Manipulation of international financial markets will be the next evolution of cyber crime, according to Scott Borg, chief of the US Cyber Consequences Unit.
There is a limit to the amount of money criminals can make through theft and credit card fraud, he told a joint session of the ASIS International and (ISC)2 annual congresses in Chicago.
“But there is no limit to the money that can be made by manipulating financial markets,” he said, speaking at an international policy roundtable on cyber security.
By taking a position in the market and then conducting a cyber attack to discredit a company, criminals can make an almost infinite amount of money, said Borg.
“Even if the beneficiaries are identified, they can always say they took the position based on a rumour in the market,” he said.
Borg, who predicted in 2002 the shift from mass disruption cyber attacks to professional, organised cyber crime, said the next shift to financial markets will transform the field of cyber security.
Christopher Ling, executive vice-president of Booz Allen Hamilton, said that allied to this, the world is facing a potential loss in confidence in the integrity of information systems.
Crawford Samuel, project leader at the International Cyber Security Protection Alliance said one of the biggest challenges in the next few years will be managing personal information online.
“If not managed correctly, personal information online will not only open people up to personal attack, but they will become vectors for attack on the organisations they work for,” he said.
Adam Meyers, director of intelligence at security firm CrowdStrike, said proliferation of cyber attack capability is another likely future challenge.
“We are seeing the emergence of easy-to-use, build-it-yourself malware kits, and it is only a matter of time before emerging countries follow the cyber espionage example of larger powers,” he said.
The enormous challenge, he said, will be trying to figure out what to focus on when faced by multiple state actors looking to leapfrog ahead by stealing intellectual property.
Dave Tyson, senior director, global information security at SC Johnson & Son, said information security practitioners will need to move from efficiency to effectiveness.
“It will no longer be just about efficiency and cost,” he said.
Tyson also predicts that as private sector threat intelligence improves, businesses will be guided by who is attacking them when deciding on how to invest in cyber defences.
Hord Tipton, executive director of (ISC)2, said the underlying challenge to meet all these challenges will be finding enough people with the relevant skills.
In addition to creating more opportunities for people to acquire these skills and join the cyber security profession, international and cross-industry collaboration will be vital to cyber defence in future.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com