Booming Cybersecurity Industry Highlights the Threat of Cyber Crimes

Young hacker in data security concept

Digital technologies have become a critical enabler for economic growth and societies now place heavy reliance on the internet. The digital world has brought not only enormous benefits, but with these benefits also come significant vulnerabilities. Cybersecurity incidents are increasing at an alarming rate and are impacting on societal norms, essential services, and organizational welfare. The rate of cyber crimes has grown exponentially and is consistent with the expansion and evolution of technology.

The proliferation of cyber attacks is causing widespread damage to companies, governments, and individuals. Cyber-attacks range from denial of service attacks, website defacements, to access to sensitive information and attacks on critical infrastructure. The recent WannaCry malware incident affected many, affecting over 230,000 computers in over 150 countries in the span of a day. WannaCry targeted computers running Microsoft Windows by encrypting data and demanding ransom payments in Bitcoin cryptocurrency. Large organizations with presumably good cyber security were affected – among them, the United Kingdom’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were affected. A particularly high profile incident that arguably had an impact on the recent election campaign, was Hillary Clinton’s private emails becoming front-page news in the midst of her presidential campaign.

A screenshot of the malicious WannaCry message that sent cyberspace into disarray.
A screenshot of the malicious WannaCry message that sent cyberspace into disarray.

The ever-increasing number of cyber attacks are costing organizations large amounts of money to address and prevent them. However, the delay in operations and the potential domino effect it will have on their customers could cost the company much more in money and reputation. It isn’t just the number of cyber security attacks that is increasing. The degree of these attacks is on the rise as well. PwC reported that these attacks are “becoming progressively destructive and target a broadening array of information and attack vectors.”

Digitization is quickly increasing the impact that these cyber attacks can have and the channels in which they propagate. With the expanding number of services available online, businesses are particularly vulnerable to increasingly sophisticated attacks. An example is a vulnerability as a result of the trend toward migrating data to the cloud. A publication by White & Case outlines some of the vulnerabilities as a result. The migration of data to third-party cloud providers creates a centralization of data – this creates more opportunities for misappropriation of stolen data from a single attack. Similarly, the emphasis on mobile services has opened up corporate systems to more users, exposing sensitive data that can have regulatory, reputational, and financial impacts. With the boundaries between digital and physical realms being increasingly blurred – particularly so with the evolution of the Internet of Things, the possibility that appliances and physical objects we interact with every day can be compromised. Hackers can exploit these devices to conduct data breaches, corporate or government espionage, and damage critical infrastructure like electrical grids.

With US federal agencies and other governmental agencies around the world under pressure to increase their levels of security to defend against crippling cyber attacks, businesses are expected to follow suit when regulatory pressure increases in response to increasing public awareness. Governments are already tightening regulation to ensure businesses take greater responsibility to prevent and detect cyber security breaches, for examples through tackling malicious VPN use. In the United States alone, 47 states have laws requiring breaches that result in the theft of customer data. A key policy that governs this area in the United States is the Data Security and Breach Notification Act of 2015, a companion to the Consumer Privacy Bill of Rights Act of 2015 that governs the collection and dissemination of consumer data. The European Union have also introduced similar regulations.

“Similar to other compliance areas, board directors can be held liable for not discharging their duty to prevent harm to the corporation. In performing their oversight role, directors should stay informed about the corporation’s cyber security defenses. They must ask what the risks are and determine what needs to be done to mitigate them. In today’s connected world, it is, unfortunately, becoming a question of ‘when’ rather than ‘if’ some sort of data breach will occur.” Detev Gabel, a partner at White & Case in Frankfurt and leader of the Firm’s Data, Privacy and Cyber Security Group.

New technologies and services such as dual authentication, phishing detection, and advanced encryption improve the defence against current threats. However, as these have become widespread, cyber criminals will look to shift their focus to other unidentified vulnerabilities. While the focus has predominantly been on purchasing and deploying technical controls, a risk culture around cyber security is key to fortifying cybersecurity in the organisation. A strong risk culture enables the organization to actively identify and prevent threats. Cybersecurity culture is defined by Rod Turk (Director of Ofefice of Cybersecurity) as “making sure that users — top to bottom, right to left — [are] keeping cyber security in their thought process no matter what they’re doing in the IT world”. Organizations need to ensure focus on individual responsibility and spread awareness of the role that each individual employee plays in ensuring that the organization is protected against cyber attacks. They need to address the need to educate employees on how the cyber security dots are connected to the organization’s ability to achieve its business objectives and avoid financial loss, regulatory implications, and reputational impacts.

