Cybercrime more costly that the global recession?
Although the much-heralded Conficker botnet threat has now passed its 1 April deadline without causing much of a stir, huge concern remains regarding cybercrime and data security. Conficker infected machines did appear to contact an update server but no other activity relating to the infections have been reported. The Sans Institute, which tracks such outbreaks, reported only minor impacts and cited proactive scanning by organizations as one of the causes of the reality not equaling the hype.
Regardless of the Conficker storm in a teacup, cybercrime stakes remain massively high. Security vendor McAfee has reported that companies in the US, UK, Germany, Japan, Brazil, India and Dubai lost US$4.6 billion in intellectual property last year as a consequence of data security breaches. Those companies that lost intellectual property (IP) spent close to US$600 million firefighting the issue and repairing damage. The McAfee study also estimates that global damage from data loss will ultimately top US$1 trillion - coincidentally the sum reckoned at the G20 summit to be required to start fixing the recession.
The issue affects almost everyone with rival vendor, Symantec, reporting that 98% of organizations polled in its 2009 Managed Security in the Enterprise Report have experienced tangible loss as a result of cyber attacks. Of great concern is the fear that the recession will put pressure on security budgets even as the problem continues to proliferate.
Governments are stepping up to the plate, however. In the US, a new bill has been presented to Congress that aims to see mandatory computer security standards imposed on government and private companies that control critical infrastructure in the US. The bill would see the creation of a National Cybersecurity Advisor, who would have powers to shut down power, telephony or environmental supplies if an attack took place.
These vast numbers are sobering and indicate that what has often been thought of as a geeky little problem has quietly mushroomed under the radar into an issue that demands the attention of heads of state as well as heads of IT.