Addressing the Cyber Pandemic
Since the advent of e-commerce, a new breed of criminals has arisen to plague business. At first, the targets were mega-businesses that yielded prodigious rewards. The large firms responded by spending big on robust defenses that resulted in fewer spectacular heists.
Cyber criminals, however, are adaptive creatures and now focus on the large numbers of mid to small businesses whose defenses are weak to non-existent. One might call this new phase a ‘cyber pandemic’, given the widespread nature of the financial damage.
Most recently, the Biden administration announced an initiative to make software purveyors responsible for damages caused by hackers. This shift will, of course, affect large companies like Microsoft, device makers, and a large swath of the technology sector. It will also be a bonanza for trial lawyers savvy enough to embrace technology as a specialty. Clearly, such policies will increase the cost of technology.
Without a doubt, something must be done to stem this tide of destructive behavior by a small cadre of cyber criminals. Rather than shifting blame, the government could start going after the real culprits – the hackers. The private sector needs to respond as well.
First, the cyber insurers can start going after the bad guys. Small domestic hackers often leave trails. Neither law enforcement nor insurers go after these criminals because it’s cheaper to just pay the loss. If even a few got caught, there would be a very positive demonstration effect that would go a long way in dissuading would-be criminals from entering the profession. The cost in the long run might very well be worth the outlay.
Banks are enablers for cyber hackers. Typically, after worming into the mark’s e-mail, hackers open up accounts under the name of unwitting businesses with just a slight change in spelling or title. They then direct the victim’s funds to the bogus account, withdraw, and take off. Banks could check names, vet account holders, observe profile patterns and telltales. These measures would stop the fraudsters cold. The return would be less liability, less investigative expense, and certainly an investment in its customers’ welfare. As a bonus, the demonstration effect would be chilling to criminals.
The good news is cyber insurers are demanding multi-factor authentication (MFA) of their insureds. Most of us are familiar with this annoying verification system that online businesses and others now require. It is helping. Also, there are on-line companies that provide training to employees to bolster awareness of bogus emails that entrap the unsuspecting. Small business desperately needs these tools to avoid disaster. Hopefully, the tech companies themselves will step up to fortify their products and keep us safe. Failing to do so inevitably invites Big Brother to the party.
Alexander J. Wayne