A new Coalition against cybercrime has seen the light today. They will do what all the other coalitions of private companies and public organisations do, organize congresses and produce paperwork. This gives everybody the impression that we are doing something and that we are making a difference. (sorry my cynism but seen that, heard that all before).
what did they in fact announce today
well that this year 3.5 billion Euro in Belgium was lost because of cybercrime, well it is a beautiful figure and one that is making headlines everywhere, but can you proof that ? Does this mean that our citizens have paid each hundreds of Euro's to cyberscammers to deblock their computers ? Does it mean that our banks have been plundered ? Numbers don't mean a thing and if they are launched like that they lose any meaning and you have to inflate them every time just to make us look up and wander.
Than they give some other numbers, which are in fact the reason that according to them that number is so high.
But I think that number is way too high because according to this article the most aggressive and professionalised cybercriminals, the Russians made only 2.5 billion dollars in a year and most of it was in the US because of the POS and the ATM's which are much more difficult to hack in Belgium (because the creditcards are more high secure, even if the POS stations look to be cutting the secure cord more and more for something wireless)
"The Russian hacking industry brought in $2.5 billion between mid 2013 and mid 2014, thanks in large part to the Target breach, according to a report released today by Group-IB. http://www.darkreading.com/russian-hackers-made-$25b-over-the-last-12-months-/d/d-id/1316631
"CERT.be a ainsi reçu 751.000 signalements d'ordinateurs infectés durant le premier semestre de 2014. En moyenne, 614 incidents ont été rapportés chaque mois, soit une hausse de 80% par rapport à 2013.Selon une enquête de la FEB, 66% des entreprises sont insuffisamment informées pour développer une approche efficiente de la cybersécurité. Plus des trois quarts ne connaissent pas la réglementation et les instances compétentes.http://datanews.levif.be/ict/actualite/la-cybercriminalite-coute-3-5-milliards-d-euros-chaque-annee-a-la-belgique/article-normal-317291.html?
In the first semester of 2014 there were 751.000 Belgian computers infected. This is around 150.000 each month. And they have about 614 incidents each month which is 80% more than last year. Meanwhile nothing has changed and the national cybersecurity is not there, the CERT is still not sure of longterm financial stability, the privacycommission has no extra resources and powers, the FCCU cybersecuritypolice is under financial attack for its resources and must I go on ?
The firms are not doing much better. THe federation of the business owners says that more than half of its members doesn't have an effective strategy about cybersecurity and 3/4 don't even know their reglementation. HUH ? This means that 9% has an effective cybersecurityplan but doesn't know the reglementations they fall under ? How is that possible ? Oh, it is another of these surveys in which you call somebody in the firm and ask him questions for which he has no time, doesn't really understand the impact or gives negative answers to get a more positive look inside the firm (yeah, we are with the few companies that have a plan even if I said on the phone that we didn't (because I think it sucks but I am not going to tell my boss that)).
so what is the use of such communication ?
more blablablabla and comments that we ought to do something and more roundtables and whitepaper and more new ideas that have been coming back and forth for the last ten years
and so we are going back and forth for the last ten years, losing time and being able to do very little
just enough to keep this Titanic from colliding with the Iceberg
and if we do, there will be no captain because they are all at one or another congress, presentation or roundtabe
the freedom of speech is also the freedom to doubt and to question because without questions the debate and research doesn't advance (for those who would take it personally)