America has a new Department of Homeland Security. Her name is Kirstjen Nielsen and she won the position thanks largely to her background in cybersecurity having previously been a senior member of the Resilience Task Force of the Center for Cyber & Homeland Security. But is cybersecurity even possible? Because it seems crooks can, like melted butter, slip into and through the digital infrastructure of any of the world’s leading organisations.
One hack, two hack, me hack, you hack
Last week, Uber saw 57 million of their customers’ data get swept out from under their feet, and, earlier this year, Equifax watched 143 million records get hacked and stolen. On top of that, in 2016, the online shag-fest, Adult Friend Finder was hacked for 412 million customer records, including names and addresses of its love-rat clientele. In 2014, eBay got caught short when 145 million customers had their data stolen, and the year before that, Yahoo lost 3 billion customer files. To cap it all, it’s starting to look like the Russians hacked the U.S government, maybe just because they could.
It’s quite extraordinary; it seems that for the first time in history, literally nobody, not even the White House, is safe.
With the invention of new technology, we have unwittingly invented a new crime and a new breed of criminal. And rather than make it harder to, let’s say, steal private data in order to extort money, we’ve made it easier.
You don’t need to be a sleuth nor seasoned con-man anymore; you can be a thirteen-year-old kid with anger issues and still wreak havoc on somebody’s, anybody’s, life. In the case of the Uber hack, an ‘unidentified 20-year-old man’, was paid $100,000 by the cab company to delete the stolen data.
If we think about it logically, cybersecurity is going to be a battle that is never won. Despite a whole wealth of physical security innovation and expenditure, Hatton Garden still gets heisted, jewellers still suffer moped smash and grabs, and your house, my house, any house, could be burgled at any time. In the same way, we will never see the end of cybercrime.
The cost of the fight
The two sides of the fight seem to develop their technology at the same speed. One has to assume that these major organisations who are falling victim to hackers are using some of the most sophisticated cybersecurity technology available. And still, the crooks get in.
To look at just a few of the numbers; Forbes projects that by 2019, cybercrime costs with top $2 trillion, others say that number will top $6 trillion by 2021. Last year, Philip Hammond pledged a further £1.9 billion of government funding to fight cybercrime, and, even two years ago, it was reported that the average business was spending $15 million a year in the fight.
That figure will today, I assume, be even higher, and yet major cyber breaches in 2017 are up 27.4% on 2016.
Threats from all angles
Data breaches can happen from the inside, too. Only this year, the private medical company, Bupa, suffered a breach when a disgruntled employee took revenge, and there are plenty more cases of employees doing it for financial gain. When the rewards of breaking the law are greater than abiding it, insider-assisted hacks will always be a possibility.
So, if you can’t stop them breaking in, and you can’t stop them leaking out, I think it might be time to accept that this is now our future. Both as individuals and organisations, everything we put online, or in the wider digital realm, we do so with an element of accepted jeopardy.
That means that before doing so, we have to weigh our options, consider the risks at all time, much like when choosing a route home from the tube station at night.
Just another battle
Each year, the government pledges to spend more on the fight against knife crime; yet, in 2017, 22 people, double the number in 2016, have died from stab wounds on London’s streets. The American’s, at least some of them, fight every day for improved gun control, yet still, we see masses being slain. We spend thousands on personal home security, alarms, CCTV, smart devices, locks, and yet still the bastards climb in through the window with the casual arrogance of a cat through a catflap.
We can spend as many trillions as we like on cybersecurity, but that doesn’t stop cybercrime from being remarkably rewarding for the criminal minded, and that’s why it’s never going away. All we can do is keep making it as hard as possible for the crooks, and hope that the cost of doing so doesn’t end up outweighing the benefits of utilising technology in the first place.