Cyber crime is a growth industry, as the returns in the industry are high and the risks are low.
So said Trevor Coetzee, regional director for SA at McAfee, part of Intel Security, speaking at the CyberCon Africa 2014 Conference in Johannesburg yesterday.
Citing a recent survey conducted by Intel Security in conjunction with the Centre for Strategic and International Studies, Coetzee said cyber crime costs the global economy about $445 billion every year, with the damage to business from the theft of intellectual property exceeding the $160 billion loss to individuals from hacking.
"Cyber crime costs between 0.5% and 0.8% of the global economy," Coetzee said. "In South Africa, cyber crime has an economic impact equal to 0.14% of the GDP," he added.
"If cyber crime were a nation, it would rank 27th in the global economy, ahead of SA, Singapore, Austria, Thailand and Denmark. Last year, G20 countries lost about $200 billion to cyber crime. The annual loss to the US economy was over $100 billion, costing over 200 000 US jobs," he revealed.
Also speaking at the event, Simon Mullis, global technical lead at cyber security firm, Mandiant, said cyber threats are coming from everywhere and organisations have to be prepared.
He pointed out that a recent survey carried out in Sweden by Fire Eye, Mandiant's parent company, revealed the majority (93%) of the organisation's security were breached while it took them an average of 229 days to detect a breach, and 32 days to resolve an attack.
According to Mullis, 67% of the organisations surveyed learnt about the breach from an external entity.
"Old malware still has teeth," said Mullis. "The adversaries are professional, organised and well-funded. If you kick them out, they will return."
He added in today's cyber landscape, no region or industry is spared because the Internet has no boundaries. Thus, he urged organisations to have technology capable of automated identification of known, unknown and malware-based threats protection across all major attack vectors. The technology should also be able to conduct forensic reconstruction of the attacker's 'kill chain', he noted.
Besides the technology, Mullis believes organisations can also mitigate cyber threats by having the intelligence and expertise to deal with it.
On the other hand, Coetzee said, there needs to be greater private and public information sharing to ensure better protection.
He said SA is taking the right direction in that regards as it seeks to establish a Cyber Security Hub. In July, Department of Telecommunications and Postal Services minister, Siyabonga Cwele, said the hub's function will be "to promote best practice, compliance with standards, procedures and develop related cyber security policies that affect the public and private sectors", although no details were outlined.
"We also need to get better at reporting and tracking cyber crime to be able to make more informed decisions," Coetzee said. "Businesses and governments need to look at new ways to protect themselves with intelligent and integrated solutions."
Share