You might remember the story of Stone Soup from your childhood, but if not, here's a short synopsis to jog your memory. Some hungry strangers come upon a town carrying nothing but an empty cooking pot. Local villagers are unwilling to share their rations, so the clever strangers fill their pot with water and place it over a fire. Curious townspeople ask what they are doing, to which the strangers reply they are making "stone soup." Soon, all the stingy townspeople want some of the enticing soup and begin to donate previously withheld items like carrots, potatoes and onions. More and more villages contribute to the soup and in the end a hearty and delicious pot of soup is shared by all.
The story clearly highlights the power of collaboration--a lesson that is extremely apropos when it comes to fighting cyber crime. Online crime has become all too prevalent in recent years, with more and more retailers falling prey to crooks' costly schemes. Many banks are frustrated, and understandably so, as the clean-up costs associated with the growing list of high-profile data breaches continue to mount. But rather than placing blame for cyber crime, we urge you to heed the lesson from Stone Soup: there's more to gain by working together toward a shared solution.
When the system fails, everyone loses. If the data breaches keep happening--regardless of who is at fault--customers will be less likely to adopt new technologies that are coming to market. It won't bode well for mobile banking or mobile payments or other innovative ideas that are yet to come.
Of course, it almost goes without saying that on an individual basis, companies need a well-defined strategy for fighting cyber crime. They need to make sure that they have adequate security measures in place, employees are well-trained in online crime prevention and business partners are held accountable.
It's also become obvious that a large number of companies are going to have to spend significantly more money on prevention and detection. A June study by PricewaterhouseCoopers LLP showed a significant connection between the level of spending on cyber security and the number of events detected. Yet the same survey found that retailers--which have been getting slammed with data breaches left and right--are outlaying significantly less on cyber security measures than other industries. Retailers spend only about $400 per employee, while banking and finance companies spend roughly $2,500 per employee, according to PwC.
Still, no company can realistically expect to fight the massive online criminal world alone. It will take a united team of business leaders from multiple industries, security professionals, and utilities and regulators, to make any real progress. There are some signs of this happening already, but even greater collaboration is called for. According to the PwC study, only 25% of respondents participate in Information Sharing and Analysis Centers (ISACs) and only 15% work with public law enforcement agencies. Sensitive data is only as strong as the weakest link in the chain, and there's way more work to be done.
The criminals aren't going away, but the US will have a better chance of keeping them at bay if everyone works collectively toward a common goal. The reward for doing so will be even more satisfying than a piping hot bowl of vegetable soup.