Can businesses protect themselves from computer crime?
As fast as Internet use has grown over the past two decades, so too has the cybersecurity challenge for businesses and governments that are fighting to keep their data and networks safe from intruders. Today, they face an unprecedented assault from a powerful global army of sophisticated, well-organized and well-financed hackers who vigilantly seek vulnerabilities to exploit. In the past couple of years alone, these shadowy figures have stolen personal information on hundreds of millions of U.S. customers and employees and have cost enterprises close to $500 billion. With each new device or product connected to the Internet, the possibility of hackers wreaking economic chaos has grown. Despite the mounting threat, most enterprises have failed to implement the kind of rigorous security protocols necessary to keep out even low-tech efforts to penetrate networks. Among the questions being debated: Are companies responding adequately to cybercrime? Should the United States encourage American companies to “hack back” when they think they've been hacked? Can information sharing between businesses and government help fight cybercrime?
Brenner, Susan W., “Cybercrime: Criminal Threats From Cyberspace,” Praeger, 2010. A law and technology professor traces the emergence and evolution of cybercrime from 1950 to the present.
Jordan, Tim, “Hacking: Digital Media and Technological Determinism,” Polity, 2008. A university professor provides an introduction to the culture of hackers.
Lapsley, Phil, “Exploding the Phone: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell,” Grove Press, 2013. An engineer and author chronicles how Apple founders Steve Wozniak and Steve Jobs were among the early hackers who got their start in the technology field by stealing telephone service from monopoly AT&T.
“Cybercrime will Cost Businesses $2 Trillion by 2019,” Security, May 12, 2015, http://tinyurl.com/
“Hackers Inc.,” The Economist, July 12, 2014, http://tinyurl.com/
Ashford, Warwick, “Sony hack exposes poor security practices,” Computer Weekly.com, Dec. 4, 2014, http://tinyurl.com/
Boyd, Aaron, “OPM breach a failure on encryption, detection,” Federal Times, June 22, 2015, http://tinyurl.com/
Chacos, Brad, “Meet Darknet, the hidden, anonymous underbelly of the searchable Web,” PCWorld, Aug. 12, 2013, http://tinyurl.com/
Griffin, Andrew, “Sony hack: Who are the Guardians of Peace, and is North Korea really behind the attack?” The Independent, Dec. 17, 2014, http://tinyurl.com/
Groll, Elias, “The U.S. Hoped Indicting 5 Chinese Hackers Would Deter Beijing's Cyberwarriors. It Hasn't Worked,” Foreign Policy, Sept. 2, 2015, http://tinyurl.com/
Hesseldahl, Arik, “FireEye Identifies Chinese Group Behind Federal Hack,” Re/Code, June 19, 2015, http://tinyurl.com/
Krebs, Brian, “Email Attack on Vendor Set Up Breach at Target,” Krebs on Security, Feb. 12, 2014, http://tinyurl.com/
Mathews, Anna Wilde, “Anthem: Hacked Database Included 78.8 Million People,” The Wall Street Journal, Feb. 24, 2015, http://tinyurl.com/
Moritz, Bob, and David Burg, “How corporate America can fight cybersecurity threats,” Fortune, Feb. 17, 2015, http://tinyurl.com/
Nakashima, Ellen, “Chinese government has arrested hackers it says breached OPM database,” The Washington Post, Dec. 2, 2015, http://tinyurl.com/
Peterson, Andrea, “The Sony Pictures hack, explained,” The Washington Post, Dec. 18, 2014. http://tinyurl.com/
Riley, Michael, et al., “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” Bloomberg Businessweek, March 13, 2014, http://tinyurl.com/
Schwartz, Mathew, “Report Claims Russians Hacked Sony,” Bank Info Security, Feb. 4, 2015, http://tinyurl.com/
Townsend, Matt, Lindsey Rupp and Jeff Green, “Target CEO Ouster Shows New Board Focus on Cyber Attacks,” Bloomberg News, May 6, 2014, http://tinyurl.com/
Reports and Studies
“APT1: Exposing One of China's Cyber Espionage Units,” Mandiant, February 2013, http://tinyurl.com/
“Car Cybersecurity: What do automakers really think?” The Ponemon Institute, 2015 Survey of Automakers and Suppliers, http://tinyurl.com/
“Comprehensive Study on Cybercrime,” United Nations Office of Drugs and Crime, February 2013, http://tinyurl.com/
“Cybersecurity and the Internet of Things,” Ernst and Young, March 2015, http://tinyurl.com/
“Forewarned Is Forearmed: 2015 Ponemon Institute of Cyber Crime Study,” The Ponemon Institute, http://tinyurl.com/
