How much do hackers cost businesses? Stanford conference seeks to find out

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.mercurynews.com/business/ci_24458043/how-much-do-hackers-cost-businesses-stanford-conference

Governments and businesses spend $1 trillion a year for global
cybersecurity, but unlike wartime casualties or oil spills, there's no
clear idea what the total losses are because few will admit they've been
compromised. Cybersecurity leaders from more than 40 countries are
gathering at Stanford University this week to consider tackling that
information gap by creating a single, trusted entity that would keep track
of how much hackers steal.

Chinese Minister Cai Mingzhao acknowledged there are issues of trust to
overcome -- with some U.S. cybersecurity firms pointing to attacks coming
from the Chinese military. But he said countries must work together.

"In cyberspace, all countries face the same problems and ultimately share
the same fate," he said.

Mingzhao also urged counterparts to establish new international rules for
behavior in cyberspace, a move State Department cyberissues coordinator
Christopher Painter said isn't necessary.

I don't think we need a new global instrument for all these different
issues," he said, noting the adopting worldwide rules would take 5 to 10
years "and you end up with something that's not as strong as what we have
now."

Painter, who spoke after Mingzhao, said a U.S.-China joint cybersecurity
working group announced by Secretary of State John Kerry in April has
already met once and is moving forward on cooperating against third party
threats.

It's crucial work, said Stanford University economics professor John
Shoven, who directs the Stanford Institute for Economic Policy Research. He
warned of the "tremendous disruption the lack of trust in the security of
the Web would do to the economy."

"We can't let that happen," said Shoven.

Sergio Benedetto, president of the Institute of Electrical and Electronics
Engineers Communications Society, noted that the Internet can be mysteries
for non-experts.

"For many diplomats and politicians, the world of cyberspace is still like
a roomful of scattered puzzles," he said.

Thus, he said, scientists need to be a part of important global discussions.

One key initiative many agreed on was to create the first worldwide, high
level benchmarks for cybersecurity, in hopes of getting better assessments
of the frequency and damages of cybersecurity compromises.

The Cyberspace Cooperation Summit was the fourth annual gathering sponsored
in part by the EastWest Institute, a global security nonprofit organization.

Institute chief technology officer Erin Nealy Cox presented a plan to
aggregate losses and begin to identify the true costs of cybercrime.

"Our recommendations offer the means to break through the logjam that
prevents effective data collection, analysis and reporting, and such global
information and intelligence sharing is critical to bolstering security
efforts around the world," Nealy Cox said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.