In today’s highly connected world, cyber attacks are now widely considered to be grave threats to our national security. Some may simply view the effects of cyber attacks no more than Twitter or Netflix going down for a couple of hours or having to force online accounts holders to reset passwords. However, the attacks of today may have graver consequences as they grow more complex and rampant.
The WannaCry malware outbreak earlier this year crippled numerous computer systems worldwide. Among those affected was the UK’s National Health Service. Several centers were locked out of their computers which caused delays in administering of health care. Two Pennsylvania hospitals were also affected by WannaCry which prompted them to shut down several services. A larger attack to American hospitals could have fatal results. US medical facilities faced 141.4 million emergency department visits in 2014.
In addition, the recent data breach of credit reporting agency Equifax exposed the records of virtually all US adults. Records of 143 million Americans which included critical information such as names, dates of birth, addresses, and social security numbers are now in the hands of malicious actors who could use the data for other criminal activities. Data breaches are often used for identity theft and fraud. Personal information and stolen passwords from other data breaches are often used to compromise other systems.
Now that the country is involved in a stare-down against hostile nations such as North Korea, the US must intensify its efforts to secure its systems. A PricewaterhouseCoopers report cites a 140 percent increase in incidences linked to foreign nation-states. Cybersecurity expert Bruce Schneier claimed that the increase in last year’s distributed denial-of-service (DDoS) attacks might be instigated by a nation-state trying to bring the internet down. There has also been speculation that Pyongyang involvement was a possibility in the WannaCry outbreak. Though in a bit of irony, WannaCry is supposed to have exploited a vulnerability which the malware’s developers learned about from stolen National Security Agency (NSA) records.
Fortunately, the cybersecurity industry has not been sitting idly as threats develop. Improvements in infrastructure, detection, mitigation, and behavior analytics technologies contribute to the arsenal against these cyber attacks. Cybersecurity firm Synack even resorts to crowdsourcing to its network of security experts in order to scan and analyze threats across computer networks worldwide.
New technologies such as blockchain are also lowering the barriers to more resilient tools. Cybersecurity applications of the same technology that powers cryptocurrencies like Bitcoin are now being explored. These applications even encourage the participation and involvement of ordinary users to create a robust defensive ecosystem.
Blockchain-based security service Gladius, for example, offers a platform where users can rent out their spare computing resources in exchange for financial compensation, to protect other systems from malicious traffic. Gladius pools these resources to be used in content delivery and DDoS mitigation services. Private groups and individuals can now be directly involved in defensive efforts against cyber attacks.
Traditional approaches to security where activities and transactions are centralized, with one authority, have their risks. When the central authority is attacked, all of the data regarding such activities are then compromised. Gladius takes advantage of blockchain’s distributed network in order to eliminate the single point of failure exploited by attackers. It is more difficult for these malicious actors to pinpoint a specific target if the network is decentralized and distributed.
Such an approach could also lead to lower costs and more accessible pricing since costs of building and running the infrastructure is distributed among users. This enables more organizations to adopt such powerful tools. Most of the top tier security services are priced at a premium which forces many organizations to skimp on security investments. Still, there is an urgent need for such services. As more organizations implement these security measures, the more secure our collective infrastructure becomes.
The government may already have its share of issues to deal with in shoring up its systems. Infrastructure complexity due to the variety and age of various devices across government offices makes it difficult to update vulnerable systems and plug gaps. However, it’s not only government systems that need to up their cybersecurity efforts. This responsibility may also have to rest upon private organizations and citizens as well.
Private organizations especially companies that store private and identifiable information about its users must increase their efforts in protecting such data. Private users are also contributing to the problem. Poor security practices by individuals such as using weak passwords or using the same password across services readily expose other systems in the event of a data breach. In addition, leaving Internet-of-Things (IoT) devices such as routers, webcams, and smart appliances unsecured also leave them vulnerable to hacks and can be hijacked for use in further attacks.
As technology users, we can either continue to be part of the problem or be responsible citizens who contribute to cybersecurity efforts. Abiding by good security practices is key to playing our part. Blockchain platforms even allow us to concretely participate by contributing our spare computing resources for use in cybersecurity. By being responsible users of technology and participating in such efforts, we could very well become our very own cyber defense force.