More than 20 million South Koreans have had their names, social security numbers, and credit card details stolen by an engineer. City officials everywhere should take note.
The contractor working for Korea Credit Bureau stole data on the 20 million people -- which is around 40 percent of the country's population -- and sold it to on marketing companies. He has since been arrested, and so have the managers of the firms that bought the data. The fact that this can happen in one of the world's most technologically advanced and digitally connected countries should be a warning to cities.
The steps national and city governments can take to stop cyberattacks are covered in a report called "Risk and Responsibility in a Hyperconnected World," which was published last week by the World Economic Forum and business adviser McKinsey & Company. It said that the private and public sectors need to work together, and that businesses and technological innovation will suffer if that doesn't happen.
An estimated 40 percent of people in South Korea have had credit card details stolen.
(Source: mariosp via Flickr)
One big challenge is that there are so many different threats. Cyberattacks include retail fraud, invasions of privacy, and intellectual property theft; and they can be carried out for reasons ranging from personal greed to terrorism. It is almost impossible for the "real world" to move fast enough to cope with these changes.
Cyber-security is not just an issue for big companies and governments worried about losing their data, but also for regular citizens. I can't remember the last time I called my bank, ordered a flight from a person, bought a DVD in a shop, or called insurance brokers to get car insurance quotes. The large number of digitally enabled products and services means cyber-security is now a socio-economic issue. If companies and cities fail to address online security there could be a backlash against such products.
In South Korea, the huge data theft revealed yesterday has provoked fears from citizens about whether their data was leaked. Prime minister Chung Hong-won has promised significant punishments for those found to be responsible.
This kind of backlash could also hamper cities’ efforts to use technology to become smarter. What does the report say city officials can do to prevent this happening?
The first step is to find which information is most valuable. It isn't possible to protect everything, and so those working in the private and public sectors must focus efforts on what is most important. This means city staff must be trained so they know what value they should put on different datasets; and realize that they should incorporate security at the start of tech projects rather than bolt it on later.
Cities can also help national efforts to protect security. Every country connected to the Internet needs a comprehensive national security strategy linked to policies in other countries. City authorities can help support such policies by taking part in the debate about cyber-security with national leaders and citizens; and develop systems to support law enforcement officers to tackle cyberthreats. One way of doing this is by supporting and funding the "white-hat" hackers who try to improve security.
The WEF report concludes with three scenarios of how cyber-resilience could evolve until 2020:
Muddling into the future: The level of threat rises incrementally, and defenders continue to respond to attacks reactively. No power global bodies emerge to lead the fight against cyberthreats; and most business leaders continue to make decisions without factoring in cyber-resilience.
Cyberattacks prompt digital backlash: Frequency of cyberattacks rises significantly, and a lack of international cooperation hampers efforts to boost defenses. Fear of cyberrisks significantly delays adoption of new business and technology innovation.
Cyber-resilience accelerates digitization: Public and private sectors work together to improve defences, limit the use of attack tools, and stimulate innovation. There is also international collaboration to investigate and prosecute the people responsible for cyberattacks. People feel confident in the defenses, and tech investment grows.
Number three is clearly the dream scenario, but number one conforms best to my skeptical belief that nothing much changes. What do you expect?
— Rich Heap, Community Editor, UBM's Future Cities