Would the world be a better place if there were no secrets? There would be no need to hide anything, no need to keep things under lock and key and no need to encrypt our precious or most dark information assets.
If there were no secrets there would be no cyber-crime. There would be nothing to steal and nothing to uncover. Everyone would know it already or at least have free and unfettered access to it.
Cyber-crime is an increasing problem. I know this because I attended a seminar at Sage’s head office just north of Newcastle on ‘Risk management and Cyber Crime’. It’s a beautiful world out there yet it can be a bad one as well. According to the speakers cyber-crime is a business issue and not just a technical one. Ninety per cent of large organisations and seventy four per cent of small businesses admit to having had a cyber-security breach in the last year. This is up eighty one per cent and sixty per cent respectively on a year ago. Perhaps it is a growing problem or it is now more acceptable to admit it. With the average cost of a data breach to large organisations being between £1.46 million and £3.14 million then business needs to take cyber-attacks very seriously. (Note to the speakers. How can you have an average that is described as a range? For the sake of not coming across as a right clever-clogs I let that one go.)
I also learned that there are three groups of people who are active in cyber-crime. Nation states are the first group. They love to know what each other is up to. Cyber-crime is now the way that countries do espionage. James Bond now sits at a computer. I come back to wondering if a world without secrets be a better place? There would be nothing for other states to find out.
The second group belongs to the criminals, people who steal information from you either to hold you to ransom or to clear out your bank account. As the general populace has cottoned on though, they are moving their exploits from individuals to SMEs, schools and other public bodies. The cyber-crime market moves on like any other. Are the actions of the nation states not criminal?
In third place come the activists. They are people or groups with an axe to grind. They don’t have the sophistication of the nation states and even some of the criminals. They have the lowest technical capability yet are the most unpredictable group and can cause just as much havoc.
I think there is a fourth group, those who try to hack through your defences out of devilment. These are the people who write the viruses that cause most of the security issues we have to face, just because they can. They may not be the most dangerous but they are certainly the most widespread. They are the weeds in our cyber-garden.
So cyber-crime is a business issue and not just a technical one. Everyone’s technical ability is growing as is everyone’s reliance upon technology. This has led to an expansion of the attack surface as ICT underpins the world as we know it and everything is increasingly connected.
I’m not sure I learnt anything particularly new from the seminar but then sometimes you need to remind yourself that cyber-crime is an ever present threat.