How to Combat the Global Cybercrime WaveCo-Founder and CTO of CrowdStrike Inc.
Today, our economic reliance on the internet is all-encompassing. With 40 percent of the world population now online, there is hardly an industry that has not been dramatically transformed and empowered by the communication and business opportunities that have been created. But the very thing that has been such a powerful engine of global economic growth is now threatening to undermine it.
Cyberthreats from hacktivists and terrorist groups, cybercriminals and nation states have had an impact on millions of companies, government agencies, non-profit organizations and individuals over the past several decades. Only in the past few months, an attack on the United States Office of Personal Management (OPM) by a sophisticated nation state actor resulted in the theft of highly personal and detailed records of over 21 million people. Hacktivist and terrorist groups have successfully defaced websites, launched denial-of-service attacks, which disabled access to numerous networks and systems, and leaked sensitive and private information collected from targeted organizations.
Transnational organized cybercriminal groups have stolen hundreds of millions of dollars from financial institutions and ordinary citizens. In 2014 alone, the FBI’s Internet Crime Complaint Center (IC3) received hundreds of thousands of reports with a total aggregate loss of over $800 million in 2014. But perhaps the greatest economic threat of all has been the persistent campaign by major countries to hack into the networks of innovative and successful companies to steal their most valuable trade secrets and intellectual property.
A rapidly growing number of nation states have determined that cyberespionage is a highly valuable tool not only to steal national and military secrets but also to pillage the most valuable business information from international competitors and pass it on to domestic industries to help them out-innovate and out-negotiate their rivals. This cuts through the heart of the modern economic system, which assumes and relies on fair competition in the global free market. What’s worse is that it destroys the incentive for businesses to invest in innovation and research and development if they can rely instead on the intelligence instruments of their country’s national power to steal and reuse innovation of others.
And while cyber espionage is having a tremendous negative affect on the global economy from the theft-caused drain of intellectual property and the resulting adverse incentives for continued investments in innovative growth, the threat from destructive and disruptive attacks is amplifying the risks even further. In the past three years, entertainment companies such as Sony Pictures and Las Vegas Sands Casino, and Middle Eastern oil and gas corporations, have come under devastating nation-state orchestrated cyber attacks that have demolished their networks and halted their business operations for weeks.
A rapidly growing number of nation states have determined that cyberespionage is a highly valuable tool.
But what is even more insidious is the prospect of covert modifications of critical data, such as financial records or stock market settlement statements, which could cause lasting and enormously costly damage to the global financial system and, as a result, the world economy.
What can be done to address these enormous global challenges? One of the most important is the urgent establishment of global norms among the major industrial and developing countries on issues of national security and economic cyberespionage conducted by their intelligence agencies and military services. As daily news accounts of discovered hacking incidents from around the world show us, this problem is reaching epidemic proportions, with more and more countries involved. Unless an enforceable accord can be established to regulate the impact of these activities on private sector companies and regular citizens, this issue will poison global business relationships and further Balkanize the internet.
Secondly, we need to promote broader cooperation among countries on the investigation and prosecution of cybercriminals, terrorists and hacktivist groups. We have witnessed encouraging signs with law-enforcement cooperation between the United States and China, two of the greatest arch-rivals in cyberspace.
Lastly, we need to encourage and promote further adoption of defensive technologies that can rapidly crowdsource threat data and enable companies to hunt for, detect, attribute and stop cyber attacks.
The internet is a global resource that does not belong to any one nation or alliance. It has contributed to amazing economic growth, collaboration, civil education and awe-inspiring lifestyle improvements for billions of people. We need to focus our efforts to keep it safe, interconnected and open for future generations.
This piece first appeared on the World Economic Forum’s blog.