I’ve been the red-headed step child for most of my career. Sure, I’ve had my fair share of success in persuading clients and customers to my way of thinking, but where it was once an uphill battle wrought with indifference, the path is now smooth and full of alert, concerned coworkers. I’ve been saying it for years: “Cybersecurity sells itself.” And every time the general public sees or hears about a breach on the news, companies like mine get phone calls. These spectacular displays of evil ingenuity are single-handedly turning a population that was historically reactive toward cybersecurity concerns into a proactive one, and it’s been a long time coming.
My goals for my career and my company are not based on any financial milestones in my mind. I’m happy to leave that for the CFO. Rather, my ideal is to see more than 100,000 networks secured across the globe. By virtue of this, I will have helped millions of individuals worldwide protect themselves against the threats we all face daily. Nothing is more heartbreaking to those in a service industry than to see good people harmed.
I say the above to point out that as long as we have technology that is pervasive in our corporations and societies there will always be people seeking to exploit it for personal gain. Consider for a moment that when the first bank was conceived and built, there was at least one person out there who wanted to rob it. We cannot escape those who will willingly exploit our trust in a system or infrastructure for their own purposes. Finally, we are seeing traction in turning the tide against the black hat hackers in the world.
With major breaches continuously being reported in the news (HBO, Home Depot, Target, Sony, Anthem Blue Cross/Blue Shield), not to mention Russian hacking issues in the U.S. election, we have an entire population of non-technical people focused (for what seems like the first time ever) on their privacy and security. Yes, there are overarching themes of national security and integrity, but for many the question becomes more succinct when they realize that if organizations and corporations with large budgets cannot defend themselves, then how on earth are regular people going to stay protected?
When I speak in front of an audience, no matter the size or even the topic — I inevitably get the question about Russian hacking, interference with the election, and what we can do to protect ourselves and our property. Even my radio show gets questions about cyberdefense from my audience. This speaks volumes to where we are in our collective consciousness.
Consider that we will have 24 billion internet-of-things (IoT) devices up and running by 2020 — devices that corporations and governments have heavy reliances on. As we continue to see a rising threat of IoT hacking due to poor development practices and a lack of built-in advanced security, we’re sitting on the perfect storm: billions of easily compromised devices that can be weaponized against targets around the globe. 2016 kicked off record-shattering attacks using IoT, and it will only escalate from there unless we address these issues at the core level of design and also at the infrastructure level as we deploy them. This single looming issue alone, along with several other growing issues as the next generation of hacking techniques comes to fruition, should be enough to motivate even the most lackadaisical entities into acting, lest they become the next organization to be hit or to be used for hitting others.
So where do we go from here? The hackers have done an excellent job of bringing the cybersecurity industry to the forefront, but how can we translate that into successfully helping corporations, governments and individuals defend themselves? The answer is rather simple: education. I’m not talking about simply enumerating the threats to our various infrastructures — though that is obviously important. Most know at least a few of these issues already. What I mean is that few corporations, governments and other institutions actually realize the impact of being hacked or being technologically hit in some negative way.
Consider two major points in this vein: First, a recent study of global governments shows that while they’re aware of cyberthreats to their infrastructure, roughly 50% of said governments do not have a formal cyberdefense strategy or plan. Second, we have plenty of corporations and governments with vast amounts of intellectual property who continue to be behind in cyberdefense, using outdated strategies instead of the latest and greatest defense hardware, software and methodology. The “if it ain’t broke, don’t fix it” mentality is alive and well, sadly.
We’re all in this together, and in order to defeat the issue on a global scale, it has to begin with awareness for all. We’re only as strong as the weakest link. By virtue of this, it’s important that we share intelligence and educate the world. Hopefully, our future is safe and secure, but this mentality starts with us. Best of luck to us all.