What are the consequences of getting cybersecurity wrong?
According to Bryce Boland, CTO for Asia Pacfic of Fire-eye, not having strong defenses isn’t just a question of hurting your brand or your reputation—or even a matter of harming your customers. It’s a question of life or death, and he says cybersecurity teams and business leaders need to pay attention.
“They don’t understand the implications when criminals steal information about customers,” he says. “What people fail to recognize is that quite often what’s happening is that criminals are getting this information and they’re using it to do a variety of criminal activity that has an impact on the larger world.”
Cyber criminals are stealing identity information and could be renting properties to manufacture drugs, to conduct and operate prostitution rackets, or even run slave-trading activities. And that's not all.
“We also see criminals stealing money in order to sponsor or fund terrorists activities—to purchase weapons, to purchase bomb-making materials or set up safe houses for planning,” he says. “That has real-world implications for millions of people. The drug trade doesn’t exist in a complete vacuum.”
This means getting cybersecurity right, and protecting customer data, is imperative for organizations.
“They don’t understand the responsibly that they have when they collect that data. That is the big disparity we have today with cybersecurity. The implications of failure are huge. Absolutely huge, and yet the expectation is that it’s just going to impact the bottom line,” Boland says. “It’s very easy for a terrorist organization to raise money using cybercrime and that’s the kind of thing that is going to make business leaders… it will force them to take responsibly.”
Security, Boland says, is about way more than just money. “It’s a major human-risk issue, and we seem to have businesses that are completely focused on the cost to themselves and not the cost to everybody else.”
What can be done?
It starts with awareness.
“People don’t make changes in their behavior unless they understand it and decide that they want to do something,” Boland says, but he acknowledges the difficulty in connecting the dots. “Often it’s very difficult to tie a breach in an organization that happened three years ago with a bombing or an increase in distribution of particular kinds of drugs in another country. It’s hard to draw the connection, but I think people need to wake up to the reality of what’s going on.”
You can hear more from FireEye CTO Bryce Boland at RSA Conference APJ 2016 as he discusses what happened behind the scenes in some of the biggest security breaches that you didn't hear about in the news, about the new techniques and tactics of attackers, and about how the victims are responding to improve their defenses in his talk Undeclared Cyberwars: Cyberthreat Actors Targeting Asia.