The Pentagon made an embarrassing admission this summer. In mid-July, as it announced a comprehensive new cybersecurity strategy, the Department of Defense acknowledged that it had been hacked earlier in the year by a “foreign intelligence service” that came away with 24,000 sensitive files related to missile tracking systems and unmanned aerial vehicles.
That breach, as disturbing as it was, is just another in a string of recent cyber attacks on government agencies and big businesses. Companies including Citibank and Sony have weathered damaging and very public hacks in recent months. Sony, for example, estimates it will lose roughly $170 million after hackers attacked the company’s PlayStation Network and got hold of the credit card information of 12 million account holders. Hackers also attacked Citibank in May, accessing the data of roughly 360,000 bankcard holders.
The rash of attacks underscores the steadily rising costs of such breaches in recent years. The increasing frequency and sophistication of attacks, cyber security experts warn, could make 2011 the busiest—and most expensive—year yet for U.S. businesses. And while attacks on companies can be costly, when hackers poach files from the CIA and FBI, our national security could be at stake.
A study released this week by the Intelligence and National Security Alliance details the growing threat these electronic attacks pose to both business and government, noting that hackers’ goals may include reconnaissance, theft, sabotage or espionage. “The impact on business, government, and individuals from cyber attacks has progressed significantly from distraction and moderate disruption to an inability to operate or communicate for days,” says the non-partisan group, which is chaired by former Bush Homeland Security Adviser Frances Townsend. “We have advanced beyond mere ‘acceptable levels of loss’ to levels where effective ownership of an individual’s, company’s, or country’s finances, operations and intellectual property may be at stake. The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown.”
Although the report warns that “it is not yet clear that the business community understands or accepts this increase in risk,” it is clear that businesses have been spending more and more to fend off—and clean up after—hackers. The steadily increasing volume of attacks on U.S. businesses have turned cyber crime into a multi-billion dollar industry and given rise to a burgeoning cyber security industry, despite a global economic recession.
The cost of global cybercrime, at $114 billion annually,
is significantly more than the annual
global market for marijuana, cocaine and heroin
Security breaches have already cost U.S. companies an estimated $96 billion in 2011, according to the Ponemon Institute, an internet security research group. A recent study from Symantec, the anti-virus software manufacturer, estimates the cost of global cybercrime at $114 billion annually, significantly more than the annual global market for marijuana, cocaine and heroin combined.
Hackers are displaying a higher level of expertise than in years past and engineering more complex attacks, experts say. And those attacks are increasingly aimed at stealing sensitive business secrets. “Cyber crime has become much better organized and more business-like over the last several years,” said Scott Borg, director of the U.S. Cyber Consequences Unit, an independent, non-profit research institute. “Cyber crime is now being optimized for longer-term returns. People expert in business, often with MBAs, are now choosing the targets and strategies for attack.”