All things cyber need security in today’s day and age. But is everything thrown at us in the name of cyber security genuine? Are individuals, organizations and even governments compelled to purchase stuff to cyber-secure based on threats that either don’t exist or are exaggerated?
Not many would say this on record but there exists an impression that some part of this is done with the intention of making money. Others say warnings may be legitimate but the extent of danger is overstated.
Just as threat perceptions differ based on intensity and target, so do response to them, depending on where they emanate from and the damage they threaten to cause.
Early last year, Dr Ian Levy, Director at UK intelligence agency GCHQ, accused cyber security firms of using an exaggerated fear of hacking, especially state-sponsored threats, to sell products. “We are allowing massively incentivized companies to define the public perception of the problem,” Dr. Levy is quoted to have said.
Matter of perception
Even if non-experts or alarmists exaggerate threats, there is still a consensus that cyber security is becoming a challenge and exaggeration is a matter of perception. But there are also those who suggest that cyber threat has too often been misrepresented.
“Although the motivation for cyber-attacks has only been associated with criminal behavior, espionage, and even terrorism, current (US) administrations and the media would have the country believe that cyber war is upon us,” says American Intelligence Journal’s paper, aptly titled Cyber Threat: A Misrepresentation of the True Cyber Threat.
The article seeks to demonstrate that cyber war is a misnomer. “To date there has been an inability to acquire any substantial, irrefutable evidence of cyber warfare, only speculations based on historical information, rumors, propaganda, and misinterpretation or misrepresentation of facts,” it says.
According to the paper, misrepresentation of cyber threat can lead to loss of support, which, in turn, “would stymie the development and implementation of activities to prevent, mitigate, and raise awareness about the cyber threat”.
There is no denying though that the challenge of securing cyber space is significant and can affect organizations, states and individuals. Cyberattacks can cause havoc in telecommunications, banking, social media, medicine, and energy sectors, besides several others.
Peter W. Singer, Strategist and Senior Fellow at The New America Foundation, believes cyberattack is a real and growing problem. According to him, with last year seeing a near doubling in the number of reported cyber incidents to 159,700, they are also growing in scale.
“Mega breaches are ones that involve more than 10 million files. In 2012, there was just 1 mega-breach. Now they are happening almost every other week”, Singer told Al Arabiya English, adding that like every problem, ignorance breeds fear.
“So the best thing that one can do to become less fearful of the threats is to understand them, which also means one won’t be taken in by false threats,” he emphasizes. According to him, retail and health have seen major issues recently, but all sectors are touched by threats, from banking to energy to defense.
‘Weaponization of social media’
But are companies ready to spend more, driven by fear of being less secure? “I fear two changes mean less security. One is the emergence of the Internet of Things (IoT), which means not just files stolen, but “things” like cars or toys or buildings etc. hacked and physical damage cause,” says Peter W. Singer.
To him, the second change is the growing “weaponization of social media”, where the hack is not of the system, but the people and ideas on the system. “We see it everywhere from rise of ISIS to Syrian Civil War to Israel vs Hamas to Trump and Russia. This is what I call “LikeWar”, he says.
Eric Hoh, President of Asia Pacific at FireEye, stresses the need for greater investment into cyber security, citing the case of Singapore personal data hack that hit 1.5 million last month.
“Many businesses and governments in Southeast Asia face cyber threats, but few recognize the scale of the risks they pose. Singapore ranks among the leaders in cyber security, and we would like to see more governments follow their lead in disclosing breaches,” says Hoh.
According to him, a cyber espionage threat actor could leverage disclosure of sensitive health information, or financial health related vulnerabilities to coerce an individual in position of interest to conduct espionage.
While that doesn’t sound like an exaggeration, it is also true that there are no quick fixes to the cyber security challenge, and breaches are inevitable. Till that happens, “it’s important that business and governments work together to improve our collective security so that when breaches do occur, we can minimize the consequences,” says Hoh.
Pawel Fleischer, Warsaw-based Project Officer for Security and Defense Domain, admits there are cases, e.g. at inter-state level, where cyber threats are exaggerated. However, like sectors, countries too differ in terms of their approach when it comes to tackling cyber threats.
“It should be remembered that the state uses similar ICT technology (especially in the case of American-Chinese competition). So far, there has been no Copernican revolution introducing the technology, to a large extent minimizing the risk of attack,” says Fleischer. According to Fleischer, it is also a case of who has the wherewithal to tackle this challenge.
“In the United States, for instance, great emphasis is placed on building one’s own cyber defense capabilities in the defense sector. Only large companies, such as Google, Amazon or specialized consulting companies with a long tradition are allowed to implement joint projects with government administration,” he says.
End of the day, each sector is vulnerable to cyberattacks, depending on the intention of the attacker. Fleischer believes both governments and cyber security institutions are trying to implement new legal and procedural solutions to better safeguard against attacks.
Cost of cybercrime
Salman Waris, Partner- TMT Practice, TechLegis Advocates & Solicitors, cites industry estimates to suggest that the cost of cybercrime to the global business vary between $600-800 billion.
Hence, according to him, it can be said that cyber security is a real issue in post-modern world. This is supported by a recent research of the European Commission, which indicated that 80 percent of organization in Europe experienced a cyberattack in 2017.
“However, there may be a certain exaggeration of the threat as the estimates of the cost of show significant variation, which reflects the absence of data and differing methodologies,” he says.
Waris says cybercrime remains a growth industry and it would be correct to say we are heading toward a phase of greater cyber insecurity, especially so as more business activities move online and as more consumers around the world connect to the Internet.
“As more autonomous devices are connected the opportunities for cybercrime will grow,” Waris sums it up.