Just how bad is the cybersecurity problem worldwide?
It’s worse than you think, says Laura Galante, former director of global intelligence for FireEye.
In a presentation to the Industrial Asset Management Council Spring Forum in Savannah, Georgia, on May 9, Galante said that it’s hard to know the exact toll of cybercrime worldwide because most reporting on the topic is so bad.
Forbes magazine estimated one year ago that "cybercrime will cost approximately $6 trillion per year on average through 2021." Galante, however, says it’s impossible to calculate the true cost of cybercrime because the definition of it changes daily.
"Most media reporting on cyber-attacks is not very good," she said to an audience of about 300 people in Southeast Georgia. "The Sony hack of 2014 changed everything in cybersecurity. It got so bad that Sony employees could not even buy food in their office cafeteria."
That hack, related to the Sony movie "The Interview" starring James Franco, was the first widescale malware attack and became the precursor for more such attacks, said Galante. "This was the first example of a destructive attack on a major company." And, like more future attacks, this one originated out of China and North Korea.
Another pivotal moment in recent history, she said, was the Arab Spring uprisings in the Middle East at the early part of this decade. "The Arab Spring was a momentous event for the world in 2010 and 2011," she said. "The Internet was used to take down regimes, and it showed Russia the blueprint for how to do it effectively and efficiently."
"Russia is using cyberspace to shape world opinion, and not just in America."
Russia has been applying those lessons since, said Galante. "Russia is using cyberspace to shape world opinion, and not just in America," she noted. "Russia orchestrated the power grid attacks of 2015 in the U.S. and Canada, and they are not done with these kinds of cyber-attacks."
Galante’s presentation to IAMC was titled "How to Exploit Democracy," and she said the purpose of most attacks is to change the prevailing narrative. "If you can confuse the facts, you can influence global opinion, and that’s exactly what Russia is doing," she said.
The U.S. was a bit late to the game, but it is learning and adapting, she noted. "More recently, we witnessed Operation Slingshot, where routers in Internet cafes in the Middle East were compromised. The U.S. is now using cyberspace for counter-terrorism objectives."
The key for companies today is to maintain a stance of hyper-vigilance always. Anymore, it’s not a matter of if you will be attacked; it’s when.
