1 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y

The Digital Economy and Cybersecurity

Introduction

As we enter the digital economy, companies will quickly realize that the differentiator in the digital economy is information and information being a valuable resource is subject to theft, hacking, phishing and a host of other issues which compromise a company’s ability to participate in the digital economy. Cybersecurity misfires compromise the trust of buyers and partners necessary to participate in the digital economy. It is up to every company to ensure that the information shared with them is protected to the best of their ability and proactively notify persons and organizations who entrust their information necessary to transact business (any personal identity information including but not limited to addresses, credit card information, social security numbers, account information, credit information, medical records, etc.) with any potential compromises which can yield harm to them by that information either being used maliciously or shared with others.

This purpose of this writing is to cover some of the core requirements for implementing cybersecurity, the accountabilities for cybersecurity risks and the information used to manage a viable cybersecurity program.

A word about information and the digital economy

In past phases of the information revolution, physical security was important. This is the first phase of the industrial revolution where digital security is important as a component of the value chain. We will show in this writing multiple examples of cyber security lapses which have had reputational consequences to the company whose guard was let down for even a moment. The willingness of consumers and businesses to consume digital content is a major component of the value chain in the digital economy. In cases where there have been digital security lapses, the willingness of consumers to participate in consuming digital content is lessened, often with changes in capitalization changes to the offended organization.

Figure 1 | The four phases of the Information Revolution, Fortune, InfoSight Partners, 2016

2 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y

In the digital economy, cybersecurity results in information consumption resistance, either through reputational damage or through concerns of businesses and consumers participating in the value chain hindering their consumption of content provided by your organization.

Some recent security misfires

3 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y

Figure 2 | Recent Cyber-security misfires, Graphic News Daily, December, 2016

All these examples have had significant consequences to the attacked organization.

• Most recently, the records from Yahoo were sold on the dark web for $300 million dollars. The valuation of Yahoo as part of an acquisition plan has been reduced and has been brought into question.

• There are many governmental hacks which have made the news recently, one such hack currently under investigation is the hack of the democratic caucus during the 2016 election. This series of hacks will be under investigation and will take precedence in the national attention for a significant period.

It is not hard to find examples of cybersecurity lapses in the marketplace. It is incumbent for organizations to have proactive strategies to find and eradicate these lapses in cyber security before they can cause injury to the organization.

Figure 3 | The State of Cybersecurity, 2016, RSA

It is important to note that security professionals have less confidence in their ability to protect their networks from attacks in 2016 than they have been any time in the past. This is partially due to the ability to easily monetize hacked information. For example, the hacked emails from Yahoo were

4 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y

marketed on the dark web for $300M, illustrating that for those who are successful, finding and infiltrating information through cybersecurity is a lucrative and very illegal opportunity.

Common approaches to cybersecurity are introduced through the following means:

• Redirecting a web, mobile, IOT device or email session to a malicious web page which gives access to information behind the firewall.

• Injecting code into a web, mobile, IOT device or email session to perform malicious activities. • Attacking insufficient web, mobile, IOT device or email management controls, thereby capturing

passwords, session ids or other key information through cookies and other means. • Writing files on the computer utilizing a web, mobile or email session that collects information

and transmits it through an application loaded on the computer. • Executing remote code which collects information via the remote code loaded into a mobile,

email or web session. • Requesting information by promising false claims, which is commonly returned through email. • Introducing malicious code into a web cache. • Capturing control of a router, computer or collection of IOT devices to deny service.

These methods of security breaches leave an audit trail which should be a proactive defense in an organization’s information arsenal. Companies who do not make cybersecurity a major component of their information arsenal will find themselves appearing in the list of companies shown on figure 2.

There are a number of startups with intentions to deal with the increased threat of cybersecurity lapses. The following picture depicts 224 startups with a total investment of $2.5B in 2015.

An example of a proactive program is being implemented at the security and exchange commission, where a $500 million computer system dubbed the Consolidated Audit Trail, or CAT, aims to help regulators better monitor stock and options orders and quickly zero in on manipulators by creating some 58 billion records a day and maintaining details on more than 100 million customer accounts.

While many companies prioritize the protection of their mobile and web based digital ecosphere, the internet of things (IOT) is becoming a large component of the digital presence and needs to be included in the overall cybersecurity program. IOT devices integrate with the digital ecosphere with in many cases minimal human intervention.

5 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y

Figure 4 | Market Penetration of the Internet of Things, 2015, Altimeter

It is incumbent upon all chief risk officers to have a proactive plan to protect the organization from cyber security intrusions and include an early warning program to identify and eradicate cyber security intrusions before they can do their intended harm.

Figure 5| Recent Cyber-security venture capital investments, CB Insights, September, 2015

6 | P a g e | T h e D i g i t a l E c o n o m y a n d C y b e r s e c u r i t y

About the Author Mark Albala is the President of InfoSight Partners, LLC, a business consultancy which provides financial and technology advisory services devised to facilitate focus into the value of information assets. InfoSight Partners is led by Mark Albala, who has served in technology and thought leadership roles and serves as an advisor to analyst organizations and Lynn Albala, an officer of the NJ State Society of CPAs (who leads the financial advisory services offered by InfoSight Partners, LLC). Mark can be reached at mark@infosightpartners.com.