Every day we hear about data breaches, whether they’re at the White House or our local bank. But it’s easy to confuse terms used to describe what’s happening: cyber crime, hacktivism, cyber war. What’s the difference?
Richard Clarke, former counterrorism czar for the United States, recently shared his system for understanding cyber crime—and two key ways to protect your businesses and customers—at the third annual Privacy XChange Forum.
“My contention is you can’t have privacy without security,” Clarke told more than 150 delegates gathered at privacy conference presented by CyberScout in Scottsdale, Ariz. “They are two sides of the same coin. Because we do not have cyber security, therefore our privacy doesn’t exist. It’s being rapidly eroded to nothingness.”
Clarke developed an acronym, CHEW, which stands for cyber crime, cyber hacktivism, cyber espionage, and cyber war, to help businesses keep track of the different ways criminals can steal their money and data.
Cyber crime occurs when money is stolen, typically in these five ways: ransomware, wiper attacks, DDos attacks, stealing money via fraudulent wire transfers, for example, and stealing identities and credit cards.
When hackers break into a computer network for political or socially motivated reasons, that’s hacktivism. “Edward Snowden is probably the best known case of hacktivism,” said Clarke, describing the former government contractor who leaked classified information from the National Security Agency. “If the NSA can be hacked, you have to believe that it can happen to you as well.”
Most of the cyber espionage that happens day in and out is industrial, Clarke said. When companies have information that is of monetary value, that information is at risk. Clarke cited several examples, including Nike.
“Three months before they made the first shoe [of a new design], it was on sale in Asia, the exact design,” he said. How does that hurt Nike? They lose the sale, but more importantly, while it looked good and felt like a shoe, it fell apart quick. Their brand was damaged.”
“You would think as taxpayers that when you’re attacked by a foreign government, the U.S. government would protect you,” Clarke said. “The bottom line is the government doesn’t defend private companies against this sort of attack and this sort of attack occurs all the time and it’s unsustainable. We’re engaged in an economic war, if you will, a peaceful economic war with China. And we cannot over time win that war if we are paying for the R&D and they get it for free.”
Cyber war is the use of networks and computer instructions to damage, disrupt or destroy physical entities in the real world. “Rather than using bullets and bombs, it’s using bits and bytes,” Clarke said. “The Internet of Things means everything is going to be or already is controlled on the Internet, and that allows cyber war.”
What companies can do
There are two things you can do to protect your company’s information, its customers and yourself. “Encrypt everything and make sure you have really good identity access management that goes beyond passwords,” he said. Clarke recommended multifactor authentication to protect against the attacks that can happen to companies, especially small and midsize businesses.
“Guard your identity and guard it well,” he said. “Remember that 80 percent of Social Security numbers are already compromised. I can find most of your birthdays online.”