As we increasingly push information online and become more connected with technology (the “Internet of Things”), the attraction for fraudsters to steal this data rises. Our ongoing evolution to a paperless, interconnected society raises an important question: Who is really responsible for bolstering private and public Internet and online defenses? Is the Wild West approach to the Web going to cut it in the long run, or will someone have to take the lead when it comes to a national cybersecurity game plan?
In the world of cybersecurity, the approach from private and public sectors to address cyber fraud has not come in a solid, united front. What we have seen, rather, is a damage control type of response, with companies operating in an “every man for himself” type of fashion. As data breaches are continually reported in a variety of sectors – from the IRS, to the DNC, to large merchant breaches such as Target and Home Depot – it is evident that the approach to cybersecurity needs to be revamped.
Many cybersecurity experts believe that the government can play a larger role in the fight against cyber fraud. Alan Webber, lead researcher in the International Data Corp (IDC) 2015 report, Business Strategy: Defining the U.S. Government Role in Cybersecurity, believes that government leadership can drive the modernization of technology into the next generation of national cybersecurity.
“The size, complexity, and impact of cybersecurity attacks and breaches have grown beyond the size and scope of what the private sector can effectively manage. It has now reached the critical stage where the U.S. federal government has to take a leadership role, in collaboration with businesses and academia, in defining a digital risk response continuum, in shifting our national culture to be more security focused, in establishing a platform for collaborative action and response, and in more effectively supporting research efforts against this modern digital plague.”
Webber’s report defines issues that need consideration for better national cybersecurity, which involve the government being the driving force in innovation, a new, re-defined strategy towards cybersecurity, and implementation of liability and reporting practices that would require any company that is breached to report the incident to the government.
Cybersecurity Need Creates Service and Technology Demand
Webber’s quote rings a timely bell. The growth of cybersecurity – due to cyber fraud – has reached a frantic pace, creating a demand for trained professionals that has left companies scrambling to fill the desperately-needed positions. Research shows that market demand will only continue to increase its pace in years to come.
Cybersecurity Ventures’ Q3 2016 Market Report projects that $1 trillion will be spent globally on cybersecurity from 2017 – 2021. It further anticipates a 12-15% year-over-year growth during that same time period – a substantial increase over the 8-10% projected growth predicted by several industry analysts.
“Cybercrime costs were widely reported in 2015 as costing businesses globally between $400 and $500 billion annually,” said Steve Morgan, founder and Editor-In-Chief at Cybersecurity Ventures. “In 2016 the newer estimates have moved the needle on cybercrime costs to $2-$3 trillion. Clearly that is going to trigger more cybersecurity spending. As cybercrime rises, so does cyber defense spending — it’s the nature of the beast.”
And Juniper Research predicted last year that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019 – almost four times the estimated cost of breaches in 2015.
Cybersecurity Protection – Steps Government and Public Organizations are Taking
To better understand the fraud that is occurring, in 2015 the White House announced the creation of the Cyber Threat Intelligence Integration Center (CTIIC), an office responsible for analyzing threat data for cyber centers and integrating the information back into the cyber community and policy makers around the nation. Shortly after the CTIIC was formed, the Cybersecurity Sharing Act of 2015 was passed, which allows the sharing of internet traffic information between the U.S government and companies within the public sector.
We have also seen increased involvement from government agencies such as the Department of Homeland Security. The DHS’s website features a library of resources on all issues surrounding cybersecurity, proving that understanding and education between the government and public companies creates the solidarity that is vital for enhanced cybersecurity.
Additionally, we also see organizations getting involved on a grass roots level, providing platforms for associations to discuss the state of cybersecurity, and best practices to combat it.
On September 1st, The International Association of Financial Crimes Investigators (IAFCI) will hold their 2016 IAFCI Annual Training Conference, showcasing the best in preventative methods, tools, techniques, trends and detection in today’s financial industry of fraud.
The IAFCI – a non-profit organization with over 5,700 members consisting primarily of law enforcement officers, corporate security, financial institutions, retail and other financial crimes investigators – has a primary mission to identify and prevent financial crimes utilizing new technologies and investigative techniques.
Held in Ft Lauderdale, Florida, and appropriately titled MAKE WAVES AGAINST FRAUD, the IAFCI conference will provide an agenda that focuses on various types of fraud, and ways financial experts can come together to discuss methods to identify and prevent financial crimes.
Presenting at the IAFCI conference is Bluefin’ Director of Security Solutions, Eldred Garcia, where he will discuss the importance of securing your card data with PCI-validated Point-to-Point Encryption (P2PE). Bluefin’s PCI-validated P2PE solution encrypts credit and debit card data, preventing clear-text card data from being present the system or network, where it could be accessible the cyber thieves in the event of a data breach.
IAFCI is a perfect example of the trend toward the public and private sector working together to bolster cybersecurity, with members in law enforcement, corporate and retail, banks, the government and investigators.