Cyber Security – Whose Responsibility Is It?

cyber security banner

Have you ever experienced identity theft that forced you into a zero-cash state for an amount of time that feels like forever? Or have you ever wondered how that app knows you so well—your habits, your route to work each week, your interests? The more we shift towards personalization, the more data is collected about your every move.  And that’s borderline cyber stalking, no?

This makes cyber security ever more important. What is it, you ask? According to TechTarget:

“Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access” [1].

For any app, website, or technology in this online economy that collects personal data, one may hope that the company does just as much to protect it. However, this is an area that constantly faces challenges. A survey conducted by the ISACA and RSA showed that 76.6% of respondents expected an increase in security attacks in 2014 compared to 2013 [2]. In fact, the top 5 cyber security risks for 2015 as mentioned by CNBC are as follows [3]:

  1. Ransomware: Malware that restricts access to your own data and then requires ransom payments for re-access.
  2. The Internet of Things: Vulnerability of physical devices connected to the internet.
  3. Cyber-espionage: A war between national governments fought on the keyboard.
  4. Cyber theft increases: Stolen financial information, such as credit or debit cards, on the black market
  5. Insecure Passwords: Passwords that can be cracked effortlessly

These are no small risks and they appear to be inter-related to a degree. Moreover, cyber security is a national security issue and a hot topic among presidential candidates – a cyber war against China and Russia [4]. Additionally, according to a report on CNBC, China attacked Apple’s iCloud to steal data related to iMessages, photos, and contacts [5].  Apple has the reputation of ultimate security, yet weak passwords and public access to data make it easier to crack passwords and answer security questions. On the other hand, as technology companies increase privacy and security on apps and devices, the country’s intelligence services will continue to go dark reducing their capability to prevent such attacks. Perhaps this is why cyber security continues to be a challenge, it is an ever-lasting complex battle with a lot of gray area.

Fortunately, VCs are continuing to invest in cyber security startups each year. In 2014, 240 cyber security startup deals collectively amounted to $2.5B in funding, and 2015 is on the same trajectory [6].  As startups continue to mobilize, founders should ensure that an adequate amount of resources are invested in cyber security.

Sources

  1. http://whatis.techtarget.com/definition/cybersecurity
  2.  http://www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf
  3. http://www.cnbc.com/2014/12/19/top-5-cyber-security-risks-for-2015.html
  4. http://www.wired.com/2015/08/lets-school-presidential-hopefuls-cybersecurity/?mbid=social_gplus
  5. http://www.cnbc.com/2014/10/21/china-targets-apples-icloud-with-hacking-attack-report.html
  6. http://www.inc.com/will-yakowicz/cybersecurity-companies-on-pace-to-raise-2.5-billion-2015.html

By: Shemeka Neville

 


2 Comments

  1. Muralidhar Selvamani

    You raise a very important but complicated question, Shemeka. Just like in the physical world, there is (or can be) no such thing as absolute security in the cyber world (btw, Apple is just as vulnerable but it made economic sense to go after Windows devices given their volume). It eventually boils down to a trade off between privacy and security. That's a difficult tradeoff because of historical and technological reasons.

    The internet wasn't designed for the kind of uses that we see today. It started off as a way for geeks to connect with each other and exchange information. The packets that carry the information had details about the destination and not the origin. This anonymity was hailed as a powerful tool for the oppressed, activists and dissidents. But, the same anonymity can also be used to cause harm of the type you mention. The real challenge is in attributing an action to a person. VC funds and technology can help us only get so far as to identify the node on the network but it is extremely hard to establish a physical link between a machine and the person behind it in a manner that will be acceptable in a court of law. Multi stage attacks (X takes over Y's machine to launch an attack on Z) and anonymization networks like Tor only make things harder. What happens when a machine is shared?

    There are different actors (businesses, consumers, nations, hackers etc) with varying needs and objectives but the system is one. It's not going to be possible to make a system that's secure against hackers but allows a backdoor to our intelligence agencies (key under the doormat). Also, how much of the anonymity are we willing to sacrifice in exchange for enhanced security? Making the system work better is important but will require a truly herculean interdisciplinary effort involving legal eagles, policy wonks, technology geeks, regulators, government officials, businesses and consumers like you and me. Unfortunately, that's easier said than done.

  2. Laone Hulela

    Your topic on cyber security is a very important one especially given the increase the number of organizations involved in cyber crime and its increased profitability. I think addressing cyber security and making it more effective is important, however, equally as important is to punish those who engage in this malicious activity and deter those who would want to get involved. While I was evaluating the impact of the work of the United Nations Office on Drugs an Crime, I was able to visit Mexico's Policia Federal or Federal Police. The technology that they showed us and the Facebook, Twitter, and email accounts of known criminals or people they were investigating shed light on how cyber security as Muralidhar says is something that can never be accomplished. They also showed us data on the number of cyper-espionage attacks leveraged on the Mexican government in a day. The interesting point is that these attacks were probably not really intended to wreak havoc on Mexico but because the cyber network of the Mexican government is very intricately linked to that of the United States, and that Mexico is easier to access, a successful attack on Mexico would easily have dire consequences on the US. In fact a lot of the tools the Mexican officials were using were donated or installed with the help of the US FBI.

    Undoubtedly, without cyber crime there would be limited need for cyber security. The United Nations states that cybercrime is an emerging form of transnational crime. The complex nature of the crime as one that takes place in the borderless realm of cyberspace is compounded by the increasing involvement of organized crime groups. Perpetrators of cybercrime and their victims can be located different regions, and its effects can ripple through societies around the world, highlighting the need to mount an urgent, dynamic and international response. Our governments are still trying to wrap their hands around this growing problem and how to effectively punish perpetrators who span across multiple countries cannot even be detected. http://www.unodc.org/unodc/en/organized-crime/eme