Corporate sector must unite against ever-cheaper cyber attacks: expert
Other businesses and industry groups should follow the lead of the financial sector in forming a united front against cyber criminals, according to a leading US security expert.
The situation has become more perilous as such attacks can now be carried out for less than the cost of an average person's monthly phone bill, while defending against them can cost companies tens of thousands of dollars, surveys show.
Yet there is a beacon of hope, as financial institutions have benefitted from sharing information about cyber threats and attacks, said Mark Clancy, chief information officer at the New York-based Depository Trust and Clearing Corporation (DTCC).
"[In the past] attackers would write a piece of malware and attack 100 companies with it, and each company would defend itself," he said.
"There was a big asymmetry between what it costs to launch an attack and defend against it."
That is starting to change in the financial sector as companies band together to reduce costs and even the balance, an area where the US is leading the way, Asia is taking note but Europe is lagging, he said.
"We're starting to see it in Hong Kong. [Institutions] are recognising that if they don't share info they won't be as nimble in defence," he said.
A spokeswoman for the Hong Kong Monetary Authority told the Post that it is working with the banking industry "on establishing a framework and mechanism for sharing of information on cyber threats".
"We believe this is conducive to the industry to improve cybersecurity as a whole," she said.
DTCC, which handles post-trade financial services, processed US$1.6 quadrillion in transactions in 2014. All of its transfers are conducted electronically, putting cybersecurity at the core of its operations.
To that end, DTCC, along with industry body the Financial Services Information Sharing and Analysis Centre, developed Soltra, an information sharing platform to promote community defence against cyber threats.
A report last month by cybersecurity firm Incapsula found that the cost of launching distributed denial-of-service (DDoS) attacks that disable websites and servers has dropped to just US$36 per hour, while the cost of defending against such an attack could run into tens of thousands of dollars.
Concerns over cybersecurity and hacking have become much more of a top priority for businesses, according to a recent survey of global companies and managers.
But many industries have been slow to act, Clancy said, adding that smaller companies may seek help through cloud or other service providers.
"If we get the penetration we've started to see [in the financial sector] across all sectors, we will have dramatically increased the cost for cyber attackers to go about their business."
A recent survey of small businesses in the UK by identity protection firm CSID found that 52 per cent of companies are not taking sufficient measures to guard against cyber attacks. Moreover, 85 per cent had no plans to increase their security budgets.
Only 13 per cent of respondents said they were working with third party experts to build cyber defences.