If anybody in the U.S. hadn’t heard about cyber security before 2016, you can bet that they’ve heard about it by now. From Russian hacking and interference during the 2016 election, to the Dyn DDoS attack that shut down Internet traffic on the East Coast for half a day in October the same year, cyber security began to dominate the headlines, especially toward the end of the year.
The year 2017 hasn’t seen any type of slowdown in terms of cyber security incidents. The UK Parliament was recently hit by a cyber-attack, and ransomware damages alone are projected reach $5 billion by the end of the year, a fifteen-fold increase since 2015. On top of that, cyber crime damages in general are projected to reach $6 trillion (with a “t”) by 2021, up from $3 trillion in 2015. Even President Donald Trump has acknowledged the growing dangers presented by cyber crime:
“Cyber theft is the fastest growing crime in the United States by far,” he told a group of veterans in an October 2016 speech in Herndon, VA. “As president, improving cyber security will be an immediate and top priority for my administration.”
Trump’s comments came before the DDoS attack, or even the revelations of Russian hacking — but unfortunately, cyber security measures in this country haven’t gotten much better. In fact, some have even gone so far to claim that cyber security is dead.
Cyber Security is Dead
Mike Baukes, co-founder and co-CEO of cyber resilience platform UpGuard, recently wrote a piece for Forbes titled Cybersecurity is Dead. He starts by describing how cyber security companies often portray that they have a “full package” that can keep consumers and their information and infrastructure safe:
“For most consumers and enterprise customers, they believe cybersecurity programs will be able to protect systems against all hacks and breaches — a belief more or less encouraged by such [cyber security] providers. The reality is no company can do that.”
Not only can no company protect against all hacks and breaches — nobody comes close. And according to business author Cole Mayer, not only are these attacks impossible to prevent, but most cyber criminals and and scammers are never caught. This is due in part largely to user and manufacturer error, not just the malicious intent of cyber criminals. Some surveys have shown that just 23 percent of businesses look at cyber security as one of their primary concerns, while Gartner has shown that mere misconfigurations (not vulnerabilities) are at the root of anywhere between 75 and 99 percent of all breaches, depending on the platform.
In no other instance was this more apparent than with the Dyn DDoS Attack of 2016. No matter what type of security people may have thought they had, three letters have been introduced to society that have changed it forever, in terms of security: I. O. T.
The Internet of Things
The I.O.T. stands for the Internet of Things — the vast network of connected devices such as smart televisions, wireless refrigerators, connected cars, etc. — and represents one of the most unsecured infrastructures in cyber security history. Wired Magazine dubbed the IoT “wildly insecure” as far back as 2014, and many others had reported on the potential for a major attack for years, right up until the largest DDoS attack in history took half the internet offline for a day.
The major problem is that manufacturers are building IoT devices with poor security, even though they know the risks, as proven by the Dyn DDoS cyber attacks. Cyber security is absolutely dead if the manufacturers of vulnerable devices don’t wake up and start implementing better measures soon, because what their lack of current action would be laughable if its implications weren’t so serious.
While the manufacturer obviously has a responsibility to build secure devices, just as a contractor would be responsible for building a house with doors and windows that lock, the consumer also has a responsibility to demand these securities or live with the consequences, just as a homebuyer would if they purchased a house without doors and windows that lock. So how can consumers and end users protect themselves?
The Formula to Fight Cyber Threats
Unfortunately, cyber attacks are only going to rise in number and will occur in higher frequency. Growing global tensions mean that cyber threats will grow in scope vastly beyond the ransomware extortionist looking for a couple of bitcoins, and will more often include state sponsored attacks with highly elaborate software designed to destroy assets and perhaps endanger lives. Besides the promise inherent in new technological frontiers such as the blockchain, the only thing that can protect people in a world where information is weaponized is education.
The going is slow, but even the Girl Scouts have begun educating their own, offering badges for cyber security. Technically they are still developing the tasks that girls will do to earn their badges, but the fact that this type of education is being offered to those so young — and not only that, but young girls — underpins just how serious it is that the reality of cyber danger is a clear backdrop to younger generations’ lives. Especially when the latest Cybersecurity Jobs Report by Cybersecurity Ventures estimates a worldwide deficit of 3.5 million qualified cybersecurity professionals by 2021.
Sure, the outlook might be grim. As it stands, cyber security certainly does seem dead, and you can bet that it will stay that way if manufacturers aren’t willing to create products with better built-in measures against cyber threats. However, with the right educational measures, the right pushes to our youth in their development, and the right response from consumers, perhaps, like Lazarus, cyber security will rise from the dead. Time will tell.