“Net Losses: Estimating the Global Cost of Cybercrime,” The Center for Strategic and International Studies, June 2014, http://tinyurl.com/
“Security in Development: The IBM Secure Engineering Framework,” IBM Redbook, March 18, 2010, http://tinyurl.com/
The Next Step
Sposito, Sean, “PayPal, others buy stolen data from criminals to protect users,” San Francisco Chronicle, Jan. 8, 2016, http://tinyurl.com/
Weinstein, Ira, and Bill Huber, “How the CFO can act as any cybersecurity team's ‘quarterback,’” Baltimore Business Journal, Jan. 12, 2016, http://tinyurl.com/
Behn, Sharon, “Could IS Turn Next to Cyber War?” Voice of America, Dec. 18, 2015, http://tinyurl.com/
Davenport, Christian, “Raytheon wins $1 billion cybersecurity contract to battle attacks on U.S. agencies,” The Washington Post, Sept. 29, 2015, http://tinyurl.com/
Williams, Katie Bo, “US, China negotiating cyber warfare agreement,” The Hill, Sept. 21, 2015, http://tinyurl.com/
Brandom, Russell, “Congress passes controversial cybersecurity bill attached to omnibus budget,” The Verge, Dec. 18, 2015, http://tinyurl.com/
Gregg, Aaron, “Venture capitalists flock to cybersecurity information-sharing platforms,” The Washington Post, Dec. 2, 2015, http://tinyurl.com/
Smith, Mat, “The FDA wants improved cybersecurity for medical devices,” Engadget, Jan. 19, 2016, http://tinyurl.com/
Boyd, Aaron, “IG: Energy Department missing mark on risk management,” Federal Times, Nov. 12, 2015, http://tinyurl.com/
Joyce, Stephen, “Cybersecurity Insurance Explosion Poses Challenges,” Bloomberg BNA, Dec. 22, 2015, http://tinyurl.com/
King, Rachael, “Cybersecurity Startup QuadMetrics Calculates Odds a Company Will be Breached,” The Wall Street Journal, Jan. 12, 2016, http://tinyurl.com/
Center for Applied Cybersecurity Research at Indiana University
2719 E. 10th St., Suite 231, Bloomington, IN 47408
Founded in 2003 to help the United States balance public needs, homeland security concerns and individual privacy rights when seeking cybersecurity solutions and setting policy; organizes the annual National Science Foundation Cybersecurity Summit for Large Facilities and Cyberinfrastructure and provides policy advice to the White House's 60-day cybersecurity review.
Center for Internet Security
31 Tech Valley Drive, Suite 2, East Greenbush, NY 12061 (Northeast Headquarters)
International organization with 180 members in 17 countries that focuses on enhancing the cybersecurity readiness and response of public- and private-sector enterprises.
Center for Strategic and International Studies
1616 Rhode Island Ave., N.W., Washington, DC 20036
Bipartisan policy think tank that specializes in the study of defense and security, regional stability and transnational challenges, including cybersecurity
4500 Fifth Ave., Pittsburgh, PA 15213-2612
Division of the Software Engineering Institute (SEI) at Carnegie Mellon University that coordinates responses to Internet security incidents.
Information Systems Security Association
12100 Sunset Hills Road, Suite 130, Reston, VA 20190
International organization of information security professionals that promotes management practices that will ensure the confidentiality, integrity and availability of information resources.
National Cybersecurity Center of Excellence
9600 Gudelsky Drive, Rockville, MD 20850
Division of the National Institute of Standards and Technology that provides businesses with cybersecurity solutions, based on commercially available technologies.
National Cybersecurity and Communications Integration Center
Mailstop 0635, 245 Murray Lane, S.W., Building 410, Washington, DC 20598
Division of the Department of Homeland Security that serves as a 24/7 cyber monitoring, incident response and management center; analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts.
Pew Research Center
1615 L St., N.W., Suite 800, Washington, DC 20036
Research organization that has conducted numerous surveys on the public's attitudes on cybercrime and the global cyberthreat.
2308 U.S. 31 N., Traverse City, MI 49686
Research think tank dedicated to privacy, data protection and information security policy; has done extensive work documenting the cost of data breaches.
8120 Woodmont Ave., Suite 310, Bethesda, MD 20814
Research and education organization that is the world's largest source for information security training and security certification.