Do Governments and cyber security forces really have a chance against hackers in the cyber wars?
The Chairman of the House Committee on Homeland Security says the nation is “not ready” for serious cyber wars. Texas Congressman Michael T. McCaul, whose committee oversees the U.S. Department of Homeland Security, made the remarks during an RNC Cyber Security Forum meeting in Cleveland Tuesday to draw attention to the nation’s vulnerabilities regarding possible cyber wars attacks.
“We’re not ready for this,” said McCaul, “we are in the cyber wars in the United States and most Americans don’t know it and I’m not sure we’re winning it.” The forum presented views by ten of the nation’s leading experts on internet technology and was sponsored by the Center for Cyber Security and Privacy Protection at Cleveland Marshall College of Law.
FBI and industry reports reveal how quickly cyber threats are growing.
A new study sponsored by IBM estimates 1 in 4 companies will be hit by hackers this year. Computer security firm Symantec reports over a half billion personal records were stolen or lost in 2015. And the latest FBI report 288,012 internet crime complaints were received last year with loses totaling over $1 million.
Dr. Steve Belovich, founder of IQware Solutions, predicts some of the biggest threats are to the nation’s infrastructure as well as intellectual property thefts.
In England on the afternoon of October 26 last year the Metropolitan Police arrived at a house in County Antrim in Northern Ireland to arrest a 15-year-old boy for hacking into the TalkTalk computer network and stealing the personal details of 157,000 customers, including bank account and credit card details. In the days that followed, three more teenagers and a 20-year-old man were arrested in relation to the attack.
The idea that teenagers could overpower a major British corporation inflicting £60 million worth of damage came as a shock to members of the government, businesspeople and the public.
As part of the fall out, investment has poured into the fight against cybercrime. This week, the UK government announced plans to invest £1.9 billion in cyber security over the next five years, and the EU Commission separately says it will funnel €1.8 billion (£1.5 billion) into the industry by 2020. Last year businesses globally increased their security budgets by 24pc.
But law enforcement and corporations are still losing cyber wars, the National Crime Agency admitted this week, reporting that the “accelerating pace” of criminal ability is outpacing the country’s defenses.
“You’ve got the perfect storm of increasingly sophisticated cyber attacks and high adoption of cloud infrastructure,” says Alexis Scorer, a director at technology dealmakers GP Bullhound who specializes in technology.
“The ‘software as a service’ business model has been adopted by hackers, you can rent botnets by the hour. That’s how you’ve got 14-year-olds hacking into corporate networks.” Botnets are one of the weapons in a cyber criminal’s arsenal that can be used to send spam or take a company’s network offline with a Distributed-Denial-of-Service attack.
No amount of money will help overcome one of the greatest difficulties in the security industry though: the lack of skilled people. By 2019 there will be a global shortfall of 1.5 million security professionals, according to ISC Squared, a security certification and industry education body. And the numbers could in fact be significantly higher, given that there are already more than 1 million cybersecurity positions unfilled worldwide, according to a 2015 Cisco report.
Heading up the government’s move to train more cyber defenders is spook agency GCHQ, which sponsors academic bursaries, runs summer camps and training days, holds competitions and has created a cyber excellence accreditation for top universities and masters’ programs. The intention is to spot talent in children and nurture them through their education, with the end goal being a career in the industry.