Who benefits from cyber-attacks?

Massive and target-focused cyber-attacks are threatening companies as well as national institutions. Regardless of criminal objective, intrusions in information systems raise enormous challenges for victims. Further to high economic recovery costs, the reputational repercussions that cyber-attacks would cause companies are undeniable, especially for businesses that are ill-equipped with the appropriate knowledge, skills, and resources.

For instance, Quann IT Security End User Study 2017 reveals that more than half (56 percent) of 150 senior IT professionals from medium-to-large companies based in Singapore, Hong Kong and Malaysia, do not have Security Intelligence and Event Management Systems to correlate and raise alerts for any anomalies in a timely manner. Closer to home, 54 percent of the Singaporean respondents do not have a Security Operations Center (SOC) or a dedicated team to proactively monitor, analyse and respond to cyber security incidents that are flagged by the systems. This no longer begs the question of “When we will get hacked?” Rather, “When?”

While cyber-security investment is seen to expand at an exponential rate, from over USD80 billion in 2016 to USD170 billion in 2020[1], general sentiment at present posits that reaching total protection is an illusion, attributing to the lack of sophisticated systems and inability to keep up with the rapidly growing cybercrime industry. With a forecast of 20.4 billion IoT (Internet of Things) devices to be in use around the world by 2020[2], it is clear that business firms need to stay ahead of the curve by taking cybersecurity seriously and invest in technical and behavioral protections.

Against this backdrop, the financial sector is no exception, where cyber-attacks are growing threats as financial services are increasingly delivered over the internet. Cyber-risk management is thus the new frontier for global regulatory efforts and supervisory co-operation to address these emerging threats. In Singapore, the Monetary Authority of Singapore (MAS) has collaborated with the Financial Services Information Sharing and Analysis Centre (FS-ISAC) to establish an Asia-Pacific Regional Intelligence and Analysis Centre, which aims to encourage regional sharing and analysis of cyber-security information within the financial services sector.

In the private sector, we are seeing a trend of businesses veering towards the Cloud as a countermeasure, with more than half of US-based multi-national corporations (MNCs) engaging such a move. Instead of infinitely investing in computer infrastructure, third-party servers are used to store and process valuable data. Cloud computing is becoming a highly-demanded service because providers offer high capacity networks and computing power, rather cheap cost of services, and adaptability to business evolution thanks to a “pay per use” model. In addition, companies reap the advantage of locating data in an environment that is perceived as safe.

The main Cloud computing providers, including Amazon, Google, and others like them, are some of the world’s main actors that have formidable cybersecurity systems, owing to their Internet-based business models that cannot allow breach of security and disruption caused by cyber-attacks. These companies have achieved impressive growth rates over the last five years – sometimes higher than 100 percent – and they continue to invest in computer and network capabilities to propose more services to users.

Due to their reputation in cybersecurity expertise, there is an emerging trend that companies that adopt their services in the Cloud will benefit from the rise of cyber-attacks. However, does this mean that these industry giants will monopolize the Cloud as an opportunistic countermeasure to cyber-attacks, and how big is the value potential for Cloud actors in the wake of recent cyberattacks around the globe?

[2] Gartner, “Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016”, 7 February 2017

Operating from campuses in Lille, Nice, Paris, London and Singapore, EDHEC is one of the world’s top 20 business schools. Fully international and directly connected to the business world, EDHEC commands a strong reputation for research excellence and the ability to train entrepreneurs and managers capable of breaking new ground. EDHEC functions as a genuine laboratory of ideas and produces innovative solutions valued by businesses.

The School’s teaching is inspired by its research work and a focus on “learning by doing”, all with the aim of equipping people with the skills to succeed in business.

For more information on EDHEC Business School: www.edhec.com