“In the past year, one in seven large organisations detected hackers within their systems.” This is the highest level recorded, said the recently released PwC 2012 Information Security Breaches Survey. It was completed in conjunction with Infosecurity Europe and supported by the Department for Business, Innovation and Skills. The survey goes on to say; “This year’s results show that security breaches remain at historically high levels, costing UK plc billions of pounds every year.” The additional summary stats are compelling as well:
- The average large organisation faces a significant outsider attack every week – small businesses one a month.
- 20% of organisations spend less than 1% of their IT budget on information security.
- Customer impersonation up threefold since 2008 – financial services affected most
This survey is Euro-centric, but the stats are similar all over the free world. Between good old-fashioned hackers, Anonymous and other self-described “hacktivist” groups, the world is becoming a much more dangerous place.
When bad guys attack businesses the results can span a range from inconvenient to very expensive to completely disruptive, but what will happen when the country gets attacked? What will Cyberwar 1.0 look like?
China is home to some of the most dangerous hackers in the world. Although the Chinese government denies any formal ties to any hacker groups, most experts agree that the level of sophistication demonstrated by Chinese hackers betrays that denial. It would surprise no one to learn that these groups are funded and trained by a government that can conscript its best and brightest citizens.
Here in the USA, our cyber-defense is lumpy. Our best, most digital businesses are well protected by the smartest cyber-defenders money can buy. If you’re wondering how that’s possible, Google brags that is employs more PhD’s than any other organization on earth. America’s high-tech community is second to none.
Sadly, this extraordinary private cyber-army does not work for, nor is it conscripted to protect our country or its population – it is employed by corporations to protect corporate assets.
Where does our “federal” cyber-army come from? Obviously, municipal agencies and the military do not have the kind of HR budgets, nor stock incentive plans that high-tech companies are famous for.
Let’s review. I’ve got Chinese hackers, who are government-sponsored, highly paid (in relative terms) and fully incentivized vs. American civil servants, whose digital skill sets perfectly positioned them for government work.
We’re doomed. What do I mean by doomed? You know, Armageddon, end-of-days, extinction level event doomed.
Sometime in the very near future, some hacker group (probably from China) is going to hit us hard. Maybe 20 million Americans will wake up one day and find their checkbook balances at zero. Maybe the power grid in the Northeastern part of the country will go dark. Perhaps we will find ourselves with our credit reports altered, or our credit card bills in disarray.
If the hackers are really smart, they may wait until too many people have too much sensitive data in cloud storage facilities, and take them out. If you can think of it, so can a hacker and, I can assure you the outcome will not be good.
Right about now, you’re probably wondering why I have chosen to write an alarmist, fear mongering, sensationalist article about cyber-warfare. The answer is simple: Very few people are paying attention to this subject. Cyber-security is a lot like air, you don’t miss it until it’s gone.
What can you do? First and foremost, get into the subject. Do what you can to understand what your best practices business continuity plan should look like. Start with the question, “What will happen if …” and keep the dialog going. Involve your C-suite, your tech guys and your customers.
Start a dialog with your colleagues. How will your company function under the stress of digital disruption? Where is the breaking point? When do you switch over to backup systems? Who is in charge of the decisions?
In the aftermath of most terrorist attacks someone from some agency goes on CNN and tells everyone how they knew it was coming and how everyone should have prepared for it. Why wait? You can prepare now and, trust me, the economics of your organization will benefit from the planning.
What will the outcome of Cyberwar 1.0 be? If we’re ready, the vast majority of us will never know it happened.