Over the course of recent years, we have become increasingly dependent on technology. But it’s easy to see that the more dependent we become, the more exposed we make ourselves. You don’t need to jog your memory too far. Think about the big Y2K scare of the year 2000, a phenomenon where computer users and programmers feared that all computers would stop working on December 31, 1999. It was a moment of mayhem, chaos and doomsday dread. With the communications technology (ICT) industry evolving incredibly during this past century, one has to wonder, how secure is it? Seven out of ten organizations say their security risk increased significantly in 2017 (Ponemon Institute’s 2017 Cost of Data Breach Study). This is only one of the number of issues that are going to be discussed at WCIT 2019!
So what exactly is cybersecurity? According to Kaspersky, cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. While data is becoming more and more valuable, security challenges tied to big data also grow. It is a wormhole of issues circling controls which need to be placed around not only the data itself but also around the systems and applications which store data! Any kind of risk associated with a malicious attack depends on three factors: threats (who is attacking), vulnerabilities (the weaknesses they are attacking), and impacts (what the attack does). Considering how dependent our society is on technology across different layers from the public to private sectors, these attacks can have dire consequences for our national security, economy and overall safety. Efforts need to be placed in making sure that such risks are reduced, by seeking out where we are most vulnerable and bolstering their security against such a negative impact.
Who is Attacking
Everything is liable to exploitation by attackers like hackers, criminals, and even hostile governments. The attacks are becoming more sophisticated. We’ve gone beyond the geeky teen hacker in their parents’ basement to more organized hacking organizations, hacktivists, and perpetrators of organized crime. This raises a real challenge for users and creators alike. We can classify cyberattackers broadly into five categories: “criminals, intent on monetary gain from crimes such as theft or extortion; spies intent on stealing classified or proprietary information used by government or private entities; nation-state warriors who develop capabilities and undertake cyberattacks in support of a country’s strategic objectives; “hacktivists” who perform cyberattacks for non-monetary reasons; and terrorists who engage in cyberattacks as a form of non-state or state-sponsored warfare.”
What is Being Attacked
Modern-day civilization would not be able to function without the systems that we have in place. These systems are easy to take for granted. The fact that they are so susceptible leads to a serious threat to our society at every level. Everything from the government to the international infrastructure, business, and institutions, private individuals, civil society. All layers are at risk. 31% of organizations have experienced cyber attacks on operational technology infrastructure (Cisco). Think, for example, about how sensitive the commodity we have all come to be reliant on, e-commerce, is in terms of security threats and hacking! With such an influx of payment exchanges taking place over the internet from groceries to electronic products, we need to be careful in how we deal with threats of identity theft and cybercrime. According to statistics from 2017, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27% per year (Accenture). It is becoming a literal race between the attackers and defenders of the cyber realm.
What Does The Attack Do
One eye-opening example took place in 2016 when Syrian-linked hackers attacked an American water district’s industrial control systems. They were able to manipulate the system and change the number of chemicals flowing through the water supply. Thankfully, no one was harmed in the incident, however, it proved just how vulnerable the technology linked to the infrastructure truly was. Defense systems such as antivirus software, firewalls or email filters simply didn’t cut it. A more comprehensive cybersecurity approach is necessary. This is true across the board. Another example is, of course, Democratic presidential campaigns where there is certainly an urgency for tightened digital security. In one case, senior staffers were managing processes from their own personal Gmail accounts. In another case from April 2018, Republican party members admitted to having four of their senior officials who were managing the national party’s House races to be hacked by a complex yet anonymous player. While there are trainings for new employees in the basics of cybersecurity, it seems like the number one weakest link in when it comes to a cyber attack is blatant human error.
Pushing Towards Protection
Around 24,000 malicious mobile apps are blocked every day (Symantec), and cyberattacks on all levels can cause serious damage operationally, economically and in terms of overall security. While there are comprehensive antivirus databases, like Kaspersky Lab, which detect and prevent systems from being infected, there are still so many things that need to be done if we are really going to push for a more secure cyber world. At the same time, we have to think about how placing controls and security into place may then stifle innovation altogether. The first step in managing a crisis is being ready for one, which is why we need to touch upon these problems now! It’s time to sit down and assess our vulnerabilities and understand what we can do to build a system that protects us without hindering further development. It isn’t a small task, but it is one of the topics that will be discussed at WCIT 2019.