They jeopardize our strategic and competitive advantages and cost companies and economy of millions of euros annually. Companies, both big and small, also need to accept that cybercrime poses an enormous and immediate risk to their profitability.
Therefore, we need take the protection of our businesses and economy from this continually rising threat seriously. A discussion about cyber security should be held across governments and firms, from boardrooms to the front desk and back office.
The reason why we focus on cybersecurity issues is to help raise awareness so that we can jointly improve safeguarding the Slovak economy. It’s about keeping this economy open for business and ensuring that companies and citizens are safe online.
Safe digital environment needed
A big part of the Slovak government’s agenda is investment in digitalization.
Just like running water and electricity, access to digital products and services has become a vital piece of infrastructure for business. We simply cannot grow and succeed in today’s digital age without it.
It means faster, more convenient ways of communicating, delivering and generating ideas, products and services to customers. And it means access to global markets.
Soon each Slovak will have an opportunity to make the most of the digital economy.
As we hope for better use of the internet, we must also ensure we have an online environment that is as safe and secure as possible. This is also important for our international reputation as a safe place to do business.
The risk of cyber attacks
Our increasing reliance on networked devices and new technology is matched by the growing problem of cyber security threats.
While you are working hard to build a productive and competitive economy, cyber-attacks can bring it to a halt – or worse, bring it down.
As Leon Panetta, the former U.S. secretary of defense, noted, “the next Pearl Harbor that we confront could very well be a cyberattack that cripples” our power systems and our grid.
You may recall one relatively recent example from our neighborhood.
On the night of December 23, 2015, Ukraine became the first country to suffer a verified large-scale cyberattack on its critical infrastructure. More than 225,000 Ukrainians all of a sudden lost their heating and light when a part of the country’s power grid was attacked.
All of us know that new technology also provides new opportunities for those with criminal or hostile motivations. Simply put, malicious cyber-attacks can be carried out from anywhere in the world and at any time.
Nobody is immune
Globally, a growing number of firms and citizens are affected by cybercrime each year. These are small-time attacks in the form of computer viruses and malware, credit card fraud, online scams, phishing and identity theft.
And while Slovakia is yet to experience a full-scale cyber incident like we’ve seen in Ukraine or Estonia, we are not and will not be immune to them.
One example: Marc Goodman in his book Future Crimes writes that “according to an FBI report, one country has secretly developed an army of 180,000 cyber spies and warriors, mounting an incredible ninety thousand computer attacks a year against U.S. Defense Department networks alone.”
Recent cases have included also the likes of the cyber-attack on Sony Pictures, where company sensitive information was stolen and published online.
Or on September 28, 2018 Facebook announced that hackers had stolen keys that allowed to access up to 50 million user accounts, which immediately sent its share prices down sharply. These are just a few examples.
Understanding and managing risks important
If we want to take full advantage of the latest technologies to improve our prosperity, we also must do our best to understand and manage the risks.
One of the great difficulties of dealing with cyber security is the difficulty with defining the landscape. This is because there is big variance in the types of actors attacking us, the harm they want to cause and the targets they focus on.
For the attackers, in Slovakia general public is not aware of state-sponsored espionage by foreign countries and only vaguely of organized criminal groups. Probably we’re attacked by extremists and even issue-motivated activists, for sure by lone cyber hackers and disgruntled insiders.
There are many types of threats and cyber harms, not just laboriously discovered zero days but also targeted spam or emails aimed at fraud or theft. Malicious software to disrupt and damage systems. And ubiquitous espionage for economic or strategic advantage.
There is a range of targets. Just about anyone – from individuals or SMEs that lack resources to address these issues, right up to multinational corporations in strategic industries and critical infrastructure. And of course, even governments are not safe.
These attacks require a comprehensive and coordinated response. The Government has a significant role to play.
This includes Police dealing with cybercrime, to Government agencies focused on advanced threats and the protection of our critical information infrastructure.
Not only the state agenda
But nonetheless, security cannot be left up to the Government alone. Government agencies don’t have an exclusive right on cyber security expertise, especially as the technology and threats change constantly.
Let me present just one example that it is not always only about the amount of money spent and technical expertise. As Alex Klimburg writes in his recent book The Darkening Web: “a 2012 McAfee-paid poll of U.S. government InfoSec professionals put the United States on in the third tier countries with good overall national cybersecurity, ranking behind Israel and a number of European countries. And this is despite the fact that the United States by far spends more than the rest of the world in government led national cybersecurity, and without doubt has so far the best technical expertise.
The difference in money spent is enormous. The U.S. probably spends somewhere between three to ten times more than what all twenty-eight EU members states and Switzerland manage to invest, and that is just in government. Private sector cybersecurity spending is similarly unbalanced. European cybersecurity expenditure are estimated at around 27 billion euro and the US market was estimated to be approximately 75 billion dollars in 2015 (numbers include sales to the government). However, all this extra spending is not doing the U.S. much good. A study by Grant Thornton says that in 2015 the private sector in North America suffered lost revenue of approximately 61 billion dollars compared with the 62 billion dollars for the entire EU (note that this is lost revenue, not total damage, for which there are much higher estimates). It does therefore seem that the EU overall spends much less money on the problem for an apparently similar (that is similarly poor) result.”
We all know that presently, many companies, especially smaller ones, are not aware of, or don’t have the required resources to deal with cyber-attacks on their business even if they accept that cyber security poses an enormous and immediate threat.
Therefore, it is crucial they take steps to protect the information that is vital to their day-to-day functioning and mitigate risks connected with their potential loss.
We need to find ways to constantly exchange information and expertise between government and the private sector to address cyber security risks.
A secure internet and thriving digital economy are critical to our economic future.
And each of us can contribute positively to it by behaving responsibly. Otherwise as the former U.S. President Dwight Eisenhower once said: “We will bankrupt ourselves in the vain search for absolute security.”
Ronald Blaško is Executive Director of AmCham Slovakia
