Cyber Crime In The Digital Age
Posted 26th February 2018 by Jane Williams
When I joined my first corporate IT-security department two decades ago (Electronic Data Processing Safety Department), I was presented with a memo between the department and the CEO. The memo highlighted the new phenomenon called the “internet”, suggesting that we should indeed investigate the business possibilities further but also wondering if this internet posed any security concerns. At that time, the internet included only a few hundred thousand connected computers.
Today, with nearly 200 billion internet-connected devices, most of us cannot imagine a life without the possibilities the digital age brings. Whether you are an EU citizen, corporation or governmental institution, digitalisation has completely changed the way we live and interact.
Along with these remarkable possibilities, global citizens and corporations alike have increasingly become vulnerable to new serious cyber threats that few can understand or predict. In the EU, where many have become masters of digitalisation, we are especially vulnerable.
Last year, destructive cyber-attacks once again hit global enterprises, bringing even large organisations to their knees. In the EU, the largest container line in the world, Danish Maersk Line, had global operations severely interrupted for weeks. Other critical parts of the European infrastructure such as hospitals or retail and energy companies were also severely impacted.
Personally, I wish I were surprised by the impact of the recent attacks. Overseeing corporate security in numerous large enterprises, I can testify that citizens, corporations and public sectors around EU are combating thousands of serious cyber-attacks every day. Most of these attacks never reach the media, and even more are never discovered.
Even though the media’s interest in cyber security has shot up in recent years, we do not see many types of cyber-attacks today that we haven’t seen before. However, the complexity and volume of attacks have increased significantly. As our valuables have moved from physical to digital form, so have the criminals. On today’s internet, there is significant money to be stolen, with very little risk.
The Implications of Digitalisation
Government defence departments have defiantly discovered the value of the internet for cyber warfare and espionage, meaning large investment in both defensive and offensive cyber capabilities both outside and inside the EU. As a result, we suffer collateral damage against private citizens and corporations – casualties that few seem to notice in cyberspace.
I firmly believe that the increased intensity of criminal cyber activities must not be allowed to hinder digitalisation nor innovation. However, as a truly connected society, we cannot ignore or underestimate the digital threats originating from organised criminals, state-sponsored entities and mere opportunists who seek to explore and exploit new malicious digital possibilities. With society becoming more and more dependent on digitalisation, if the emerging threats are not handled with due care, the consequences could be devastating. Further, the trust of citizens and corporations is crucial to reap the benefits of digitalisation – trust that is currently in danger of being degraded.
In the EU, we have many new initiatives on the table that in the long run will assist in countering the new digital security threats. To name a few, the coming General Data Protection Action (GDPR) will bring new requirements for protection of EU citizens personal data, for example. Elsewhere, Privacy Shield will help protect data transfer between the EU and the US, while the EU’s Network and Information Systems Directive (NIS) will assist in protecting critical European infrastructure.
These are all good and necessary initiatives that undoubtedly will have a positive impact on EU Member countries’ data protection capabilities and cyber resilience over the coming years. However, with all the great political initiatives, why are we hit with increasingly advanced cyber-attacks that cause corporations and citizens alike to feel helpless when it comes to protecting their personal or intellectual data?
In my daily work I have repeatedly experienced:
- How hard it is for corporations and law enforcement authorities to investigate digital crimes across borders.
- How easy it is for cyber criminals to hide.
- How ill-prepared many citizens, corporations and public-sector entities are to face the new digital threats.
Close cooperation between Euro countries, including knowledge sharing and coordination of the handling of global cyber-attacks, is crucial for the future success of effective cyber defences. As there are few borders in cyberspace, the traditional silo approach when it comes to security must be abandoned.
The Right IT-Security
The perception gap between legislators and daily practitioners must be narrowed by stepping up concrete advice and levels of awareness. While larger corporations usually have the scale to hire and acquire the best security resources and technology, others – especially small and medium-sized enterprises (SMEs) – struggle with the term “right IT-security”.
As a result, we very often see that even basic and well-known security controls are not implemented in SMEs. As they represent 99 percent of all businesses in the EU, assisting SMEs in setting up correct cyber security measures is of immense importance for the EU’s economy. Strong support programs targeted specifically at these enterprises should be of the highest priority.
The Digital Age has arrived with a tempo few had predicted, bringing new threats and leaving many behind in terms of digital security awareness and behaviour. Digital security cannot be obtained through legislation alone but requires intense and continuous involvement by the entire digital value chain from citizens and digital suppliers to corporations, law enforcement agencies and governments. We are unfortunately still lagging behind.
We are still too scattered and too uncoordinated while building too many silos and implementing too many different local flavours. And for all those reasons, cyber criminals are prospering.
Rasmus Theede is Managing Partner at DigitalNations.eu. He has directed IT and information security functions in some of Europe’s largest companies, including the EU-Commission as Technology Director in DigitalEurope and Head of Cyber Security in Novo Nordisk IT, KMD and CSC.
The agenda for CybSec and Blockchain Health is now available to download. Take a look.
Leave a Reply