Cybercrisis: The Sky is Falling
Among the myriad news reports of credit card breaches at retailers, the iCloud invasion of celebrities’ personal data, Obamacare website compromises, military grade cyberattacks, and the latest virus — from heartbleed to the shellshock bash bug, we feel like the sky is falling — and it seemingly is falling faster every day. The search term ‘cyberattack’ on Google News, today yielded 21,000 stories in the last 30 days. We’ve reached cybercrisis. The system is blinking red.
The cybercrisis is prolific and ubiquitous. And it is growing. “It’s getting harder to tell the difference between online crime and terrorism.” according to cybersecurity professor Peter Stephenson.
Armageddon, akin to when the falling sky reaches the ground, is feared by a U.S. regulator, Benjamin Lawsky: “I worry that we’re going to have some sort of major cyber event in the financial system that’s going to cause us all to shudder, an Armageddon-type cyber event.” And something like that could result in war, according to the now retired head of Cybercom and the NSA, General Alexander: “If it destroys government or other networks, I think it would cross that line.” He didn’t reveal if it would be a cyberwar or an actual one.
Despite the cybercrisis, the rate of personal data being sent to ‘the cloud’ is increasing, while only 30 percent of that data is encrypted as it transits the internet, according to Hewlett Packard. That is a treasure trove of data subject to breach.
The rate of dumb devices becoming ‘smart’ in the emerging Internet of Things (IoT) is exploding. Estimates of 26 billion IoT devices within the next five years are astounding. But around 80% of devices today are vulnerable to attack. IBM has laid out the reasons why the IoT is already broken, and suggests an unlikely fix because it will cost too much time and money to implement.
What can we do about this pending calamity? Who is responsible for making us safer? The government? U.S. Cybercom has offensive capabilities at the ready. Law enforcement has cybercrime units, putting fingers in what amounts to a leaking dam and getting some arrests. But is it reasonable to expect the military or law enforcement to take out the home depot credit card theives or the hacker group that completely siphons everyone’s data from Google Drive? In the recent iCloud breach, the vulnerability was posted for the world to exploit Apple’s iCloud, in typical hacker form. This created a potentially massive number of suspects breaching Apple globally. Who should the government go after?
As the security of applications, cell phones, IoT devices, and computers connected to the internet continue to be breached every day, we shake our heads and shrug, but continue to increase our use of them in an era where it is essential to be networked.
The typical consumer influence one would expect in capital markets is less applicable during the cybercrisis. If users dont like an unsafe product, they won’t buy it. If they choose a more secure competitor, the industry rises to compete with better security. But we have no idea what is the safe choice. None of the apparent choices have been spared of data breaches. Where can we safely use our credit card? Where should we store our cloud data? Which bank should we use? Which email choice is safe? Which antivirus should we maintain?
Where are our solutions, options, and recommendations? Congress, who hasn’t passed cyber security legislation in over a decade, mostly due to the classic battle of regulation versus capitalism, has nothing for us. So we hope for the best, fearing that nothing will slow the sky from falling until something tragic happens that affects us all.
