According to ESG research, 31 percent of cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees) believe the threat landscape is much worse today than it was two years ago. While another 36 percent say the threat landscape is somewhat worse today than it was two years ago.
Why the cynicism? Look no further than the Russian hack of the DNC as this particular data breach is a microcosm of cybersecurity at large. This one incident illustrates a few important points:
- All data is at risk. Way back when, state-sponsored cyber attacks were government-on-government affairs, typically focused on military and intelligence. The cyber theft of design documents for the F-22 and F-35 are perfect examples here. Unfortunately, state-sponsored attacks have gone beyond spooks and soldiers. China went after The New York Times, North Korea breached Sony Pictures, and Russia blew the lid off the DNC. When matched against sophisticated state-sponsored actors, pedestrian cybersecurity defenders are simply fighting out of their weight class.
- The list of adversaries continues to grow. Beyond China, North Korea and Russia, it’s fair to add Iran, the Syrian Electronic Army, and dozens of other countries investing in offensive cyber operations. There are also plenty of private hackers with good enough skills to do extensive damages. Remember Anonymous and Lulzsec? There are plenty of loosely organized individuals and groups capable of collaborating on devastating attacks for the right political cause or price tag.
- Good guys are underprepared. Based upon my intelligence, it certainly appears like the DNC wasn’t nearly as well defended as it should have been. I’m not sure if this was because of neglect, miscalculations or hubris, but suffice it to say that this was the case. Yes, this was a mistake, but the DNC is far from alone. In spite of all the data breaches we’ve seen over the past few years, I estimate that half of all organizations have inadequate defenses and cybersecurity skills to counteract today’s threats. Oh, and let’s not forget the global cybersecurity skills shortage. Want to hire skilled cybersecurity professionals to bolster your defenses? Good luck, so do a lot of others.
Just yesterday, President Obama warned of a "revolution" of computer-generated threats to the U.S. and issued an executive directive to outline a response plan. Good effort, but not nearly enough. In truth, we as a nation are extremely vulnerable and the DNC hack may be just the beginning.
In my humble opinion, this is a major national security issue. It would be nice to hear about plans and potential solutions from each candidate, as addressing this problem will take leadership, collaboration and resources from the U.S. (and other) governments.