A few hours ago I was alerted to an article on the BBC site. The article (at https://www.bbc.co.uk/news/business-63260648) gives us ‘Cyber-attacks on small firms: The US economy’s ‘Achilles heel’?’ In itself no real surprise, but then I saw “It was a total head-in-the-sand situation. ‘It’s not going to happen to me. I’m too small.’ That was the overwhelming message that I was hearing five years ago,” says Ms Graham, co-founder of CYDEF, which is based in Canada. “But yes, it is happening.” There we see the first instance of utter stupidity, a setting where insurance companies go ‘well, I am sorry to report that it is on your dime that this is happening’ and that is not a speculation, this is about to happen. In addition to that the insurance against cyber attacks will skyrocket unless you have state of the art equipment (something small businesses cannot afford). A stage that is waiting exploitation. There are all kinds of speculations. One of them is “Cyber-crimes are expected to cost the world $10.5tn (£9.3tn) by 2025, according to cyber-security research firm Cyber Ventures”, I do not completely agree, for the most I do, but the big bucks are depending on national 5G, which is not happening in many nations before 2027. You see, one source gives us “For example, in November 2020, one cybersecurity company estimated that global cybercrime costs will grow by 15 percent per year over the next five years, reaching US$10.5t annually by 2025, up from US$3t in 2015 (Cision 2020)” they are seemingly ALL quoting the same source and that source is Cyber Ventures. That does not make it incorrect, yet I have reservations. That number is completely acceptable under 5G, under other conditions (when big tech do not screw up and hand over the keys to hackers) should not go that fast (yet), but when 5G, a national 5G stage is there this number will increase swimmingly all over the globe, which is why I shouted for law adjustments well over two years ago, but the law is seemingly sitting on their hands, all about ‘letting all parties’ swim in the large all whilst the swimming pool has close to zero protection, so this will get worse a lot faster and the EU will see plenty of drowners (aka floaters) soon enough. My speculative view is that the larger problems are a mere 6 months away.
Then we are given “The pandemic created a whole new set of challenges and small businesses weren’t prepared,” says Mary Ellen Seale, chief executive of the National Cybersecurity Society, a non-profit that helps small businesses create cyber-security plans. In March 2020, at the cusp of the pandemic, a survey of small businesses by broadcaster CNBC found that only 20% planned to invest in cyber-protection.” This sounds nice, but I wonder what we will see in 2023. I expect that it is then that we will learn that less than 40% of these 20% will have actually done something and that is when a lot of people (insurance especially) realise that this is about to become a sinking ship. There was clear indication in 2010 that setting up cyber security was essential in players a little larger than SBE sized companies. They had issues too, but the revenue was too small. The problem is that clever hackers do not grab the whole enchilada. With “It typically takes 200 days from the moment of the hacking until discovery” we see the pattern. The clever ones will hit places for about 150 days then they go underground. That gives them enough to live like a king for a decade. They stay under the fold, they stay inconspicuous for as long as they can. They book a weekend in Vegas and then they launder what they had going home with $5-$15 million. The caper has worked and they are in the clear. Yet these same clever people can clear $50-$150 million when they get access to a fully deployed 5G network and the BS argument of “We will have a solution before that” does not fly, that excuse is a decade old and they have no adjusted laws, there is no adjusted technology and whatever the NSA has is not shared. So as you can see, the numbers are not entirely in the air (the Cyber Ventures one) but it will rely on a fully deployed 5G network which should be around 2027.
It is time that ALL businesses take cyber security serious. The moment that there is no insurance for that these Achilles heel companies go under with no options for the owner, that person will have lost everything. So when Kirsten Dunst stated ‘Let them eat cake’ (Marie Antoinette) she stated a good case for Cyber criminals. They are having cake every day and those not using Common Cyber Sense will be paying for that meal day after day after month after month after year (you get the idea). It was essential to properly adjust laws for that. And when we look at the data from April we get “according to industry data only four to five percent of hackers are actually caught, but high-profile cases showcase how even the most skilled can make simple mistakes which lead to them being apprehended” so between one in twenty to one in twenty five gets caught. Do you really want to hope on that statistic? This is not a pun against law enforcement or the FBI, they are in a fight with both hands tied behind their backs. Not a good position to win a fight. And that is before we look at state funded hackers. Lets be clear both Russia and China have every benefit for American and European business to lose way too much, proving that part is close to impossible. These players are almost never caught. The arrest by the FSB of REvil was a rare instance, but not all was lost. At https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/ we learn “Researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations’ encryptors” and that was two weeks ago. At present with Russians not being able to wage war against an enemy that is at best 15% of their own army gives rise that the people behind REvil will be out and about soon enough (if they aren’t already).
So those who want cake, better find a place to enjoy it before the hackers get it all and I will not care. I have been clearly evangelising the essential need for Common Cyber Sense for years now. And if Optus Australia is anything to go by there are plenty of big fish not too interested in that approach.
Lawrence van Rijn - Law Lord to be 