CAN
Subscribe to our newsletter. Enter your details below.
US cyber security expert Marc Goodman talks to Katja Hartert of Odgers Berndtson Germany about the common mistakes companies are making in the fight against cyber crime and how they can put up a better defense.
Katja Hartert: How would you describe the development of hacker attacks in recent years?
Marc Goodman: What we’ve experienced in the last four to five years is an exponential rise in cybercrime cases. The number of hacking victims has also increased significantly.
At first, only around 200 people were affected, later it was a million. The most recent hacker attack on Yahoo was aimed at a billion customer accounts. In other words, one-seventh of the world’s population was a victim of this attack. This is cyber crime on an unprecedented scale.
KH: In a globalized world, where everything is connected, there are more and more dangers. What are your main fears?
MG: The biggest danger stems from the fact that we are providing hackers with an ever-greater surface area for attacks since the number of virtually networked electronic devices is growing steadily.
Previously, we only had to worry that our work computer might be attacked. Then came the desktop computer at home, then the laptop, then the smartphone. Now cars, airports and children’s toys can be the target of a cyber attack.
While computers are still relatively secure, the digitally-networked refrigerator is only minimally protected. Everything can be hacked. By 2020, there will be 50 billion more digital devices on the Internet of Things.
KH: What kind of mistakes are companies making when it comes to protecting their digital assets?
MG: They wilfully disregard the risks and simply seem to place their trust in the fact that any hacker will attack another company, not their one.
On the other hand, they reckon that they can tick the box next to the issue of cyber security if they have a Chief Information Officer (CIO) and an in-house Chief Security Officer (CSO). This is a misconception. The issue of cyber security is the responsibility of all executives and employees.
One of the best ways to protect against hacker attacks is relevant and creative training for front-line employees. Companies do train their employees at the moment, but these courses mostly only address regulatory changes and the consequences of not complying with them.
KH: What should companies do instead?
MG: Internet security should be a key part of the strategic development of any company. It’s also very important that companies large and small regularly practice emergency routines and make sure that all procedures are documented.
Before it does anything, every company needs to decide for itself how it would react to ransomware if it got hacked. Would it pay up or not? Recent ransomware attacks suggest these problems will become real for many companies.
KH: You have said that improving security standards is not enough of a priority for companies. What exactly do you mean by that?
MG: Most companies do not think about the issue and as a result see no reason to take action. This assessment is reasonable given the security consciousness of average consumers. They are only interested in what’s ‘cool’, not what’s ‘safe’. As a result, companies focus on bringing cool products to market and postpone thinking about security until a concrete problem forces them to address it.
KH: Are some industries more vulnerable to cyber attacks than others?
MG: Financial services providers have the highest security standards because they know they are the preferred targets for hackers. Schools and hospitals are least protected. Data misuse in hospitals around the world has skyrocketed.
KH: In Germany, four blue-chip companies – Allianz SE, BASF SE, Bayer and Volkswagen – have jointly founded the German Cyber Security Organisation (DCSO) to exchange ideas and co-operate more closely. What do you make of it?
MG: It’s a great idea, and long overdue. In the US, we have information-sharing consortia, industry committees in which companies from the same sector regularly come together to exchange information and experiences.
Let’s say VW, for example, discovered a problem with the door-locking software in its cars. It would be pretty stupid for VW not to share this information with its competitors.
At the end of the day, all companies are fighting the same enemy – the hacker. Hackers have been exchanging information and experiences for a long time. Coming together to exchange information is the only chance companies have to fight hackers and to defend their corporate systems.
KH: It seems unlikely we’ll see a global cyber defense group soon. Why is that?
MG: There are initiatives at European level, in the UN Security Council, and one from the Red Cross. But these institutions move much too slowly. Compared to the developments in cyberspace, they’re all moving at a snail’s pace. The gap is getting bigger and bigger. It’s a problem we must tackle.
For example, our politicians should be better informed about technology. In the US, most politicians are lawyers. In China, the top 15 members of the Communist Party’s Central Politburo hold higher degrees in natural sciences, mathematics, and engineering. They have the real expertise to draft laws.
KH: How will cyber security change employment? Will new kinds of jobs appear?
MG: Data ethics will become a new job requirement, for sure. Today we are increasingly confronted with the question of how we as private individuals can protect our data from hacker attacks and from full-blown espionage.
Looking further into the future, neuroethics will also become a new profession. Researchers are currently working on ways to connect the human brain with the internet. For example, we could one day put on headphones and then use our brainwaves to play a video game.
This article is from the latest edition of the Odgers Berndtson magazine, OBSERVE.
Hard to hack, or easy target?
About Marc Goodman
A US citizen, Goodman earned an MBA at Harvard University and a master of science in the management of information systems from the London School of Economics.
As a consultant for Interpol, the UN, NATO, and the US government, Marc became aware of how criminals and terrorists are always one or two steps ahead of the police in terms of innovation. In 2011, he founded the Future Crimes Institute to bring together experts and prevent the misuse of products and services on the internet. Singularity University near San Francisco, where Marc teaches, is pursuing a similar goal.
