The past year has been a year full of cybersecurity threats, big data leaks and rampant hacks. It seems no one is — not SMBs or multi-national corporations, and certainly not the average Internet user. At the start of the year, Kaspersky Labs predicted 2014 would be the year of cyber-insecurity, and it seems they were right. Despite that, there is still no clear strategy for tackling the issue.
Throughout the year we’ve seen cyber-attacks on a larger scale than ever seen before. The problem is so bad that there may be very few services left un-breached.
“[S]ecurity experts now say there are only two types of companies left in the United States: those that have been hacked and those that do not yet know they have been hacked” writes Nicole Perlroth at the New York Times Bits blog.
A large part of the problem is that there is no unified national strategy toward security infrastructure and standards. Companies respond to breaches retroactively, when the data has already been compromised. A lack of strategic thinking could cause companies to overlook the aspects of hacking that are more dangerous, focusing only focusing on the technical aspects of preventing hacks already known.
Scott Borg, the head of the United States Cyber Consequences Unit, told the Times:
People are not thinking about who would attack us, what their motives would be, what they would try to do. The focus on the technology is allowing these people to be blindsided. They are looking obsessively at new penetrations, but once someone is inside, they can carry on for months unnoticed.
This isn’t just a problem for larger companies — smaller businesses are concerned, but many don’t have any plan in the event of a cyber-attack. Consumers also are concerned about their data, and when consumers are worried about something as important as their financial data, U.S.-based services could take a big hit in user numbers at home and abroad if they were compromised.
The key, according to Perlroth and the experts cited in her article, is getting people to care about security. “‘Patch and pray’ is not a strategic answer,” said Dr. Howard Shrobe, computer scientist at the Massachusetts Institute of Technology, “If that’s all you do, you’re going to drown.”
Indeed, businesses need to demonstrate a commitment to users by putting proactive threat detection systems in place. Likewise, consumers need to stop blowing off their concerns and demand better data security. It might also be a good idea for investors to stop rewarding services with terrible security infrastructure with millions of dollars.