Below is the reference of the paper which is one of the finest paper i have read in recent time. Here is the glimpse of the paper & Reference.
In this paper, the author argues that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers.
- There is a burgeoning cybercrime wave: A rising and often unseen crime wave is mushrooming in America. There are approximately 300,000 reported malicious cyber incidents per year, including up to 194,000 that could credibly be called individual or system-wide breaches or attempted breaches.9 This is likely a vast undercount since many victims don’t report break-ins to begin with.10 Attacks cost the US economy anywhere from $57 billion to $109 billion annually and these costs are increasing.11
- There is a stunning cyber enforcement gap: Our analysis of publicly available data shows that cybercriminals can operate with near impunity compared to their real-world counterparts. We estimate that cyber enforcement efforts are so scattered that less than 1% of malicious cyber incidents see an enforcement action taken against the attackers.
- There is no comprehensive US cyber enforcement strategy aimed at the human attacker: Despite the recent release of a National Cyber Strategy, the United States still lacks a comprehensive strategic approach to how it identifies, pursues, and punishes malicious human cyberattackers and the organizations and countries often behind them.
My takeaway & View:
Despite so many levels of effort by security experts & organizations and putting million dollars on security, it is a pretty scary situation. And the big question comes to my mind is that what about countries like India, Sri Lanka, Bangladesh or developing countries many others. These countries have not realized the threats yet and do not have an infrastructure to deal with such a horrible situation. However, cyber threat is real.
China bulldozes all their neighbours & In the cyber world, China is much advanced than anyone else. They are capable of listening to Mr Trump phone call as well. If President of United State phone isn’t considered as safe then what we can expect from the technology which many countries trying to adopt. What if China starts targeting their rivals. Does India has the power to hold himself in such attacks?
With given situation in the cyber world & technological advancement. The Lesson from all above can be learned. I won’t say it is too late for countries like India to learn and adapt the technology which could be safer to use. OR, enforce organizations to keep their services secure. Everything must be viewed now from the security perspective. Every digitalization must have security as their first priority.
Indian govt has been very pro-active in digitalization of their services however there are many services/portals which are vulnerable. And a lesson must be learned otherwise it would be very damaging & developing countries can’t afford it. Good stuff, however, has been identified but only on paper so far. For instance, GDPR.
I don’t want to sound like an expert here but truth to be told. Indian IT service companies must learn & realize the threat. Make our service more secure and deliver what it could make your client safer. Have security in mind when designing an application. Invest in training, skill newcomer to develop more secure applications. In reality, the issue is more of a mindset than a skill gap. People never understand what info to be exposed or hidden. As long as the application works, it is great. Here are the few instances:
- A simple example is that allowing users to change the password without checking the current password.
- Support Changing password, email or profile info using GET method in web service.
- If you check application, the application shows more insights. Don’t want to review any application but that is how software is developed.
Final words: Keep yourself aware of things which could impact you directly or indirectly.