Misha Glenny at #OBL13 : cyber security is big and nobody cares

Share

The third plenary at Orange Business Live started with a thriving Misha Glenny giving us an outlook for cybercrime and what we should expect to face in the coming years. This award winning author recently wrote a book (‘DarkMarket: Cyberthieves, Cybercops and You’ in 2011) and is a regular at TED talks… needless to say the guy was fascinating!

cybercrime: where are we?

Glenny identified three areas in the cyber malfeasance world which basically match with the three levels of society (individuals, corporations and states):

  1. Crime: say you manage to lure mister X, Y, Z and transferred money from his account to yours… well that’s a crime!
  2. Commercial espionage: this is all about getting access to corporations’ data to develop your business intelligence.
  3. Spying and warfare: this time it’s more about state-level actions to have the cybercrime community to enter the political arena.

Impressively, Glenny also said that the threat hasn’t really changed since the 1990. We mainly have to face:

  • Social engineering: here’s a quick definition.
  • Malware attacks: it’s still a lot about viruses being spread in corporations networks.
  • Hacking abilities: intercepting telephone calls or voicemail messages for example.

And from there, Glenny went for his next idea: since it’s all been about the same stuff happening for more than a decade, that’s because there’s a big lack of communications.

a lack of communications

Cybercrime and computer security feels boring to ordinary people according to Glenny. When he starts talking about computers and hacking skills people fall asleep. But, if like me you read and enjoyed the Millenium trilogy you may feel differently and argue that the book is about computer security and still, it is pretty amazing! So why that? Glenny assured that people loved the character of Lisbeth Salander but didn’t care that much for her computer skills. There’d be a need for a humanization of computer skills: something that people can relate to.

So generally speaking, Glenny pushes for a better understanding of the computer security world: on the contrary of the following video, it’s very important for IT department not to be forgotten in the basement of the company. It should be part of the game just like any other department. And IT people should start learning common people vocabulary and put on their shoes… ;-)

and yet it could be World War III already in the cyberspace

While people (and corporations) don’t care or don’t want to care about such issues, the thing could turn into a nightmare. Indeed, Glenny spent over 200 hours interviewing hackers and cybercriminals in the flesh and discovered the story of the CarderPlanet (and its successors) which was the first hub site for the cybercriminals to interact and trade their wares in the relative open.

This organization of cyber criminals (if hosting public conferences doesn’t mean they’re not organized…) has led Glenny to ask about how it worked: how can you trust someone when you know he’s a criminal? The whole thing then became quite clear: it’s organized into a cyber-mafia and its members are required to stand up when called for ‘duty’…

Needless to say that such a powerful body could well launch massive attacks to others: individuals, corporations or states. Glenny didn’t say so but I guess he’s pretty afraid of what it does during (cyber)wars. Fortunately, we can’t say companies and states are as unaware as individuals: $99 billion were spent on IT security globally in 2011.

a solution?

So what’s Glenny’s solution to this mess? Well he quoted Sun Tzu and his ‘Art of War’: know your enemy. In other words we lack human intelligence. Who are these cybercriminals? How did they come to such a situation? Is there any common trait?

Glenny’s opinion is that all of them follow a recurring pattern: they developed their hacking skills on their own when they were young, when they had no idea what morale meant. So his solution is simple: detect people like this and hire them for the good of society.

Although I love his human approach of the issue I can’t help to think it’s not enough. What do you think is missing?

Rémi

PS: just found out on TED’s website one of his talks and it deals with pretty much all this so watch it!