Dunvegan Thought Spot

In the research The Dunvegan Group conducts to support our CCR (Customer Care & Retention) programs, we discover articles, blog posts and videos which, although not directly related to our work, are thought provoking or concern matters you may want to think about.  ‘Thought Spot’ covers a broad range of subjects.

The posts in ‘Thought Spot’ are selected by Olev Wain, Ph.D., VP of The Dunvegan Group. 

We welcome your feedback!


 

 

Our Hackable World: At What Cost?

Hardly a week goes by without our reading about a serious data breach at a large corporation or government agency.

Financial institutions are also experiencing theft of funds through hacking. For example, Wikipedia reports that in February 2016 the central bank of Bangladesh had $101 million withdrawn from its account at the Federal Reserve Bank of New York and transferred to fictitious accounts around the world.

Although most of this money was not recovered, the situation could have been worse.

A $20 million transfer to Sri Lanka was blocked only because someone in one of the routing banks in the global SWIFT network for transferring funds saw a spelling error in the documentation and sounded the alarm. Otherwise this transfer would have gone through to the fictitious recipient.

You have to wonder about the vulnerability of systems for handling data and the transfer of money. Part of the explanation of how systems can be hacked is in how they are built.

The Economist Magazine on April 8 2017 explained:

Modern computer chips are typically designed by one company, manufactured by another and then mounted on circuit boards built by third parties next to other chips from yet more firms.

A further firm writes the lowest-level software necessary for the computer to function at all. The operating system that lets the machine run particular programs comes from someone else.

The programs themselves come from someone else again.

A mistake at any stage, or in the links between any two stages, can leave the entire system faulty—or vulnerable to attack.

Errors are also made in writing source code, which are the instructions that are compiled by a computer before executing a program. Even at a low error rate of one line in 1000, 1 billion lines of source code can initially have 1 million lines containing an error.

Getting each of those lines to interact properly with the rest of the program they are in, and with whatever other pieces of software and hardware that program might need to talk to, is a task that no one can get right first time.

Any of these errors, if detected, could potentially be exploited by a hacker.

According to the Cybersecurity Business Report on August 22 2016, the global cost of cybercrime is expected to reach $6 trillion annually by 2021.

The cybercrime cost prediction includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

There are other costs not factored into this estimate; costs associated with the impact that fear, stress and anxiety have on those directly and indirectly affected by the crime

As an example, the Office of Personnel Management (OPM) for the US government, which manages information files for the civil service, was hacked some time before 2015.

This security breach involved over 21 million victims who had applied for government security clearances and who had undergone extensive background investigation … including names of family members, spouses and friends. All of this data was accessed by hackers.

In addition, the fingerprint files of 5.6 million federal employees were hacked … many of these employees have access to classified material and facilities and use their fingerprints as identification.

What price do we put on the fear, stress and anxiety these people experience in not knowing if or when or how this data will be used to exploit any vulnerabilities they have?

Your thoughts?

Image courtesy of matejm at FreeDigitalPhotos.net

Relevant links:

https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist

http://www.economist.com/news/science-and-technology/21720268-consequences-pile-up-things-are-starting-improve-computer-security

https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

http://www.csoonline.com/article/3110467/security/cybercrime-damages-expected-to-cost-the-world-6-trillion-by-2021.html

http://www.cnbc.com/2016/02/05/an-inside-look-at-whats-driving-the-hacking-economy.html

http://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Return to list

0 Comments

    Leave a Reply