We live in the Internet world: we buy and pay through Internet, we need Internet in our jobs, we share pictures, interests and we chat through Internet, we make calls via Internet… All these actions require a large amount of information that must be kept somewhere. Because this data is very valuable and may content sensible and secret material, the security which protects it needs to be very strong and effective. That is the reason why cybersecurity has become one of the most important concerns, not only for companies if not for citizens and governments as well.
The financial damage caused by security breaches is difficult to calculate because there is not one single standard model for estimating the cost of such crimes. However, and according to Go-Gulf, the annual estimated cost over global cybercrime is $100 Billion. Meanwhile, the estimated victims per year is 556 million, which represents over 1.5 million per day or 18 victims per second. In addition, every day more than 100.000 new virus threats have been detected. These numbers show in a clear way the importance of cybersecurity.
Capacity estimated that the cost of the fraud in the Telecom industry went up to $40 billion in 2013. That confirms a steadily escalating fraud in the wholesale telecommunications segment over the past years. The most extended criminal affectations
– PBX Hacking. Criminals can identify target systems by searching phone directories or by using a “war dialer” program on a computer that walks through sequences of phone numbers. The phreakers are looking for numbers until they find one that gives them a way to access a PBX’s command through a voicemail menu, which is usually the Direct Inward System Access (DISA) number for the PBX. Hackers get authorised access to the business’s PBX system and generate profit from the calls that they make to international premium rate numbers, while is the business who owns the PBX phone system has to pay that calls, or even worst for the Telecom operator disputes such calls as fraudulent.
– Ghosting of IP Address. Consists in obtaining free or cheap rate through technical means of deceiving the networks, taking advantage that nobody are able to see the criminals because they had masked their IP Address. As an example, hackers can manipulate switches or database contents to alter call records.
For all of that, it is crucial to choose an excellent telecom operator, which has a solid and safe reputatation. In addition, hackers will find more difficult to enter to your network if you use other systems, such as encryption.
Users are also affected
As Huffington Post reported, 73% of all Americans have fallen victim to a form of cyber-crime and 69% of global people have the chance of falling victim to cybercrime during their lifetime. However, users do not realize until several months that they have been hacked. There is an average 156-day lapse between a computer or a phone is compromised and the time users realized it. The longer the period of time, the better criminals to gather more information as well as to erase any trace of their felony. It is shocking the fact that 47% of identity thefts are perpetrated by someone the victim already knew.
From where hackers enter to your precious information? That is a big question, however experts identify the five more common points of entry.
- Social Media is the big one, because Twitter and Facebook have been hacked several times and thousands of passwords have been stolen. Actually, 1 in 10 social network users claim they have been victims to a scam. The smartphone explosion also helped more and more hackers to enter inside.
- SPAM mail. Users must avoid SPAM because this is the most common way for hackers to plant any virus. For this reason, experts recommend not to open emails from an unknown source. Type the URL manually, and not access frequently from an email, is a good tip.
- Easy Passwords. Change passwords regularly and be original and unique. SplashData elaborated a list with the most common passwords in North America and Western Europe. The TOP 5 are: “123456”, “password”, “12345”, “12345678”, “qwerty”. It is recommended to use a password with, at least, 8 characters mixing numbers and letters.
- Webcams. Hacking the webcam is a popular crime and it can be delicate for the owner. That’s why people should close the laptop or tape over its camera meanwhile you are not using it.
- Software Updates. In spite of they are not infallible, computers and mobile devices are safer with an antivirus, as well as with all software updates.
Businesses needs to store enormous amounts of data, some of them very confidential like client’s personal information or financial numbers. That is the reason why companies must have a great cybersecurity and it has become an authentic priority. VendorSafe Technologies, a security company, estimated that small business are the victims of more than 80% of cyberbreaches. Furthermore, IBM announced that an average of 1.400 security attacks are detected in a single organization each week.
As a PWC study exposed, 41% of the US executives affirmed they had experienced, during the past year, one or more security incidents. And this number is rising. At least, 80% or more of respondents could provide specific information about the frequency, type or source of their organizations security breaches. Nevertheless, only 29% of companies have an accurate inventory of data.
The area with the most impact is the financial one, because 37.5% of them claimed they have had monetary losses due to the attack. 31.8% of the executives answered they suffered intellectual property theft, meanwhile 31.2% admitted their brand or reputation had been compromised. In fact, 61% of organizations say data theft and cybercrime are the greatest to their reputation.
To a lesser extent, there are fraud crimes (15.2%), legal exposure (12.2%), loss of shareholder value (11.3%), and, finally, extortion (7.1%).
The perception of how confident are the workers about their company’s internet security is high. Actually, 72% of the respondents said they were very confident or somewhat. However, when they answered the question about their business approach to information security, the results changed. Just the 43% identified themselves as “front-runners”, which means they are proactive in executing the security plan because they dominate the situation. Those who answered they were “strategists” were the 27%, and felt they have the big picture right but fall down on execution. “Tacticians”, who defined themselves as better at getting things done than in defining a broader strategy, represented the 15%. Finally, there were 14% who admitted to lack a strategy and to being reactive regarding cybersecurity.
According to PWC, there are four growing cyberthreats. The first one, which is also the oldest wave, is called “nuisance hacking”, where hackers, for example, deface a company’s website. Another type of crime is more serious because it is hacking with the aim to steal money. The third type of cyberthreats is the stealing of customers credit card information or employee passwords. The last one is the advanced persistent threat, where stand out the intellectual property theft as well as the espionage.
What about governments?
Government’s role is complicated to describe because governments react in a different way depending of the countries. Meanwhile they have to make regulations to force companies and organizations to protect their system, infrastructure and information, they also have to protect its own national infrastructure and citizens’ rights.
However, that is a controversial issue. Governments usually say their need to spy mobile phone and messages with anti-terrorist aim. That happened recently in the USA, when FBI says it does not need a warrant to spy calls in public. Nevertheless, there are some members of Congress who had expressed their apprehension, considering it may be a vexation of the civil rights.
On the other hand, there are the big cyberattacks cases, as it was Sony attack in November. This cybercrime consisted in private data theft, original copies from Sony computers delated and threat messages to release the information if Sony did not comply the attackers’ demands. It took several days until the website could return to normal. How can the administration answer it? In this case, Obama promised it would be a “proportional response” against North Korea, the country which have all the government suspicions.
Diana Daniels, Cronos Group CEO, believes: Governments should speed up in making cybersecurity legislation. These laws will guide companies to invest to their Internet security and, in the same time, avoiding businesses costs. An International agreement would be also interesting for multinational companies, because they could apply the same safety in the different offices.
To sum up, cybersecurity worries worldwide and attacks many industries. According to Solera Networks, the most affected country is China, closed following by India and Brazil and the United States in the third place. It is not only a telecom industry alarm, it is from all the population. By 2017, the global cybersecurity market is expected to grow up to $120.1B. For that reason, that is not a minor concern, it is a huge concern.