Académique Documents
Professionnel Documents
Culture Documents
having to walk into any bank. According toInternational Business Times, the
Carbanak crime syndicate made up of computer hackers from Russia, Ukraine,
elsewhere in Europe, and China used malware to steal around US$1 billion
from approximately 100 financial institutions over a two-year period starting in
2013. These thefts continue today, and are part of a global plague of cybercrime
with annual costs that are estimated to range from $445 billion to more than $1
trillion.
Although cybercrime is a visible concern for companies and governments in
industrialized countries, one of its most pernicious effects is still largely
unrecognized: It could hamper the growth of emerging economies around the
world. Digitization in most emerging countries has become a key business enabler
for public and private organizations. In Middle East countries that are not in the
Organisation for Economic Co-operation and Development (OECD), for instance,
digital markets are expanding at an overall compound annual growth rate of 12
percent and are expected to be worth $35 billion by 2015. But wherever
digitization takes hold, vulnerability to cyber-attack also emerges. It diminishes
the confidentiality, integrity, and availability of information that governments,
businesses, and individuals alike rely on heavily.
Emerging markets are particularly vulnerable because they tend to have highly
concentrated economies such as the oil and gas sectors in many Middle East
countries. The core industries often become attractive targets for saboteurs; for
example, two major oil and gas companies in the Middle East, Saudi Aramco and
RasGas, have been attacked since 2012. The banking industry is also susceptible;
reports on the Carbanak thefts said they affected financial institutions in several
emerging markets: Romania, India, China, Russia, Pakistan, Nepal, Morocco, and
Bulgaria. (No individual banks were identified.)
There is good reason to believe that such gangs will continue targeting banking
systems in the Middle East and Africa, Eastern Europe, Southeast Asia, and Latin
America, especially when they discover how exposed these systems can be. To
secure their economies, the leaders of these countries must urgently and
aggressively promote a national, strategic approach to cybersecurity.
Cyber-attacks, of course, are unavoidable. What matters is how policymakers in
emerging markets manage this threat. Too often, their responses are tactical; they
approach cybersecurity as a technical issue requiring a technical fix. At the same
time, the shortage of home-grown talent creates obstacles to developing essential
cybersecurity capabilities. The result is a patchwork that leaves gaps and creates
new weaknesses for criminals or hostile states to exploit.
A better approach is to establish a national cybersecurity strategy, undertaken by
a lead cybersecurity entity at the highest national level of government, with
prominent businesses involved. Such an approach increases the level of
protection for all digital ecosystems and makes good use of the presence of large
state-owned companies. It also offers an important economic payoff because
cybersecurity is a critical enabler of digital expansion. For instance, emerging
markets are lagging behind in developing electronic transactions, in large part
because of a lack of trust among consumers and vendors.
To achieve a world-class level of cybersecurity, a country needs a strategy that is
comprehensive, collaborative, and capabilities-driven:
Comprehensive: Ensuring the cybersecurity of a country is a complex
undertaking. A wide array of elements from the public and private sectors, as well
as not-for-profits, must be aligned, which requires a large, centrally led effort.
This may sound counterintuitive, given that so many organizations now stress
decentralization and local initiative, but in the case of cybersecurity,
centralization is critical to ensure that national standards are set by an impartial,
civil body. Although the exact form of this leadership will vary by country, in each
case the central national cybersecurity body should be responsible for defining
and supervising the initiatives agenda. To ensure its impartiality, the central