It used to be easy to find bad guys and arrest them. When they committed a crime or threatened someone, we investigated and then apprehended the person responsible. The criminals were real, living and breathing people we could see and put our hands on. That was then—this is now. Cybercriminals are invisible.
According to the Department of Justice, cybercrime is one of the greatest threats facing our country. It has enormous implications for our national security, economic prosperity and public safety. The range of threats and the challenges they present for law enforcement expand just as rapidly as technology changes.
Cybercrime is growing exponentially along with the fear of massive data breaches within government departments. The FBI is the lead federal agency that investigates cyber attacks, domestically and internationally. Cybercriminals target trade secrets from corporations, research from universities and fraud and identity schemes that cost citizens millions of dollars in losses. Sadly, there are also online predators that target children.
These cyber attacks are costly; we spend billions of dollars repairing systems hit by such incursions. They can shut down power and disrupt systems at hospitals and 911 services, causing chaos and confusion and ultimately costing lives.
In a meeting with cybersecurity advisors, President Trump indicated he intends to hold cabinet secretaries and agency heads accountable for any breaches. He surmised the present cybersecurity is likely not up to the required level. Therefore, look for greater oversight of IT managers in the future, along with assistance from Reed Cordish, assistant to the president for intergovernmental affairs and technology initiatives.
What are the biggest cyberthreats the world faces? According to Eugene Kaspersky, founder and CEO of the Russian computer security firm Kaspersky Lab, they are as follows:
1. Cyber warfare
An example of this type of attack recently hit Iran. A malware attack took their computer systems down and the country’s key oil facilities went offline. Should an attack like this happen on a broader scale, entire nations could be plunged into darkness if their power grids are targeted. Our secretary of defense acknowledged the real threat of this happening. In that regard, Congress recently approved plans for our military to use offensive cyberspace methods.
2. Social networks
Why would media such as Facebook and Twitter be a threat? It’s easy to control the masses with “fake news.” We witnessed examples of this during the recent presidential campaign. Once someone plants a rumor on social media, it grows so quickly that the lie becomes believed—perception becomes reality. This new weapon, manipulating social networks, is akin to the dropping of propaganda leaflets over enemy territory during World War II. It was very effective.
3. Hacking attacks
One of today’s most popular targets is smartphones. Kaspersky Labs estimates that criminals who target mobile phones earn from $1,000 to $5,000 per day, per person. Criminals use a SMS-Trojan virus that sends short texts to a number until the victim’s account is depleted. Multiply that tactic by targeting hundreds of thousands of phones infected with the virus, and the result adds up to a staggering amount of money. Kaspersky advises installing security systems on phones.
4. Lack of privacy
Kaspersky believes privacy no longer exists when one considers things such as Google street view, drones, CCTV cameras everywhere, and of course, companies on the web requiring users to provide all types of personal data. Confidentiality cannot be guaranteed.
The above attacks aren’t the only threats. Experts also cite a huge threat known as Ransomware. While not a new problem, it is a growing one. In the past year alone, the number of attacks on businesses has quadrupled. Ransomware attacks make it impossible for a business or government agency to access information via the infected machine(s). Hackers hold the infected machine(s) hostage and request a ransom payment in exchange for restoring access to the company’s files. Cybersecurity experts believe many businesses simply pay the ransom rather than report it.
What’s the solution if your agency or you as an individual are hit with Ransomware? The FBI used to recommend paying it. However, cybersecurity experts say that’s the last resort. Many of these types of attacks are unsophisticated and can be defeated rather easily by shutting down the computer or disconnecting from the network or Wi-Fi. If this doesn’t work, restart your computer in safe mode and restore the files from a recent backup. Hopefully, among the security software you’ve installed is a Ransomware removal tool.
While many Ransomware attacks may be somewhat unsophisticated, others are not. In November of last year the European Commission was brought offline, San Francisco’s Municipal Railway was hit by a system-wide attack, and the Japanese Defense Ministry and Self-Defense Forces were hacked, causing them to fear their internal military network may have been compromised.
Cyberattacks continue to grow
Cyber intrusion problems are quickly becoming unmanageable, mainly because the mindset of most companies and government agencies is one of being reactive rather than proactive. In most boardrooms and government conference rooms, cybersecurity is treated simply as an IT issue, rather than a critical business or national defense problem. Going forward, cyberattacks will continue and become more frequent and complex, and ultimately may be treated as an act of war if there is proof the hacking was state-sponsored.
The scope of the problem is enormous, given that it’s estimated that by 2020 there will be 20 billion devices connected to the internet. Presently, internet security is insufficient. Organizations and device vendors should be planning to develop secure software, and the increased level of protection needs regulation to compel internet users to provide protection.
Future changes may also include the elimination of password protected sites and replaced by advanced biometric software, i.e. fingerprint readers, iris scans, etc. Even more secure may be the implementation of adaptive and behavior-based authentication.
Where have the workers gone?
According to TechRepublic.com, there is a global cybersecurity professional shortage. Jobs in the cybersecurity field have increased by 74 percent over the past five years. Cisco, a worldwide IT company, reports there are one million unfilled cybersecurity jobs globally. This shortage will only increase, according to Symantec Cyber Security Services, and by 2019 the number could grow to 1.5 million unfilled jobs. The U.S. was among the top five nations with the largest shortages of cybersecurity professionals.
A little known problem in the cybersecurity field is lack of interest from job seekers. Not enough people are willing to do this type of work. The opportunities are there, but the interest is not.
The FBI has created the National Cyber-Forensics & Training Alliance (NCFTA) to address cybercrime proactively. The program brings together law enforcement, private industry and academia to build and share resources, strategic information, and threat intelligence to identify and stop emerging cyberthreats and mitigate existing ones. Being proactive is the key to working on a solution to fight cybercrime. Just as important is the sharing of resources and educating new cybersecurity professionals to fight what may be the biggest threat to our nation.