The Hague Centre for Strategic Studies, premium partner of HSD, recently published their report ‘Assessing Cyber Security – A Meta-Analysis of Threats, Trends, and Responses to Cyber Attacks’. The report is written together with authors of TNO, sponsored and reviewed by Hoffmann Bedrijfsrecherche, NLnet foundation, Capgemini Netherlands, the Municipality of The Hague, and endorsed by The Hague Security Delta.
Over the years, a plethora of reports has emerged that assess the causes, dynamics, and effects of cyber threats. This proliferation of reports is an important sign of the increasing prominence of cyber attacks for organizations, both public and private, and citizens all over the world. In addition, cyber attacks are drawing more and more attention in the media. Such efforts can help to better awareness and understanding of cyber threats and pave the way to improved prevention, mitigation, and resilience. This report aims to help in this task by assessing what we know about cyber security threats based on a review of 70 studies that were published by public authorities, companies, and research organizations from about 15 countries over the last few years. It answers the following questions: what do we know about the number, origin, and impact of cyber attacks? What are the current and emerging cyber security trends? And how well are we prepared to face these threats?
The report highlights three trends that point to the changing nature of perpetrators. First, a new cyber crime economy is on the rise. An expanding zero-day exploit market increases the vulnerability of a large share of users. Second, state actors and organized criminal groups are converging capabilities: state actors are increasingly hiring such groups as ‘cyber-mercenaries’. And thirdly, because states are rapidly developing offensive into capabilities, the threat of cyber weapons becoming a major ingredient in warfare is increasing. As for targets, increasing interdependencies, partly due to the advent of the Internet of Things (IoT), are leading to cascading risks. Big Data hosting companies and digital certificate providers have become a focal point for attacks. In addition, our IDs are more and more the focus of attacks, with perpetrators focusing more on ‘who you are’. And finally, GPS positioning, navigation, and timing stand out as a ‘weak link’ in critical systems.
The report concludes that, if we want to provide a more encompassing and comparable assessment of cyber threats, and create greater awareness thereof, we should:
- In line with emerging efforts on the international level1, develop shared, commonly agreed definitions, metrics, and reporting standards to enhance threat assessments. This will guide for more targeted investments in cyber security, on both company and government level.
- Anticipate trends and developments in an early stage to include potential new threats.
- Develop cyber security policies as much as possible evidence based and rely more on data and indicators, rather than subjective perceptions.
- Consider setting up a mechanism to harmonize the collection and reporting of cyber statistics.
The report was handed out to Richard Franken (Hoffmann BV) and Wil van Gemert (Europol) on 16th of April during the Cyber Security Week at HSD Campus.
The report can be found here.