We Can Reduce Cybercrime, But Why Are We Failing?

We always ignore the long-written terms and conditions and  check the sign on “I agree to…..:” Sadly our attitude towards cybersecurity is somehow the same.  
 
Maybe it’s our overconfidence that we aren’t beneficial to cyber criminals or lack of understanding, or capabilities to deal with rising cybercrime; whatever it is, the fact is - we are still failing in protecting our cyber world.
 
So, how about looking at what we now call cybercrime with a magnifying glass intending to combat or at least limit the malicious practices of those mal-practitioners.  Let’s begin how cybercrime evolved! 
 
The beginning of Cybercrime
 
Back in 1970-1995 Kevin Mitnick - the most notorious and groundbreaking hacker in the history of the internet, long before all the other script kiddies showed up on the scene.
 
Mitnick penetrated some of the high-profile networks of the world using social engineering schemes, tricked insiders into access codes and passwords; that was something we now call malware and it’s highly automated.
 
Walking in 1988, the Morris Worm showed up; what started as a small playful exercise launched from MIT, the worm spread faster than anticipated. It went so bad that Robert Morris became the first violator of the Computer Fraud & Abuse Act.
 
It was 2011, when things were shifted into high gear. The most-hyped - Stuxnet Worm, become the world’s first weaponized attack, targeted Iran’s nuclear program, and physically damage their enrichment centrifuges. This was not an act by a prankster, a lone hacker, or script kiddie, but was the work of a Nation State.
 
Another significant change we witnessed in 2011 was the emergence of social media in full swing; another platform for hackers to publicize their work. The LulzSec group hacked and tweeted about their victim’s, then hacked Sony’s PlayStation network in the event that compromised over 77 million users’ information. At that time, most operating systems and even the internet was not aware of strong security.
 
If you ask me the timeline of the internet in a few words, then I would suggest you listen to what Leonard Kleinrock - a professor of computer science at UCLA - said in an interview:
 
“There's a very dark side to the Internet, which we're all familiar with. It started with a worm in 1988, and it became spam in 1994, and now we have pornography, we have denial of service [attacks], we have identity theft, we have fraud, we have things like botnets pieces of software that cyber thieves use to remotely and secretly control your computer, which really worry me.”
 
Aren’t his words true? We all agree with what he said but still not acting accordingly. 
 
The current state of Cybercrime - The Internet become limitless, so does our control
 
So, we have this global network that was never intended to be secure, then suddenly back in 2000 the ‘dot com’ boom appeared on the screen, letting everyone reaching the surface of the internet. 
 
It was the same time when E-commerce comes into existence; we’ve started our medical records, educational records, military secrets, and banking credentials online.
 
Everything is now online: Did I mention that all of this was on a network that was never designed to be secure?
 
What if I ask:  Has our greed played any role in cybercrime problem? Does security exist in a quest to make as much money as possible? Is security too inconvenient for users?
 
Think in this manner: For the first time in history anyone can rob a bank in the US from Russia or anywhere in the world without leaving their cozy home or office; thanks to the Internet for connecting any computer with any other computer in the world.
 
Think about targets…
 
Cyber criminals can not only snoop on our baby monitors and home security systems but also compromise our bank accounts and much more. The most phenomenal data breaches include Target, the US Government’s OPM, Adobe, Sony, Home Depot, Yahoo, Equifax, eBay, Anthem, Marriott, and CapitalOne,  to name some more notable and newsworthy. Did I mention hospitals, where ransomware can shut down access to critical life-saving machines and systems? 
 
Interestingly, there are 4,383,810,342 users using the Internet of Things (IoT)  across 7 billion internet-connected devices and the total number of records breached since 2005 is 11,578,188,519.
 
Let me present you a quick overview of the increasing numbers of the current state of cyber warfare; thanks to Verizon:
 
When you hear about data breaches, you’ll lose count. It’s become so commoditized that when someone announce another data breach, it feels like saying there’s another accident of Interstate I-4 in Florida. 
 
