On September 26th, McAfee security experts and community members met on Twitter to discuss the Economic Impact of Cybercrime and Cyber Espionage in relation to a recent report issued by the Center for Strategic and International Studies.
Defining the terms for our conversation
To ensure a productive #SecChat, we wanted to first discuss the definitions surrounding the topic at hand. Our first question was about how we would define cyber espionage. @JGamblin was quick to respond.
Another participant, @anton_chuvakin pointed out that it was also important to define what we mean by “economic impact,” including issues of who would be at a loss and over what time frame that loss could occur. @JGamblin also mentioned that we should be wary of the numbers we hear when businesses report their losses due to a cyber attack, since these can be distorted to further the idea of the business as another victim.
Trade, Technology, and Competitiveness
Next, we hit at the main question of the day: how do these cyber attacks impact businesses in trade, technology, and competitiveness?
Participants shared their varying opinions on how cybercrime can affect businesses. From @mattjay, we heard that there was potential for cybercrime to impact trade, but in his opinion the current impact was negligible.
The general consensus seemed to be that cybercrime had the biggest effects on competitiveness relating to brand damage. @ksingletary pointed out that usually a company’s brand isn’t tarnished for longer than a quarter. @mattjay responded that it was a good point, but even a quarter could make a difference in a business’s revenue.
The question ended on an interesting reflection about the effects of “old-fashioned” corporate espionage versus the new digital cyber espionage we see today.
Issues of transparency and reporting cyber crime
Finally, we discussed improved reporting and transparency surrounding all company and government data breaches.
As required by section 13402(e)(4) of the HITECH Act, hospitals are required to report breaches that affect more 500 people. Participants were asked to comment on this, and whether or not they think other types of organizations should be held to this standard.
In the end, one thing that was agreed upon was that it was important to continually educate businesses about their security options, especially in the face of new and evolving threats. @Mj_Casey specifically noted that companies should look at the costs they would face if they were the targets of an attack when deciding how much to invest in security. @ksingletary also mentioned that the government could offer tax incentives to businesses who made information security a priority.
Thanks to everyone who participated in our September #SecChat! Interesting ideas & opinions abound each month. Stay tuned for details on our next topic by reading this blog and following us on Twitter at @McAfeeBusiness.