for example, the European Commission is now discussing stricter IoT security standards), higher standards of security for industrial products, and greater security hygiene on the part of businesses and individuals. It’s not a race that we can afford to lose.

John Reiners is Oxford Economics Managing Editor Thought Leadership, EMEA. He manages research programs on a wide range of topics, including digital economy and international trade. He also follows emerging trends, like cybersecurity. He can be contacted at jreiners@oxfordeconomics.com