Imagine a headline screaming, “$445 billion stolen!” It’s almost incomprehensible. Yet, according to a study by the Center for Strategic and International Studies in partnership with McAfee, that’s exactly what’s happening on an annual basis. The study states that $445 billion is the cost to the world economy each year as a result of cybercrime.

$445 billion. Taken alone, that number is greater than the GDP of the 30^th largest country in the world. It’s heartbreaking to consider how much more innovation and jobs growth the world economy could have benefited from if this money wasn’t stolen. Cybercrime is pervasive and growing. The theme for the final week of 2014 National Cyber Security Awareness Month in the US is “Cybercrime and Law Enforcement.”

The application economy is changing the way we do business and improving the quality of our lives in meaningful ways. However, because cybercrime impedes on levels of trust, we still aren’t able to realize the full benefits of the application economy. There are some key strategies that governments and private industry can implement to help build this trust.

The roles of organizations, vendors and governments

First, organizations can improve the security of their services, and vendors can further improve the security of the products that help secure these services. My colleague, Christoph Luykx, and I discussed these approaches in our blogs during weeks two and three of Cybersecurity Awareness Month, when we talked about critical infrastructure protection and mobile security and secure development processes.

Second, governments can impose stronger penalties for cybercrime in a manner that is commensurate with penalties for other forms of theft.

Third, governments and industry can work together to improve information sharing practices to detect, report, and contain cyber threats. And, for each of these strategies, governments and industry must take steps to ensure that personal privacy is protected.

Finding balance between security and privacy

ePrivacy is this week’s theme for European Cyber Security Month. Some have argued that security and privacy are incompatible, and that policy makers must choose to promote one or the other. At CA Technologies, we believe that security and privacy can go hand in hand, and that both should be considered throughout the solutions development process.

Cybersecurity information sharing among industry and government entities is one of the key strategies necessary to combat cybercrime. Effective information sharing enables companies and government agencies to deploy resources against imminent threats, and allows them to share effective response and mitigation approaches.

Cybercrime in the application economy

In the application economy, automated information sharing will leverage APIs to communicate threats from machine to machine. In this environment, it is vital to authenticate that the individuals or the systems that are communicating these cyber threats and response strategies are who or what they say they are. Otherwise, malicious actors can exploit the information sharing processes and procedures to attack other vulnerabilities.

Identity management and API security is crucial, especially as both businesses and governments make greater use of distributed and mobile platforms to deliver services to customers and citizens. Effective information sharing can also be done in ways that limit exposure to personally identifiable information (PII).

Least privileged access policies and procedures can help ensure that only the appropriate individuals and entities have access to the data necessary to combat cyber threats. Finally, in cases where PII data is exposed to unauthorized actors or entities, there should be effective policies and procedures to provide notification to consumers and citizens in ways that enable them to take actions to protect themselves while preserving effective law enforcement activities.

What the governments are doing about it

Policy makers in Europe and the United States are currently working on legislative approaches to encourage both information sharing and breach notification. In Europe, the proposed Network and Information Security (NIS) Directive encourages member state authorities to exchange information and to increase cooperation to counter cyber threats and incidents, while the General Data Protection Regulation (GDPR) would introduce data breach notification rules, and strengthen citizen rights over their own data. In the US, there are legislative initiatives in both the House and the Senate that facilitate information sharing to combat cyber threats, require private sector data protection programs, and establish national breach notification rules.

The CA Global Government Relations team continues to engage with policy makers in both Europe and the US on these proposals.

Improving security and protecting privacy are two sides of the same coin. Industry should consider both security and privacy in its product development process throughout the development lifecycle. Governments can develop policies that engage stakeholders, enable secure information sharing, promote harmonization, and protect privacy, while allowing for private sector innovation in the application economy.

Increased awareness among citizens, consumers, governments, and private sector organizations is key to further improving cybersecurity and trust in the application economy. At CA Technologies, we are happy that we were able to participate in cybersecurity month on both sides of the Atlantic.

Image credit: EP Technology

The post Combating cybercrime while protecting privacy appeared first on Highlight.