Making the global village a safer place from cyber attack
9 minute read
The Australian Financial Review (AFR) recently reported on comments made by insurer Allianz with regard to the rapid growth in cybercrime. Allianz’s chief regions and marketing officer Sinead Browne estimated global losses from sophisticated hacking were in the vicinity of US$600 billion.
There were some key takeaways in the report with one of the most worrying aspects being the fact that many businesses impacted by cybercrime were uninsured.
Hence, security breaches have sent businesses to the wall, a trend that will continue until our cyber security game is so smart and nimble that the hackers don’t possess the technology or the ability to continually stay ahead of new security mechanisms.
The obvious response from the business community has been to seek insurance against such events and this has made cybercrime insurance one of the fastest-growing segments within the industry.
However, this isn’t as straightforward as it seems, arguably just as complex as detecting the perpetrators, identifying their methods and building protective barriers.
The link we refer to indicates that the recent annual risk survey conducted by Allianz showed that cyber security came in at No.2 on the list of business concerns – five years ago it was in fifteenth.
Further, the average cost of a cyber claim is almost double the average cost of a fire loss based on the experiences of Allianz.
The old adage, ‘prevention is better than the cure’ certainly comes to mind when gauging how best to deal with cyber threats.
An ASX listed company, WhiteHawk Ltd (ASX:WHK) has developed proprietary technologies which have been adopted by security sensitive organisations in areas such as defence, utilities and financial services.
With an increasingly impressive portfolio of systems and devices, WhiteHawk now counts the likes of the US defence industrial base and the US federal government, as well as banking and insurance groups in that country as its clients.
But more on WhiteHawk later. To appreciate the company’s strategy, it pays to step back and examine the emergence of what was termed the global village in the late 20th century, and importantly, gain an understanding of what we are up against, not just technologically but psychologically.
Global village not a pretty place
The term global village was coined in the 1960s by Canadian philosopher, Marshall McLuhan as he described the phenomena of the world becoming more interconnected as a result of the propagation of media technologies.
Of course, the theories he espoused in the 1960s not only came to fruition, but grew beyond a stage that few could have predicted at that time.
As the Internet was embraced as the game changer, particularly for businesses looking to operate on a global scale, listed companies that were enabling the interconnectivity saw their share prices go through the roof.
There were big winners such as Microsoft and Apple, along with the major telcos, advertising and information sites such as Google, Yahoo and Amazon.
Then the age of social media emerged with Facebook, Twitter and Instagram to name a few, shrinking the global village to a car park with anyone and everyone seemingly at handshake’s distance.
As things currently stand, just by unassumingly searching the Internet, advertising agencies, marketing groups and criminals are developing a profile in order to tempt you with the most likely consumer goods offering or at the other end of the scale, infiltrate the device you are using for various means of cybercrime.
Consequently, all the excitement about the global village and the new technologies that have accelerated our transition to the ‘world in a carpark’ are now the source of intense trepidation and life destroying activities.
Facebook in the firing line
Never have the consequences of our new world order been more in our face than when the horrific shooting rampage in New Zealand was broadcast live after the shooter had flagged his intentions on Twitter and then live streamed his rampage on Facebook, one kill after another.
For all the billions of dollars Facebook and YouTube are worth they couldn’t shut down the video footage prior to it being streamed globally and downloaded thousands of times.
Perhaps it was recognition of the threat posed by social media and clearly evidenced in New Zealand that prompted the Sri Lankan authorities to shut down social media as numerous bomb blasts killed more than 250 people across various parts of Colombo on the weekend.
Disturbingly, the Washington Post came out on Sunday with a headline, “Sri Lanka’s decision to block social media after the bombings set an alarming precedent”.
Referring to the decision as a ‘drastic step’, the reporter was generally critical of the decision to shut down platforms such as Facebook and WhatsApp.
This is the Washington Post’s take on the ‘alarming precedent’ set by the Sri Lankan authorities, a view that seemingly still prioritises the sharing of information regardless of the fact that it may prove dangerous in a volatile situation.
Facebook - an essential service and source of accurate information?
