Executives in Davos Express Worries Over More Disruptive Cyberattacks

DAVOS, Switzerland – Executives from Target and Home Depot were not present at the World Economic Forum, where world leaders and corporate titans are rubbing shoulders and debating weighty issues.

Yet the names of those two companies are being invoked several times a day here, held up as examples of early victims in the growing battle against cybercrime.

Hackers stole credit card information from 40 million Target customers in late 2013. Last year, Home Depot was hit with a similar breach. And those are just two of a growing list of embattled businesses that includes JPMorgan Chase, Sony and others.

Executives were broadly pessimistic on the topic, believing that although a number of prominent cyberattacks occurred in 2014, this year would only be worse.

“The number of security incidents this year will be exponentially greater than last year,” said John Chambers, chief executive of Cisco, the big Silicon Valley technology company.

And not only are such incidents becoming more common, they are getting more disruptive.

“We haven’t seen the worst yet,” said Vishal Sikka, chief executive of the Indian outsourcing giant Infosys. “I think we’ll see five times as many bad incidents as we did last year.”

Though Infosys has so far escaped a major attack, Mr. Sikka said that his company was being more vigilant. He added that Infosys had regularly fended off smaller, unsuccessful efforts to penetrate the company’s network.

“You can never win,” said Robert Smith, chief executive of Vista Equity Partners, a private equity firm that invests in enterprise technology companies. “It’s a constant battle to stay even or stay ahead.”

Noting that the scale, scope and sensitivity of the data being stolen continued to become more problematic for companies, Mr. Smith also warned of a tough year ahead for fighting cybercrime.

“The security breaches that we had in the last 12 months are going to pale in comparison to these that we’re going to have in the next 12 months,” said Mr. Smith.

The chief executive of Sony, the company at the center of the most disruptive recent hack, did attend the forum in Davos on Thursday.

At a private lunch, Kazuo Hirai of Sony discussed the attack that briefly shut down the company’s computers, exposed thousands of sensitive documents and emails, and scuttled the release of the movie “The Interview.”

Details of his remarks were kept confidential. But according to people in attendance, he did not say whether he believed that North Korea was behind the attacks, as the Obama administration has asserted.

The Sony hack was particularly alarming not because it was aimed at stealing data for a profit, but because it was apparently intended to humiliate and debilitate an entire company.

“The issue around Sony is a different issue,” Mr. Smith said. “We’re not just going to take your data; we’re going to use your data to embarrass you.”

But as some companies grapple with the effects of hacking, others see the growing threat of cybercrime as a business opportunity.

“We’re going to become the number one security company,” said Mr. Chambers of Cisco. Already, Cisco has acquired one big security firm, Sourcefire, for $2.7 billion. And Mr. Chambers said more such acquisitions would follow.

Mr. Chambers said security issues were part and parcel of an increasingly digital world.

“Everything will become more digital,” said Mr. Chambers. “Every city, state, small business, large business, car, home, highway, and everything you wear.” And when that happens, there are more opportunities than ever for hackers to penetrate secure networks and steal sensitive data.

In turn, Cisco is trying to create security products for public clouds, private clouds, wide area networks and devices. “I don’t focus a lot of the on the symptoms,” said Mr. Chambers. “I go back to the underlying issue and ask how do you fix the illness.”

Yet for most big companies, simply staying ahead of the hackers remained the priority.

“The one thing that really scares me is that if someone wants to get into your system, they can get in,” said Richard Gelfond, chief executive of Imax. “Almost no amount of money will keep them out.”

Not that he isn’t trying. Mr. Gelfond said Imax had established a series of internal firewalls that prevent any one person from having access to too much of the company’s technology.

“For us, there are two holy grails that we have to protect,” said Mr. Gelfond. “The first is movies, the second is intellectual property.”

But he admitted that despite the company’s best efforts, hackers would be trying to break into Imax’s systems. “Think of the value of an advance copy of the upcoming ‘Star Wars’ movie,” he said.

The enhanced focus on security was reflected in the event’s official agenda. A panel titled “Fighting Shadows” will take place on Saturday, featuring the president of Estonia, Toomas Hendrik Ilves; Bradford Smith, the general counsel of Microsoft; and Eugene Kaspersky, a Russian Internet security expert.

“Three years ago when you talked about security, you didn’t get much interest,” Mr. Chambers said.

Jonathan Zittrain, a Harvard University professor of law and computer science who will also be on the panel, said he hoped industry professionals could begin to make gradual fixes to the Internet that would make all companies more secure.

Small improvements, like software that detected unusual patterns in Internet traffic or suspicious attempts to access data, could help stop hackers before they caused too much damage. Such small, incremental steps could make the web gradually safer for individuals and companies, and less friendly to hackers, Mr. Zittrain said.

“This is a moon shot going one step at a time, rather than fling a missile and hoping it hits,” Mr. Zittrain said.

Mr. Zittrain and others acknowledge that a more holistic fix is a long ways off. In the meantime, tech executives like Mr. Chambers don’t pretend that they can make the problem go away.

“There is no secure data center in the world; they have all been broken in to,” Mr. Chambers said. ”We can help you prepare for it and minimize the damage when it does occur.”

But the message to companies was clear: The hacks will continue to occur.

“You will get a data breach, period,” Mr. Smith said. “If you think you haven’t been attacked, you’re lying to yourself.”

source: http://dealbook.nytimes.com/2015/01/22/in-davos-executives-express-worries-over-more-disruptive-cyberattacks/?_r=0