What's Next: Navigating Global Challenges with the Innovation Generation

When Cyberthieves Attack: Turning Points in Safeguarding Online Secrets

How are governments and the private sector working to combat the future of cybercrime?


Cybercrime costs governments and businesses hundreds of billions of dollars per year - and is growing both in scale and media attention. The 2012 cyberattack on Saudi Aramco, which took down thousands of company computers, has been called a global wake-up call. Mahir Nayfeh, senior vice president at Booz Allen Hamilton, calls the attacks a turning point. Before the Aramco incident, cybercrime had meant stealing information; for the first time, there was real damage - sure, information was taken, but moreover entire systems were destroyed. Theft had become attack.

Marta Arsovska Tomovska, Deputy Minister of Information Society and Administration for the Republic of Macedonia, cites information leaked by Edward Snowden as a turning point in European cyber-awareness and privacy concerns, especially given new knowledge of the existence and extent of government surveillance on communication networks.

Even as cybercrime on large institutions and private individuals draws increased attention from vulnerable organizations and the media, attacks and their perpetrators grow more sophisticated. To best face these attacks, a growing team of experts in public and private sectors are learning how to anticipate them by analyzing how criminals mask their identities and reveal their motivations.

At Booz Allen Hamilton, Nayfeh describes a team dedicated to exploring the 95% of the web that you can’t access via Google, looking for intelligence on what cyberadversaries have planned, and what their motivates them. It’s no easy task, as mature attacks have made geographic lines all but fade into the background, and the tools needed to conduct a cyberattack become readily available on wide scale. Attacks that would seem attributable to governments can be done by individuals.

Governments will have to play a positive role in the future of cybersecurity, says Tomovska, and should have their own cybersecurity strategy, education, and critical protection infrastructure in place to anticipate future attacks. The government is also responsible for educating private citizens about how to protect their own data. Nayfeh notes that protection has changed dramatically in recent years. “In the past, the idea was ‘protect the perimeter; keep the bad guy out,’” said Nayfeh. ”In today’s world, there is no more front door. If I can get somebody to open up an attachment, I’m inside. What we’re looking at now is you can’t just protect the perimeter.”