Cyber crime is a threat to all organisations – it is up to business leaders to recognise the potential threat to ensure that their organisation is adequately prepared and protected from the risks associated with it.

The Untold Story of Silk Road and America’s Devastating Online Drug Industry

Ross Ulbricht: the mastermind behind America's grimacing online drug industry.
Ross Ulbricht: the mastermind behind America’s grimacing online drug industry.

The business environment has been drastically transformed by the rise of digital technology. Today, the name ‘Silk Road’ no longer depicts the textbook definition of the ancient network of trade routes. To tech-savvy millennials, ‘Silk Road’ refers to a massive online marketplace for illicit trade, mostly drugs. The website was hidden in what is called the Dark Web—a part of the internet that can’t be accessed through search engines like Google. To enter this mysterious cyber realm, you need special cryptographic software that obscures your online identity. But aside from that, the right amount of dedication and perhaps access to Reddit, it doesn’t take much else for anyone to enter and navigate the deep web.

The mastermind behind Silk Road was a 26-year-old kid from central Texas. After earning a scholarship to the University of Texas at Dallas, Ross Ulbricht landed a graduate scholarship at Penn State, where he studied materials science and engineering. A carefree idealist, he adhered to a libertarian philosophy and spent his college days exploring Eastern philosophy. Bright, handsome, and edgy, Ross Ulbricht was a Pablo Escobar in the digital age. At the peak of his success, Ulbricht lived in Glen Park, San Francisco where he would run his virtual drug empire out of little coffee shops and libraries. Only that the magnitude of his startup’s success justifies his comparison against the Colombian drug kingpin. Through a combination of Tor (The Onion Router) anonymous browsing and enticing web design, Silk Road managed to rack up more than $1 billion dollars in sales in two years.

A screenshot from Silk Road's glory days. The site is now shutdown.
A screenshot from Silk Road’s glory days. The site is now shutdown.

The combination of an anonymous interface with traceless payments allowed thousands of drug dealers and nearly 1 million eager worldwide customers to connect —The internet has not only affected how business is conducted, it has also reshaped the criminal landscape. As the first online platform for the drug trade, Silk Road represented an unexplored intersection between technology, commerce, and drugs. This was a serious threat to law enforcement agents. Various governmental organizations spent over a year attempting to infiltrate the organization. When the site was taken down in 2013, the closure took out 13,648 different drug deals.

Ulbricht was sentenced to life in prison without parole. Fast-forward five years later now, and the explosive growth of the industry is proof that the giant crackdown was ineffective as a deterrent for illicit activity on the dark web. The online black market continues to evolve and now turns over $100 million of illegal substances a year. This “invisible” network now boasts dozens of boutique single-vendor sites selling high-quality cannabis, LSD, or cocaine to a closed network, and some offer membership discounts to regular buyers. Adam Winstock conducted the Global Drugs Survey, the largest inquiry into drug-user habits, and revealed that “convenience, product choice, price and user ratings make buying drugs online attractive to some users”, and growth in this industry is reflective of the growth of e-commerce as a whole.

With fatal adulterants found in recreational drugs off the street, the communal nature of many of the sites which assist in the regulation of drug purity provides users a safer way of obtaining drugs. This was exactly the idea which had inspired Ulbricht to create ‘Silk Road’. Like most libertarians, Ulbricht believed that drug use was a personal choice and that the war on drugs was entirely futile. The problem lied in the drug business that was opaque and violent, and that a website like Yelp would make exchanges more transparent and reduce fatal overdoses. Ulbricht also wrote that his intention was to reduce the power of cartels by empowering nonviolent, small-time dealers. According to a paper published online by academics, the crypto market may have prevented bloodshed that would have occurred in the street. Online drug trade focused far more on less addictive and harmful drugs than might have been previously assumed: “Drugs typically associated with drug dependence, harmful use and chaotic lifestyles (heroin, methamphetamine and crack cocaine) do not much appear, and generate very little revenue”.

The full effect of the online drug industry on society is still unknown. The key question is how this industry is governed in the future. Loopholes in legislation were arguably the catalyst for this industry to begin with.