A report on Wednesday shows that the damage from cyber attacks has reached over US$$25 billion since 2015.
The most costly attacks are credential attacks (the theft of an organization or individual’s passwords), which have accounted for $6.4 billion in company losses. Often, these credentials are stolen and then sold on the dark web, which happened in the recent T-Mobile breach. Backdoors, like what was used in the SolarWinds hack, have cost companies $5.6 billion.
Check It Out: Since 2015 Cyber Attacks Have Cost Companies Over $25 Billion
Andrew:
This is an efficiency bleed to any nation’s infrastructure, for which the taxpayer will ultimately foot the bill.
Ultimately, if the US and other nations want to upgrade their infrastructure, then hardening their systems agains these attacks, requiring both the public and private sector players who will apply for some of these funds, to do the same is essential.
Failure to invest in security measures, for which there should be industry standards, should be substantially penalised, as in a defined percentage of market cap (if publicly traded) or gross quarterly profits for private sector players. It’s got to be sufficiently unpleasant to ensure compliance.
As for global trading partners, a ‘no safe haven’ policy for criminals should be a function of every new trade agreement, going forward. I realise that many of the trading partners will be the offenders; however trade agreement violations should stipulate a penalty, with a non-reciprocity clause, for any state that fails to act against ‘domestic violators’. And, if the offender is proven to be a state actor, then it should be declared an act of aggression, with a pre-defined trade moratorium, preferably from the entire trading consortium.
This will not stop state-sponsored hacks, particularly from the likes of North Korea, but it will make it harder to justify a trade war, or to retaliate against a trade consortium, from larger and more cash-dependent states (Russia, Iran).