Skip Links

Network World

Jamey Heary

Why an economic recession could leave companies wide open to cyber attacks

By jheary on Fri, 03/07/08 - 10:41pm.

It seems that everyone and their brother are now saying that the U.S. is in the midst of a recession. The market analysts are predicting that the U.S. GDP will actually go negative this year. It must be official now that even the White House has acknowledged it. This got me to thinking about the effect a recession might have on my industry (IT security). My first thought was that if the profits of companies start dwindling then their IT budgets will predictably follow suit. If IT budgets dwindle then my experience tells me that the security budgets will take an even larger percentage hit than IT overall. When fighting for IT dollars in many cases security gets lost, put on hold, and brushed under the carpet. Thankfully, we now have a proliferation of compliance/regulations (PCI, HIPAA, SOX, etc.) that can compel organizations to focus some budget on security projects.

So, if a recession will force security budgets to shrink at a greater percentage rate then the IT budget as a whole, what does that mean for an organizations ability to defend itself? Well let’s see how a future scenario might play out. Company XYZ will be consolidating their operations into a new location. They must purchase new IT gear for the new location. During the design phase it is highly likely that security controls (FW, IPS, Host, etc) will be reduced or eliminated altogether because of budget restraints. The end result is Company XYZ has just reduced their security posture and ability to defend them selves.

As if the hypothesis that a recession will decrease the security effectiveness of organizations isn’t bad enough; there is precedent that low GDP growth tends to increase the proliferation of new, highly effective cyber attacks. Why is that? Well, I have a theory on it.

Negative GDP growth and a recession bring with them job layoffs and losses. This produces a large skilled IT labor pool that is out of work and has time on their hands. So this brings up a question: Is their a correlation between the number of out of work IT professionals and the number of cyber attacks? I did some research to find out. The bursting of the dot com bubble in late 2000 and 2001 was a horrible time to be in IT. During that time we saw massive IT job loss that resulted in the creation of a large pool of unemployed skilled IT workers. So I used this timeframe for my research.

During this time the U.S. economy saw a large weakening in the GDP growth of the country (as shown in the diagram below).



Image Source: Lombard Street Research
Note that the red circles above indicate economic recessions.

What I found out in my research was that during this 2000-2001 timeframe we saw the proliferation of some of the most notorious cyber attacks ever seen. Here are some examples:

  • 2000 – IloveYou virus launched – Infected 10% of all computer connected to the internet in one day.
  • 2001 – Anna Kournilova worm – Infected over 1 million computers in one day
  • 2001- Code Red and Code Red II worms – In its day it was called the biggest worm incident in the history of the Internet
  • 2001- Nimda – Damage estimated at over 2 billion dollars

Based on this, my research suggests that there is indeed a relationship between slower GDP growth/recessions and an increase in cyber attacks. It might be a result of the mass IT unemployment that recessions trigger. Skilled IT folks who have just been fired, can’t find a job, and have extra time on their hands, seems like the perfect ingredients for whipping up a batch of cyber anarchy to me.

Do you believe there is a strong correlation between recession and cyber threats?
So, will our current economic recession trigger the same cyber assault cycle that previous recessions have? Will we see new, more powerful worms propagating the world in the coming months? Let’s hope not!



The opinions and information presented here are my personal views and not those of my employer.

Not necessarily

0
By glashoppah (not verified) on Sat, 03/08/2008 - 6:12pm.

Interesting conjecture, however your data set isn't conclusive.

To show a correlation you need to graph all attacks for not only the time period in question (the economic slowdown) but also the time between them and then and now. Then you can see whether there were more at the time of the slowdown than any other time.

Didn't Melissa come out in the early '90s? :)

G.

Agreed

0
By quain on Sun, 03/09/2008 - 2:50am.

Agreed, glashoppah. The sample is small enough that a coincidence is possible, and even likely. I also think it is a stretch to think that unemployed technical people with too much time on their hands will resort to unethical, illegal, activities.

