THE BLOG

The Cyber Security Crisis Must be Confronted

12/10/2014 06:51 EST | Updated 02/09/2015 05:59 EST
Mikkel William Nielsen via Getty Images

Everyone in the technology business knows that many web meet-ups deliver negative value -- like getting into discussions about the coolest 'start-up goatees' -- but at various recent events we have learned that the world is a very dangerous place and technology will protect us.

Despite being involved in businesses focusing on the web, privacy and data security, respectively, we have learned some stunning new information.

The number one concern of businesses in the U.S. is -- or should be -- cyber-security. According to the FBI, law firms and accounting firms conducting high value deals are the most targeted by criminals.

There are also ransom attacks. Criminals copy company data and then threaten the company with posting it all on the Internet unless the criminal is paid a large sum of money. Companies generally secretly pay. Cyber insurance is a growing business.

More critically, Thomson Reuters recently found that entire financial market infrastructures are vulnerable.

There are two types of businesses: those that have been attacked and those that have yet to find out. The attacks on most companies have been successful.

Cyber issues are now a boardroom matter.

The cyber threat comes from not only criminals, hackers and terrorists, but also from well-organized, sophisticated and funded state actors. Out of political sensitivity no countries have been mentioned explicitly at the meet-ups, but it is clear that people are talking about Russia and China.

Hackers from China reportedly recently breached the federal weather network and the U.S. Postal Service. China denies the accusations.

There are also dozens of other countries that target business.

These state or state enterprise actors do not have the same culture as the West. They often truly believe that foreign laws do not apply to them. They think that they are simply doing legitimate "market intelligence."

Companies are forced to essentially wage cyber-combat with foreign states every day.

We will be facing cyber-risk indefinitely. It is a risk -- similar to a chronic medical disease -- that we must learn to manage daily, 24/7.

The procedure and liabilities involved with much-needed sharing of cyber attack information with both competitors and our government must improved.

Doing a company acquisition without checking if the target company has been cyber-breached is like buying a house without a house inspection. Target companies should undertake the cyber inspection before the acquirer does.

However, despite these threats, smaller companies think that they are less likely to be targeted than larger companies. Smaller companies, are, in fact, being targeted now. State actors wish to mildly disrupt, i.e., "bend," the economies of the West. Targeting the future, that is, growth companies and wealthy families, assists this goal, particularly when such targets generally are "softer" targets and have a wealth of new high-value intellectual property.

Rather than perimeter defence to keep bad actors out of all of a company's data, many companies are now moving in the direction of isolating the company's most valuable assets. These companies have determined that it is just not possible to protect all information in the company.

Security is a balance -- 100 per cent security and 100 per cent corporate functionality at the same time is not possible. The terrorist threat is different. Unlike state actors, they are looking to break an economy, not simply "bend" it. Google "electronic jihad."

The GDP in western countries has already taken significant hits due to cyber attacks. McAfee has published a report that more than $400 billion is lost every year due to cybercrime. That same report shows cybercrime has eliminated 220,000 jobs in the USA and Canada, and 150,000 jobs in Europe.

We must urgently protect our companies' data better. Our economies, our jobs and our very livelihoods depend on it.

This article was co-authored with Bob Seeman, Chairman of The RIWI Corporation, a global data capture company, and the Chairman of the Advisory Board of EOPN, a secure encrypted email company. Mr. Seeman holds a B. Eng in Electrical Engineering with honors, M.B.A., J.D and is a non-practicing California Attorney.