According to ESG research, 31% of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) believe the threat landscape is much worse today than it was 2 years ago, while another 36% say the threat landscape is somewhat worse today than it was 2 years ago.
Why the cynicism? Look no further than the Russian hack of the DNC, as this particular data breach is a microcosm of cybersecurity at large. This one incident illustrates a few important points:
- All data is at risk. Way back when, state-sponsored cyber-attacks were government-on-government affairs, typically focused on military and intelligence. The cyber-theft of design documents for the F-22 and F-35 are perfect examples here. Unfortunately, state-sponsored attacks have gone beyond spooks and soldiers. China went after the NY Times, North Korea breached Sony Pictures, and Russia blew the lid off the DNC. When matched against sophisticated state-sponsored actors, pedestrian cybersecurity defenders are simply fighting out of their weight class.
- The list of adversaries continues to grow. Beyond China, North Korea, and Russia, it’s fair to add Iran, the Syrian Electronic Army, and dozens of other countries investing in offensive cyber operations. There are also plenty of private hackers with good enough skills to do extensive damages. Remember Anonymous and Lulzsec? There are plenty of loosely organized individuals and groups capable of collaborating on devastating attacks for the right political cause or price tag.
- Good guys are underprepared. Based upon my intelligence, it certainly appears like the DNC wasn’t nearly as well-defended as it should have been. I’m not sure if this was because of neglect, miscalculations, or hubris, but suffice it to say that this was the case. Yes, this was a mistake but the DNC is far from alone. In spite of all the data breaches we’ve seen over the past few years, I estimate that half of all organizations have inadequate defenses and cybersecurity skills to counteract today’s threats. Oh, and let’s not forget the global cybersecurity skills shortage. Want to hire skilled cybersecurity professionals to bolster your defenses? Good luck, so do a lot of others.
Just yesterday, President Obama warned of a ‘revolution’ of computer-generated threats to the U.S. and issued an executive directive to outline a response plan. Good effort but not nearly enough. In truth, we as a nation are extremely vulnerable and the DNC hack may be just the beginning.
In my humble opinion, this is a major national security issue. It would be nice to hear about plans and potential solutions from each candidate as addressing this problem will take leadership, collaboration, and resources from the U.S. (and other) governments.