The Cybersecurity War is Here, and Everyone is a Combatant
Unlike traditional warfare, cyber-crime respects no boundaries or sovereignties and fails to differentiate between combatants and civilians. Behind a computer screen, every individual feels a sense of anonymity and boundless opportunity. For the average person, the freedom and wealth of information provided by the internet materializes in social media posts, shopping, news, and asking questions too personal for human feedback.
Every tree has a bad apple. Not including the attention-desperate relative(s) that you half-heartedly wish would join a nomadic cult and embrace the isolation of a remote desert, these bad apples steal, threaten, extort, torture, and now kill. At some point, American businesses, individuals, and government agencies have to acknowledge and prepare for cyber-crime by arming themselves with the funds and tools required for defense.
For any reader thinking the headline is a hyperbole, consider these questions:
Can you generate new fingerprints and retinal scans when yours is stolen?
How long will it take your child to recover from the bad credit history that a third-party created when the kid was still in diapers?
How confident are you that during surgery, the medical records will accurately reflect known allergies and critical data? (like current use of blood thinners)
How many days can a business afford to be inoperable following a cyber incident?
Will you want to drive on a highway, going 70+ miles per hour, if all internet-connected vehicles were hacked in a coordinate attack?
Sadly, each of these 5 questions are terrifying realities currently within the capabilities of malicious actors and their keyboards.
Still a non-believer in the severity of the situation? Understandable. Peddling cybersecurity advice is akin to running a funeral home: everyone eventually needs you, but no one wants to be in your office. However, consider these recent events before deciding that upgrading a dated firewall is not an investment priority:
1. September 9, 2020: Female patient dies in Cologne Germany after being transported there from a Düsseldorf hospital that was victimized by cyber criminals. The Düsseldorf hospital suffered a network failure after a ransomware attack. Unable to provide emergency care, the hospital had to transfer the patient, who was ultimately unable to wait for her critical care. Ciaran Martin, formerly the chief executive of the UK's National Cyber Security Centre, said in a speech at the Royal United Services Institute:
“Although the purpose of ransomware is to make money, it stops systems working. So, if you attack a hospital, then things like this are likely to happen. There were a few near misses across Europe earlier in the year, and this looks, sadly, like the worst might have come to pass."
2. September 23, 2020: The Department of Homeland Security (“DHS”) acknowledges that photos that were part of a facial recognition pilot program were hacked from a Customs and Border Control subcontractor sometime in 2019. The DHS inspector general admitted that 184,000 images were stolen, including traveler images and license plates.
3. September 27, 2020: At least 13 Washington state departments and commissions were impacted by a cyber-attack, including corrections, parks and recreation, and fish and wildlife. Likely the result of a nationwide “phishing campaign,” Bloomberg reports that an individual “familiar with the investigation” said “early analysis of the intrusion indicated that the hackers may not have been targeting Washington but rather happened upon -- and took advantage of -- flaws in the state’s cybersecurity system[.]”
A denial of the on-going threat and failure to even take basic cybersecurity precautions like using malware detection software will soon become ip so facto negligence.