Call it the $400 billion problem.
That’s the annual cost to the global economy from cybercrime, according to the most recent data available from the Center for Strategic and International Studies. The victims are often American corporations, from retailers like Target and Home Depot to banks like JP Morgan.
Tuesday, at the annual Black Hat conference in Las Vegas, 10,000 security professionals including hackers, security analysts and government agents gathered to discuss the latest cybersecurity vulnerabilities. When it comes to modern American corporations, those working in the industry say the threat from cybercrime is a real and growing risk.
“If you have something of value then you have a cyberthreat,” said Davis Hake, director of cybersecurity strategy at Palo Alto Networks.
“From a company’s standpoint, the cost is immeasurable. It’s not just the actual technical remediation. It’s the damage to the brand and trust of the consumers,” said Hake.
Last year, there were more than 1,500 data breaches leading to 1 billion data records compromised worldwide, according to digital security firm Gemalto. That was a 49 percent increase in data breaches and a 78 percent jump in data records that were either stolen or lost compared to the year earlier.
Who are these cybercriminals?
It’s a range of actors motivated by different purposes, from organized criminal gangs looking to steal and sell credit card information to state-sponsored groups attempting to hijack cutting-edge technology. And there can be a great deal of coordination among these groups.
“Hackers are not only sharing advanced techniques with each other, but they’re also able to sell more advanced techniques online,” said Hake. “And, as computing power rises, the costs of these attacks become cheaper. So we need to focus on changing the economics of the problem, and making it more expensive for attackers to get into the systems.”
To fight back, companies are spending more. Research firm Gartner says global spending on IT security will jump 8 percent this year to $77 billion.
Companies also employ in-house teams of cybersecurity professionals—men and women with expertise in various disciplines from malware reverse engineering to computer forensics—as well as contracting third parties such as security firms like FireEye.
“Companies need to know if they are compromised or not,” said Kevin Mandia, president of FireEye. “We give companies a platform so they can go from ‘alert’ to ‘fix’ in minutes. I don’t think you can stop people from breaking in. But companies need a sensor grid in place so the minute there is a compromise, they can do something about in on their terms.”
The U.S. government also has a role to play. The Department of Homeland Security, for instance, can help targeted companies identify the source and extent of a hack attack.
Douglas Maughan, director of the cybersecurity division at DHS, said every industry should be concerned.
“We see the threat intensifying,” he said. “There is a growing attack space that we are seeing every day.”