In simple words, it’s become a routine, making us numb to it as violence on the evening news.
 
If we keep ignoring, we might be the next target, then we will be left with nothing but regrets; cure is desirable but prevention is better than cure. 
 
It’s the right time to face those unknown cheapsters and take control of our very-own cyber world in our hands; if we want our kids to be safe from future cyberwarfare.
 
The only solution: Let’s work together… like the cybercriminals do.
 
I can’t and won’t address to all nations, but for our home country - the USA. 
 
Though it sounds siloed, but steps had to be taken, because it’s not hurting the victims alone, but the entire economy. In Europe, privacy is a human right and sadly, it’s not even mentioned in our Constitution (you will only find in the 4th Amendment under illegal search and seizure).
 
Another issue to be addressed at our earliest regarding the secure of our data are is the unknown data brokers. 
 
We all know that data brokers have free reign in the US - as profits are more important to Congress than privacy. Our lobbyists often from the government and work for corporations, including data brokers who in return fund congressional elections. This gives them some power to manipulate our government and laws.
 
Recently I heard that the US Congress conducting a hearing on data brokers and its impact on credit insurance, financial data privacy, employment and housing; forget what Snowden or Assange say our government has on us. 
 
It’s time our government should move toward uniformity of laws; California and Massachusetts have their data privacy laws, while others have little to none, and the feds go another direction. This siloed approach guarantees that we will shortly come up.
 
We are glad that government pushed electronic medical records, but don’t you think it was another example of too much too fast; they themselves became victims - OPM data breach, in which everyone including the FBI director’s identity was compromised. 
 
Do you know, according to HIPAA Journal, there were 2,546 healthcare data breaches occurred between 2009-2018, resulting in the theft or exposure of 189,945,874 records.
 
In short, the same government that cannot secure its own security clearances was and is simultaneously pushing us to be online to get ready for the taking.
 
Let’s face it!
 
Microsoft keeps adding patches on their OS, too many people are spending too much time defending it and looking for ways to exploit it, but we are losing this battle.  We know where we’ve been, and where we are: sadly still in reactive mode with no comprehensive laws to address cyber security and privacy across our nation. 
 
Are we kicking the cybersecurity can appropriately?
 
Yes, we are, but with so little progress and pace; as our US Congress is too busy fighting itself, I wish this partisan politics vanish forever, otherwise cyber criminals who don’t work in silos will still continue to exploit our medical records, banks, military secrets and intellectual property/ies.
 
So, what exactly we should do?
 
● We need real world solutions to manage the growing risk, combining industry executives and experts.
● We need uniform laws and security frameworks for everyone to adopt.
● We need to bring all the states (those investing in cybersecurity and those who are not) to deal with the issue collectively.
● We have come up with regulations, that all the industries supposed to oblige to. 
● We need consistent and comprehensive mandatory security and privacy laws and respective compliance frameworks to meet them. 
● We should also need to work with the European Union and adopt GDPR
 
If constitution is unwilling to address data privacy, it should at least be a human right – especially in this digital age.
 
In the end, we must decide: are we serious about cybersecurity and privacy, or will we continue moving down the path of ignorance and survival in a global game of cybercrime that is active 24 x 7 to take everything from us?
 
We can do the right thing. Can’t we? 
 
Devin Smith writes on  cyber security and technology-related crime at ReviewsDR.         
 
You Might Also Read:
 
One Costly Minute Of Cybercrime:
 
 
« Do Criminals Dream Of Electric Sheep?
The Cyber Effect On Modern Warfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

CSA Events

CSA Events

Cloud Security Alliance conducts a series of conferences around the world. This listing provides a link to details of upcoming events.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Think|Stack

Think|Stack

Think|Stack is a managed IT services company specializing in cloud and cybersecurity with human-centered design.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.