What do cyber crime and soccer have in common? Both are big and getting bigger.
When the World Cup begins tomorrow, Spain, Germany, and Brazil will have the best odds of winning. They have dynamic players and play good offense.
But when it comes to cyber security, you have to play good defense, and most countries still struggle with that.
Monday, the Center for Strategic and International Studies (CSIS) released a cyber security report sponsored by McAfee that tries to quantify the global impact of cyber security. Two takeaways from the report: cyber security costs the world economy more than $445 billion globally each year and (this is alarming) cyber crime is a “growth industry.”
Just like soccer.
In response to a direct question at Monday’s press conference, the report authors said they do not know the financial impact of cyber crime to the U.S. government, but they had lots of thoughts – and criticism – about the role of government in slowing down cyber security threats.
In short – our defense needs to improve. Governments generally don’t do enough to stop cyber crime, find cyber criminals, or compile and distribute good data across the public and private sectors about cyber attacks, according to CSIS.
Having good data is important because under reporting cyber crime might result in a failure to grasp the extent of the problem, and that could prevent law enforcement from catching the bad guys.
“The more that governments understand what those costs are, the more likely they are to bring their laws and policies into line with preventing those sorts of losses,” said Stewart A. Baker, a co-author of the report.
Jim Lewis, a co-author of the report, said bad guys are able to operate with impunity. That’s in part because it remains a low risk, high reward endeavor.
Countries view cyber crime through the lens of acceptable risk, according to the report. The report says “if cybercrime and cyber espionage cost more than 2 percent of GDP, we assume it would prompt much stronger calls for action as companies and societies find the burden unacceptable.”
Losses to the U.S. economy are 0.64 percent of GDP.
And then there’s China. California security firm CrowdStrike on Monday said the Chinese army is at it again, launching state-sponsored hacks. The PLA needs to find a hobby. Last year, Alexandria, VA, security firm Mandiant – since acquired by FireEye – was the first to present evidence that the Chinese PLA is a shameless cyber-aggressor.
Their soccer team sucks, too, which is why China isn’t in the World Cup.
Why is all of this relevant? We are holding the Second Annual Cyber Security Brainstorm next week at the Newseum. On June 18 we’ll discuss data breaches, insider threats, continuous diagnostics and mitigation (CDM) and identity management. You can register here.
Since we’re talking about CDM, we also have an insightful new report on the progress agencies are making with their CDM plans and the expectations they have for the program.
Hope to see you at the Second Annual Cyber Security Brainstorm next week. In between sessions we can chat about Messi, Ronaldo, Neymar, and all the other stars who will dominate the pitch during the World Cup.
I think you’ll get a kick out of it.
Feel like sharing something Noteworthy? Post a comment below or email me at firstname.lastname@example.org.
Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.