Cybercrime continues to make headlines. The results of crime are often monetary losses, and in recent years, these losses have skyrocketed. According to an article in Cybercrime Magazine, the global cost of cybercrime is expected to hit US$10.5 trillion annually by 2025, a stark increase from US$3 trillion in 2015.
Many studies have shown scams are the most popular form of cybercrime, followed by phishing and malware attacks. But unprecedented cyber breaches like the SolarWinds incident have reminded us of the increasingly sophisticated approach criminals will take to reach their marks.
In Singapore last year, 43% of the total crime was related to cyber. The country also ranked sixth globally for the most exposed databases. The numbers paint a gloomy picture but more importantly, create a dialogue for organisations to regularly review defence enhancements they may take to fight back against malicious and often unsuspecting cyber attacks.
Research shows that it takes an average of just two days to penetrate a company’s internal network. Corporate boards, chief information security officers and their departments around the world are pressured to find better ways to ensure corporate and customer data is kept secure.
Hybrid worker and IT postures are more commonplace today, which has resulted in an expanded threat surface and has spurred spending on cybersecurity domain expertise and tools. Global corporate investments in cybersecurity have risen from US$75 billion in 2015 to US$150 billion in 2021, and are estimated to hit US$1.75 trillion by the end of 2025.
The expanding threat landscape across public and private sectors
See also: Testing QA New Section BDC Feature Winner 1
The fact that Singapore is home to many multinational companies in Asia Pacific only increases the nation’s vulnerability to these attacks. Moreover, the fluid nature of cyberspace means that cyberattacks are not geographically limited. The Internet has enabled a global economy, giving organisations around the world the opportunity to thrive in foreign markets and build geopolitical relationships. But when cyberattacks happen, the impact can be manyfold.
For instance, Toyota had to shut down plants in Japan following a cyberattack suspected to be executed by Russia-backed threat actors. The attack was said to be a politically driven move after the country’s invasion of Ukraine.
In Singapore, high-profile cases like the OCBC bank scam that resulted in losses exceeding S$13.7 million and the Fullerton Health data breach incident where patients’ personal data were compromised, have proven that organisations across sectors can and will be a target
See also: Unpublished article shouldnt be accessible testing
A coordinated strategy
Unfortunately, there’s an imbalance between cybersecurity defenders and attackers. The low cost of predatory technology alongside high incentives for criminal actors are strong motivators for cybercrime. There is also a worrying trend that cybercriminals are now operating with the support of large established organisations, including foreign governments.
Meanwhile, the cost of defence is high and carries low margin for error. Attackers only need to bypass defence postures once for potentially serious damage to occur.
In order to continue to tip the balance of power to the good guys, organisations should realise that they cannot go at it alone. An optimised way to defend is through collective protection. And a strong collective protection action is for public-private partnerships to continue to form and advance. Afterall, both public and private sectors have unique strengths.
Building bullet-proof infrastructures through partnership
A public-private collaboration requires engaging in modern defence strategies powered by collective protection to make sure cybercriminals are disrupted and experience real costs and consequences. This was a key focal point in a recent panel discussion moderated by HUMAN.
To truly disrupt the economics of cybercrime, strong public-private partnerships are needed, with levels of trust and authorisation established between the two sectors. In theory, the idea seems logical and pretty straightforward, but in reality, it can be challenging. With different stakeholders involved, sectors are often hesitant or prohibited altogether from divulging sensitive information. Furthering the directive for corporate managers and boards to be aligned. Only when sector alignment occurs will clear approaches to cybersecurity initiates more visible to relevant stakeholders controlling investment allocations.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
A great example of a public-private collaboration was the takedown of “3ve” (pronounced “Eve”). It was the largest private sector collaboration in history that involved over 30 companies, 6 governments, and took over 24 months – from lead to extradition.
3ve operated on a massive scale where it controlled over 1 million IP addresses primarily in North America and Europe, and the takedown was only possible through collaborative efforts. We relayed our findings to law enforcement, and those tied to 3ve’s operations were given criminal charges. This was only possible through a collaborative effort by both law enforcement and various companies across industries – including ad tech, cyber security, and internet service providers – to disable the infrastructure and sinkhole botnet command and control servers.
As organisations discover new possibilities in cyberspace, cybercrimes will continue to evolve. Securing strong public-private partnerships will provide a solid foundation as we move forward together, navigating new territories with a stronger unified and cohesive approach.
Ryan James Murray is the director of APAC at HUMAN