There’s a scene in the 1995 movie Heat when master criminal, Neil McCauley, and the police officer on his tail, Detective Hanna, meet in a restaurant. They share similar personalities, and slowly they evolve as criminal and cop together. It’s what makes for a great movie: advantage shifts back and forth between them to eventually end—in typical Hollywood style—with Hanna stopping McCauley.
Heat wasn’t set in today’s world of cyber security, but the dynamic between the two protagonists is suggestive of such an environment. The compound annual growth rate of investment in cyber security services has been 12% over the past few years, and the market is predicted to grow to US$300 billion by 2024. Attacks, breaches, fines, and penalties from cyber crime have naturally increased in tandem.
An Alien Lifeform
The internet wasn’t designed for the way we use it today. Initially, it was simply a means of information transfer for academic and military institutions. Once unleashed as the World Wide Web in the early 1990s, its impact was enough to lead David Bowie to refer to it as an “alien lifeform.” By the turn of the Millennium, it had become a destination for communication, information, and ecommerce. The word “hacker” began to take on sinister connotations through its association with cyber crime. And, as organizations from financial institutions to healthcare organizations and retailers started to collect large amounts of data, criminal incentives multiplied.
The effect of cyber crime on business is enormous. Nearly 70% of consumers are unlikely to do business with an organization that experiences a breach involving sensitive information, according to Gemalto’s “Data Breaches & Customer Loyalty” report. Mastercard's proprietary research further reveals that 12% of customers say they will stop shopping at an affected brand, regardless of the breach type, and of those who stay, 26% will spend less with their cards.
While the internet might not be an alien per se, the mutating nature of modern malware has reduced antivirus software to little more than a Band-Aid. Furthermore, the growth of the Internet of Things (IoT) is rendering human involvement obsolete. The Mirai breach—when traffic from an army of infected IoT devices crippled much of the internet—clearly demonstrated the vulnerability of such a situation. Standard security mechanisms failed to prevent the attack, showing there is more to be done.
Mastercard’s background in digital payments means we build security into everything we do as a standard. We offer this level of protection to our customers through our suite of Cyber Security Services. Developed as an ongoing cycle, rather than a one-off fix, our contextual and quantitative solutions evolve with organizational change and technological advances. For example, our solutions enable organizations to continually re-evaluate risk scenarios—whether involving issues such as shifting data access or emerging cyber crime trends—to remain ahead. As organizations address risks, they can re-evaluate and adjust assigned values according to actions taken.
Cyber crime is never going to be an easy win for cyber security. But, when built to evolve, it should be winnable. If Heat were about traditional, fixed approaches to cyber security, McCauley would permanently be one step ahead of Detective Hanna. And nobody would enjoy watching that unfold. As fiction, it would be a boring movie; in reality, its consequences would be disastrous.