March 13, 2018
Every day businesses worldwide compete to become more efficient, effective and profitable through ever-evolving technological innovation and creativity. Unfortunately, at the same time, malicious actors are working tirelessly to leverage any and all vulnerabilities within any system they can find, or insiders they can manipulate. Over the past several years, cyber-attacks routinely have made news headlines with millions of identities stolen by nefarious actors, and nation-states monetizing the spoils, or using the ill-gotten gains for other purposes.
- Download the 2018 USTelecom Cybersecurity Toolkit : The Toolkit facilitates access to publicly available information about the venues, participants, public-private partnerships, and other initiatives that compose the cybersecurity ecosystem.
Cybercrimes on the Rise
In a February report released by the cybersecurity firm McAfee and the Center for Strategic and International Studies (CSIS), cybercrimes cost the global economy an estimated $600 billion every year, amounting to nearly one percent of the global GDP. In a survey reported in the 2018 Thales Data Threat Report, 57 percent of federal respondents experienced a data breach, up 23 percentage points from 2016. Furthermore, the Thales Report stated that 68 percent of respondents believe they are ‘very’ or ‘extremely’ vulnerable to a data breach, up 20 percentage points from 2017. To survive these growing threats, society writ large will need to engage every layer of the digital ecosystem against a common enemy. As bad actors of all types continue to leverage vulnerabilities within our hyper-interconnected digital world, it falls on responsible governments, enterprises and individuals to routinely develop and improve their individual and collective abilities to mitigate and respond to a rapidly changing threat landscape.
Advanced Persistent Threats
Nation-states are one of the most threatening actors among cybercriminals. As the rules of engagement change in the international arena, more and more states are expanding their cyber capabilities to maintain or shift the balance of power. This development has allowed international actors to leverage modern countries’ reliance on internet systems to their advantage. Apart from nation-state threats, there also are independent, ideological groups known as Hacktivists. Typically, these groups focus on what they view as vigilante acts, such as distributing government secrets, or exposing criminal behavior
There is not a single internet-connected industry that is not vulnerable to these cyber-attacks. The term “advanced persistent threat,” often applied to nation-state attacks, denotes the persistent nature of penetrating a victim’s digital space. Segments such as healthcare, education, and critical infrastructure are under constant threat of ransomware attacks because criminals assume the disruptive effects of an attack will lead victims to seek immediate relief and pay a ransom. Alarmingly, the barrier to entry for criminals with even the most rudimentary technical knowledge is strikingly low due to the growing online marketplace for malware. In Trend Micro’s 2017 Annual Security Report there was an observed 32 percent increase in new ransomware from 2016 to 2017.
Distributed Denial of Service Attacks
The rise of Distributed Denial of Service attacks, or DDoS attacks, also is on the rise because of the proliferation of Internet of Things (IoT) devices. A DDoS attack floods a server with so much information that it completely prevents the victim from being able to operate. IoT devices include devices such as home routers, surveillance cameras, Smart thermostats; anything that can connect and communicate via the internet is considered an IoT device. However, as more of these devices flood the market, especially from international markets with little interest in addressing security vulnerabilities, the digital ecosystem becomes vulnerable to massive attacks that leverage exponential connectivity. A recent report by Unisys Security found that consumers are aware of these threats and are concerned about the possibility of hackers accessing internet-connected medical devices, such as pacemakers, defibrillators, or insulin pumps. Criminals have found ways to exploit vulnerabilities within these devices, such as factory set passwords or outdated software, and install malicious, unseen bots that run various automated tasks. After many devices have been leveraged, the criminal has successfully created a botnet, and are able to remotely run large-scale DDoS attacks from their command and control center.
A Global ITC Approach to Combatting Cyber-Attacks
As seen through these examples, one weak link in the security chain can jeopardize large parts of the global digital ecosystem. To combat these threats and to bring global capabilities to the effort, USTelecom and the Information Technology Industry Council (ITI) recently partnered to form the Council to Secure the Digital Economy (CSDE), bringing 13 of the world’s leading global infrastructure providers together to focus on innovative and cost-effective solutions and actions. With the vast majority of attacks emanating from overseas, including vulnerable devices manufactured in other countries, private sector entities with global footprints are best positioned to promote pro-security, and innovation and investment friendly, policies across the global digital economy. The hyper-interconnected nature of our digital economy creates systemic risks that can only be mitigated by rapidly mobilizing the entities with the critical ICT functional resources. At the heart of this and other collaborative efforts is the notion that no single entity or sector acting alone can stymie the progress that our adversaries are making every day. Absent such a commitment, we face an existential threat given our collective reliance on the global digital economy.