If my memory is correct, typical attacks and worms in the early 2000's were performed by young people looking to make a name for themselves or increase their reputation. Off the top of my head, I can't think of any laid off programmers or security professionals launching worms.

Statistics

0
By jheary on Sun, 03/09/2008 - 8:53pm.

I agree the sample size I have available is too small to show a statistically significant result. But we have only had one recession to pull data from that is recent. My purpose was not to show statistical significance but rather put forward the theory that a recession might cause more cyber attacks. Research does show a significant decrease (as compared to 2000-2001) in the number of devastating, high visibility, attacks launched as the economy recovered from the 2000-2001 recession.
But I'd also agree that the attack vectors have changed, from a "look at me" worm to a "I'm gonna hide and you'll never know I'm here" spyware.
-Jamey

Statistics

0
By plynch (not verified) on Wed, 03/12/2008 - 6:28pm.

Jamey,

Isn't also possible that the origin and nature of these attacks have change thus reflecting a variance? In the past (as you stated) attacks were performed for ego and prestige and to be totally honest most were annoyances relative to what we have been seeing over the past 3 years.

It seems to me that the bulk of attacks today are monetarily centered and well organized. The old days of a high profile website defacing have given way to the stealing of PI and financial information, selling stolen identities, etc... A single attack netting 300,000 credit card numbers or 500,000 SSN's would be far more detrimental than the defacing of a corporate website.

This isn't to say that the ego junkies are gone but that their impact may be considered minor relative to a single compromised server/database where all of a companies customer data resides.

Your conjecture may pan out - if the economy turns into a recession and security budgets are cut then this would make prime fodder for the 'new' organized cyber crime syndicates.

Thanks for opening this topic.

Attacks have changed

0
By jheary on Fri, 03/14/2008 - 2:26pm.

I absolutely agree that attacks have changed. But my postulation that the attacks will get worse are not necessarily tied to only high visibility worms/viruses. It just happened that during our last recession those were the types of attacks reaking havoc. I would postulate that during this recession, if my theory becomes validated, we would see an increase in the number and effectiveness of spyware, malware, and targeted for profit attacks. Maybe it is already starting? See here
http://www.snpx.com/securitynews/article.php?title=Thousands_of_Clean_and_Pirate_Websites_Affected_by_Massive_Web_Attack

-Jamey

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Welcome, visitor. Register Log in
About Cisco Security Expert

Jamey Heary, CCIE No. 7680, is the author of the Cisco NAC Appliance: Enforcing Host Security with Clean Access book by Cisco Press. Jamey is a seasoned security technologist with over 15 years in the IT field with 10 years focused on IT security. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey is currently a Security Consulting Systems Engineer with Cisco, though the opinions expressed here are his own. Jamey is a member of Network World's Cisco Subnet blog community.

Contact him.

Archives
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
Categories
15.0 security
Borderless Networks
Cisco
Cisco IOS Security
Cisco Security
FTC
General discussions
H1N1
Heary
ID theft
IOS security
IPS
IT security
Jamey Heary
LANs / WANs
Security
URL filtering
VPN
VoIP / Convergence
Web security
Windows 7 security
Wireless / Mobile
anyconnect 2.4
cisco asa vpn
cisco borderless network security
cisco ip video surveillance
cisco ips
cisco ips 7
cisco ironport
cisco ironport web security
cisco physical security
cisco reputation
cisco vpn client windows 7
cisco vpn windows 7
cisco windows 7 vpn
death of the internet
end of the internet
ftc red flag
genetic coding
global correlation cisco
h1n1 exploit
how will the internet die
human virus coding
identity theft
internet multiverse
intrusion prevention systems
ios 15.0
ios 15.0 security
ip video surveillance
ips reputation
ironport web security
multiverse
physical security video
red flag laws
red flag rules
red flag violations
retail store analytics
router security
security
sensorbase
social engineering
social engineering attack
social engineering exploit
social engineering skills
social engineering techniques
video
video analytics
video surveillance
virus coding
will the internet end
windows 7 sslvpn
windows 7 vpn