Threat of Cyber Attacks Surging; Profit, Customer Service at Risk
McAfee’s comprehensive investigation into Operation Shady RAT, a cyber-intrusion operation that spans at least five years, reveals what many companies and their customers should already know—data stored virtually is increasingly vulnerable to compromise.
"This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing," emphasizes the report.
After five years of investigation, detailed in a report entitled "Revealed: Operation Shady RAT," McAfee concluded that a single perpetrator infiltrated the cybersecurity of at least 72 organizations, with victims ranging from a multinational Fortune 100 company to the United Nations to defense contractors to a non-profit think tank to agencies of US federal, state and county governments.
Only nine of the seventy two organizations erased the compromise in less than a month, meaning that in the overwhelming majority of cases, the perpetrator had a significant window of opportunity to monitor and collect the supposedly-secure data.
"What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question," acknowledges McAfee. "However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat."
Cyber attacks as a multi-dimensional threat
Representative of only a single operation, the McAfee study highlights the multiple layers of threat present for customer-facing organizations.
As it is, the rise of online commerce and digitization of data already subjects sensitive customer and business data to potential infiltration. Cultural acceptance of the Internet, coupled with improvements in security and monitoring, might inhibit the development of societal paranoia about doing business online, but it certainly does not outright eliminate the danger.
Sony and Citigroup are among the numerous high-profile organizations who have recently had to deal with infiltration of private customer information.
Whether the loss is measured by the ‘real’ harm customers experience from exposed data, the potential for financial liability when customer data is compromised, the customer service backlash stemming from security breaches or the inhibitive brand damage resulting from a cyber attack, companies stand to face significant losses—both in terms of dollars-and-cents and customer goodwill—when the sometimes-unavoidable takes place.
And the McAfee investigation reveals the extent to which breaches of customer data are not the only risk associated with cyber warfare. The most notable risk of Operation Shady RAT, from all indications, was the fact that confidential data was subject to monitoring and potential theft.
The idea that a nation, political entity or enemy combatant group can access another’s defense strategy created the worry needed to spark interest in the Shady RAT investigation. How could it not?
But businesses and enterprises have an additional reason to express concern—the possibility that competitors can access enterprise’s confidential strategic plans.
In today’s marketplace, time-to-market can often be minimal, and the opportunity to present products and services to customers, whether new to the vertical and loyal to competitors, has never been greater. Already fighting aggressively to keep competitors from using new and traditional media to engage your audience, imagine if these competitors went to market with inside awareness of your business strategy, new product developments, trade secrets and buyer-supplier negotiations
In an exclusive podcast interview with Call Center IQ, Microsoft’s Lise Brende refers to the Generation Y customers as a "fickle" crowd that can easily shift its customer loyalty if a superior or more-inviting product or service comes along.
It is this reality of consumer behavior that adds credibility to The Social Network’s "getting there first is everything" mantra, and the threat only escalates if companies can not only get to customers first but do so with full knowledge of their competitors’ playbooks.
Moreover, cyber attacks can be costly even when data is not compromised. Denial-of-service attacks, for instance, can render networks, online resources and services unavailable to customers, a potentially-major blow for companies whose customers rely on uninterrupted accessibility.
Rising costs of cybercrime
The recently-distributed Second Annual Cost of Cyber Crime Study, conducted by the Ponemon Institute and released by HP, reveals the increasing cost of cyber attacks on enterprises. Members of the surveyed sample reported a median annualized cost of $5.9 million on cybercrime, marking an increase from 56% from the July 2010 study.
The frequency of attacks rose by 45% from the prior year, revealing cyber warfare’s trend as an increasingly-important business concern. The cost of dealing with each individual attack, meanwhile, rose by 70 percent from the prior year’s research, confirming that the increase in the median annualized cost of dealing with attacks is due not merely to an increase in the quantity of attacks but also their complexity.
These findings are, of course, centered on measurable costs like productivity loss, system upgrades and intellectual property value. They do not necessarily appreciate the long-term business and customer loyalty hazards of cyber warfare, nor the potential for more significant damage if perpetrators choose to get more aggressive and audacious with their attacks and use of stolen data.
All cybersecurity costs, easily-measurable and not-so-easily-measurable, are at risk of continuing their acceleration as attacks become more frequent, more intelligent, more covert and more complex.
Dr. Larry Ponemon of the eponymous Institute confirms, "As the sophistication and frequency of cyberattacks increases, so too will the economic consequences."