Cybercrime & Collaboration: On a Collision Course?
I'm recently back from the annual conference of the Society of Communications Technology Consultants (SCTC), of which I'm the only active analyst member. These consultants are on the front lines for helping businesses make smart technology decisions along with getting good value from those investments, so it's a pretty important community of influencers. Their experiences inform my thinking as an analyst, and I'm going to share some of that here.
Aside from attending, I gave the locknote talk, played a gig with the SIPtones, and even got to play "UC Cookoff" Jeopardy, so there was a nice mix of fun, learning, and networking. One of the learning highlights was a keynote about the state of cybercrime, a topic from which the collaboration space is not immune.
The conference took place in Annapolis, Md., and we had the good fortune to hear about this topic from Lou Giannotti, the IT services director for the U.S. Naval Academy, located there. Much like an episode of NCIS, you may not associate the Navy with matching wits with the bad guys, but that's exactly how you should be thinking. Even if you just believe a little in "deep state," defense against cybercrime is now just as important for our military forces as armed conflict on land, air, or the high seas.
To the extent you believe what governments tell citizens, cybercrime is real, and Giannotti shared some fascinating insights. I've no doubt there's more to this story than we'll ever hear, and that's probably better left to the likes of espionage fiction writer John le Carre to feed our overactive imaginations. I'll gladly take the crumbs Giannotti shared, and while much of his talk was about global trends, I took away lots of best practices messaging for enterprises -- and consultants.
Cybercrime The Problem; Cybersecurity The Solution
Not surprisingly, the technology sector talks a lot about cybersecurity and how to protect the network along with corporate data. While that's about protecting the enterprise from malicious activity, cybercrime is about what happens when those measures fail, or are absent altogether. It's human nature to act on things only when bad things happen, and enterprises generally underinvest in cybersecurity -- well, it's expensive after all -- until there's a breach and damage is done. Like anything else, the more we understand the nature of a threat, the better we can protect against it, so here are some interesting stats from Giannotti's presentation.
- Global cybercrime activity is growing 25% annually, and related to that, financial losses and/or recovery costs are growing at a 30% clip -- the problems are getting worse, not better. There's just so much data in so many forms now, and the volumes are only getting bigger. The coming of 5G, the evolution of the Internet of Things to the Internet of Everything and the shift from IPv4 to IPv6 are key drivers, he said. Pretty hard to argue the direction things are going, so the case is getting stronger to make this a top priority.
- Of the roughly 200 countries in the world, 80% of cybercrime is committed by persons in 10% of the countries. You might be surprised -- and even disappointed -- to know that the U.S. is far and away the biggest perpetrator, accounting for 23% of cybercrimes by country, either internally or exported abroad. Continuing down the list, China is a distant second at 9%, then Germany at 6% and the U.K. at 5%.
- The top three countries where cybercrime perpetrators operate -- U.S., China, and Germany -- are also the dominant producers of social media. Giannotti's main message here is that social media and the Internet are the prime enablers of cybercrime. With more than eight billion social media accounts globally, these networks are "where cybercriminals identify their targets." Furthermore, "91% of incidents start with an email within your community of interest."
- Flipping to the other side, the list of top countries where the victims of cybercrime reside is quite surprising. Canada and India are a close one and two, followed by the U.K., Australia, Mexico, and Russia. I'll leave it at that, since it's not clear what the stats are based on, and why the U.S. isn't included in the analysis. At a high level, I do trust the source here, but we didn't get a full explanation. Still, the list is pretty interesting, and the few Canadians in the audience were no doubt scratching their heads. Was it something we said?
Enterprise Implications -- "Bill Gates Built PCs So They Can Be Used By Fourth Graders..."
Microsoft certainly had the right idea here, but the timeless battle between good and evil has always been a driving force for technology innovation -- and as Giannotti said, while fourth graders can use the PC, "sixth graders can hack it -- and that's what's happening today." Not only does the Internet make hacking easy and anonymous, but it allows it to happen at wire speed and at little cost. Being global -- or even stateless -- the perpetrators have no fear of retaliation. Is it any wonder there's so much of this going on?
No enterprise or vendor can possibly overcome all of that, and Giannotti's talk was a sobering review of how pervasive and real cybercrime is. The impact isn't just financial -- insider attacks typically take 50 days to recover from, and external ransomware attacks 23. So, losses of both time and money should be powerful motivators for enterprises to up their cybersecurity games.
The implications are particularly relevant for collaboration, especially as the solutions become cloud-based. These platforms are inextricably tied to the Internet, and with Microsoft owning LinkedIn and the likes of Facebook moving into the enterprise, social media's role in collaboration will only get larger.
All is certainly not lost, as Giannotti talked extensively about best practices for enterprises, all of which are both practical and doable. In particular, he outlined specifics for what IT can do to make both PCs and email more secure, and the same for network operations and data protection. Finally, he also talked about end users, and training areas they could benefit from to minimize risky behavior or practices that cybercriminals are so good at picking up on.
The details of those best practices are for another time, but from what Giannotti shared, they should be familiar to IT personnel. This isn't rocket science, and what really matters is connecting the bigger picture dots so enterprises can think more realistically about cybercrime. Of course, this is a great opportunity for consultants, and their jobs will be even easier if our enterprise readers here take Giannotti's messages to heart.
BCStrategies is an industry resource for enterprises, vendors, system integrators, and anyone interested in the growing business communications arena. A supplier of objective information on business communications, BCStrategies is supported by an alliance of leading communication industry advisors, analysts, and consultants who have worked in the various segments of the dynamic business communications market.