Treat cyber crime as a business rival to prevail one’s business stability. Cyber crime has now become an annoying part of the cyber age. Many cyber crimes are still unnoticed, some companies do not even comprehend that they have been exposed. Every year, many companies declare millions of dollars loss due to cyber crime. Many companies are so badly affected with cyber crime that they are no longer in their business. We also follow security experts’ opinion on user security, device security, security parameters and precautions, etc. Even software developers release software patches to make software secure against rising cyber attack. Still cyber crime is dominating, which can rise up a security fear in public mindset.
Cost of Cyber Crime VS GDP:
In a report released by CSIS (Center for Strategic and International Studies), the global cost of cyber crime is almost touched the figure of $575 billion, which seems a higher than the US defense budget. If we look at, the amount of loss reached to 1% of GDP of G20 countries. The amount is equal to 1.6% of Germany’s GDP and is equal to 0.64% of USA gross domestic product (GDP).
|G20 Countries||GDP||Other Countries||GDP|
|United Kingdom||(.16%)||South Africa||( .14%)|
|United States||(.64%)||United Arab Emirates||(.11%)|
What Experts says:
Jason Healey, director of the Cyber Statecraft Initiative of the Atlantic Council also suggested that the cause we often overlooked in the situation of cyber crime, the tools & techniques used by attackers in cyber attack carry equal important.
Bruce Schneier, a security expert suggested that there should be a strict security policy for criminals but people can take sensible precautions to prevent cybercrime as an initial stage. Also enhanced investigation and arrest power needed for the legal protection of citizens.
TK Keanini, CTO, Lancope said, “Treat cybercrime as a business problem – as a competitor or disrupter to one’s business continuity.”
Warren Buffett also emphasize on the use of new cyber security framework to protect companies from the risks they are now disregarding. Even company administration believes that companies are not paying attention to critical risks.
Recently, at CNBC Institutional Investor Alpha conference, global investors showed fret over cyber security. U.S. Treasury Jacob Lew said, companies have to upgrade their systems to deal with cyber security problem. Warren Buffet also showed concern about the evolving cyber crime targeting at large physical facilities such as the BNSF railroad and utility operations.
Causes of Insider Cyber Crime:
Insider threats are again a rising concern for organizations and according to PWC report, financial gain (16%), curiosity (12%), revenge (10%), excitement (6%), and non-financial personal benefits; these are main reasons of insider cyber crime. While the mechanism used in insider cyber attacks are social engineering, laptops, remote access, email, copy of data to mobile device.
Most infected sectors in cyber crime:
Cyber crime targets innocent users and renowned industry especially if we talk about the industry types then ‘healthcare’, ‘government’, ‘banking’ and ‘finance & insurance’ are main industries. Attackers can get maximum financial gains or customer’s records, unauthorized access of system and network. The most common types of incidents occur are malware, phishing, spyware, network interruption, and DDoS attack.
Issues that provoke cyber crime:
If we look at reasons that provoke cyber crime include untrained employee, lack of security awareness, suspicious employee behavior, irregular risk analysis in organizations, unencrypted mobile devices, lacking of BYOD (Bring your own device) management, insufficient fund for security investment.
What NIST says?
NIST helps organizations to identify, execute, and develop their cyber security status. Being a voluntary NIST is a risk based cyber security Framework that has a set of industry standards and finest practices to help organizations in managing cyber security risk. The Framework consists of three parts – the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core includes five continuous functions: Identify, Protect, Detect, Respond, and Recover. These Functions offer an elevated, tactical view of the life cycle of an organization’s cyber security risk management. These functions include:
- Identify function includes assessment of cyber security risk related to system, data, and assets. It also considers risk assessment, risk management strategy, third party security evaluation, regular security communication, intellectual property agreement, etc.
- Protect function is related with password management policies, access control, intrusion prevention system, identity management, security training & awareness, data loss prevention technology, etc.
- Detect involves security events analysis, web traffic monitoring, security audits, cyber threat intelligence analysis, etc.
- Respond function comprises policies and tasks necessary for prompt response to cyber incidents.
- Recover contains use of method to evaluate the effectiveness of security programs, recovering ability of organization after a cyber breach.
While the Framework profile stands for the association of standards, guidelines, and practices implemented to the Framework Core in a particular situation. The Framework Tier relates with the implementation level of cyber security risk management practices.
Doing the above tasks across organizations can mitigate cyber crime at some certain point and help to improve cyber security program. Still many organizations are overlooking policies guidelines of NIST, and technologies that represent with the NIST Framework.