Now, Sri Lanka has shut down access without any evidence that rumours or rhetoric on the site led to harm. The justification, presumably, is that once evidence has emerged, it is already too late. But a moratorium on Facebook and other essential services in Sri Lanka is also a moratorium on easy communication. Friends and families cannot tell each other whether they are safe. Anyone seeking accurate information about the attacks may find themselves similarly stymied; because controls on traditional media in Sri Lanka are tight, Facebook and sites like it play a valuable role. Meanwhile, technologically sophisticated users, including many bad actors, will find workarounds to reach blacked-out websites anyway.
These concerns underscore a larger worry: that one state blocking services to keep civilians safe after a terrorist attack will serve as a pretext for other states, not to protect their people, but to deprive them of their ability to organize and protest. Iran restricted access to the Telegram app last year amid anti-government demonstrations. Turkey, Egypt and Zimbabwe play at the same game. Facebook and sites like it will have to earn back the globe’s trust, and countries that still value free expression must help craft regimes that balance safety and freedom of expression. Otherwise, those less friendly to democracy are bound to use the former as an excuse to trample on the latter.
Commentary regarding impeding easy communication and gaining access to accurate information appears horribly flawed.
Firstly, there are a number of ways to communicate other than via social media, and if the reporter uses Facebook as a source of ‘accurate information’ he’d better bring on board a pretty good fact checker.
As for ‘depriving people of their ability to organise and protest’, there will be plenty of opportunities to take that initiative in a more informed way, at least after the people of Sri Lanka have had a chance to mourn the deaths of lives lost in a wave of senseless attacks.
A watershed year for WhiteHawk
Shifting the focus back to WhiteHawk, 2018 was a year in which the company notched up numerous milestones and importantly gained support from a fast-growing high profile client base.
Being able to boast that it is the first global online cyber security exchange enabling small-to-medium businesses to take smart action against cybercrime is no small feat.
However, by year-end the company was frying much bigger fish as it entered into a new contract to provide a tailored version of its 360 Cyber Risk Framework to departments within the US Government to protect against supply chain intrusions.
Under the contract, the company provides sensitive risk analytics and mitigation, offering essential added protections to a breadth of office and mission functions.
A phased rollout would see the company expand the scope of the risk framework across the government departments to include all vendors being monitored and serviced by the company's Cybersecurity Exchange, where the company can derive additional revenues from the sale of vendors’ products purchased across the Exchange.
The depth of security analysis is outstanding with the tailored version of the 360 Cyber Risk Framework providing BitSight cyber risk ratings, continuous monitoring and cyber risk alerts.
It also incorporates WhiteHawk’s risk mitigation analytics, AI Risk Profile, and matching to vendor options in real-time, providing continuous insight across hundreds of vendors at once.
Around this time, discussions and demonstrations were being organised with key US government departments such as the Department of Defence, the Department of Homeland Security and the intelligence community.
Another key target for cyber criminals and/or terrorists is the utilities sector.
Crippling services such as power and telecommunications could lay the foundation for a large-scale attack on the country.
On this note it was late in 2018 that the company expanded into the US National Health Care and East Coast utilities sectors.
Across the US utility sector WhiteHawk’s customer is managing a power grid that provides services to over 20% of all US electricity customers and has over US$30 billion in annual revenues.
All utilities provide critical infrastructure where ensuring supply chain software and service vendors’ cyber risks are identified, tracked and addressed is a major issue.
In the initial stage, the contract involved up to 40 vendors, and with the potential to move to a second stage involving over 1,000 vendors in 2019 there is the potential for significant share price catalysts to emerge.
From a broader perspective, the utilities industry was estimated to spend US$1.7 billion on cyber security in 2017 according to consulting group, Smart Energy International.
WhiteHawk’s health care client is a non-profit organisation with a need to be able to identify and track cyber risks from their supply chain vendors and protect the sensitive information they are intrusted with on a daily basis and which is subject to HIPPA (Health Insurance Portability and Accountability Act).
This is a US Federal Law designed to provide privacy standards to protect patients' medical records and other health information.
Ensuring the security of highly critical information is arguably more important than being able to access information, although the Washington Post may disagree.
Consequently, if it’s impossible to wind back the clock to a point where the necessary security protocols can stay ahead of technological development, the services of a company such as WhiteHawk are going to be in high demand.
Perhaps this accounts for the following staggering dollar values being attributed to the security industry by various industry consultants and media organisations.