News

Searching For Cyber Safety

Michael Daniel, White House cybersecurity coordinator, describes cyber attacks as the “new normal.”

Michael Daniel, White House cybersecurity coordinator, describes cyber attacks as the “new normal.”

Proofpoint, a California cybersecurity firm, reported in January that hackers had infiltrated as many as 100,000 Web-connected consumer devices and home appliances — including televisions and at least one refrigerator — to generate 1 million malicious email attacks.

Those reports followed the theft of personal data from as many as 70 million Target customers during the 2013 holiday-shopping season.

An increasingly wireless world has made it possible to check home thermostats and lock doors from a distance. But as more daily business takes place over wireless systems, hackers have more ways to gain access to personal data.

And privacy may not be the only thing in danger. A June 2013 U.S. Food and Drug Administration advisory urged makers of health care devices to take additional measures to safeguard their products after receiving reports of malicious software — or malware — on hospital laptops, tablets and other wireless devices containing patient data and controlling patient-monitoring systems.

“If you think you have privacy in the electronic age, you don’t,” said Jim Simon, owner of cybersecurity consulting firm i.e. LLC, who spent nearly 30 years as a CIA analyst and also formerly served as Microsoft chief strategist for Microsoft’s worldwide public sector.

Yet Simon says public awareness of cybersecurity risks still lags, even after the Target breach and other recent hacking incidents, including intrusions at Citibank and Google.

Simon says he worries most about the danger to ordinary people who have no sense of their vulnerability and who lack access to expertise or assistance if they are victims of identity theft or another form of cybercrime. Police, judges and prosecutors lack training in understanding and responding to such attacks while praiseworthy efforts, notably by the Secret Service’s National Computer Forensics Institute are predictably underfunded, he said.

Just as bank robbers used to rob from the rich because that was where the money was, technology has made it lucrative to target the less affluent through massive breaches that steal small, barely noticeable amounts from a massive number of victims.

“There’s no one there to help,” Simon said. “We’re so far behind, it’s frightening.”

The consensus is the landscape will become scarier still. Internet-security firm McAfee in a 2014 report predicted increasingly sophisticated means of cyber attacks to include “self-deleting malware” that covers its own tracks after subverting a target.

Concerns over escalating attacks are driving growth of technology firms focused on data protection. Dallas-based consulting firm MarketsandMarkets predicts new threats amid the growing use of cloud computing, data centers and mobile technology that will propel the global cybersecurity market to $120 billion by 2017.

The U.S. cybersecurity market will grow by more than 6 percent a year from 2013 to 2018 to reach a value of $65.5 billion, Market Research Media Ltd. forecast in 2013. In a March 2014 story in Forbes magazine, FireEye CEO Dave DeWalt said he doesn’t see any limit to market opportunities in the cybersecurity space.

Commercial firms are investing in new protection systems, as is the federal government. In addition, Simon said policy and law will provide critical protection. For instance, he thinks secure, encrypted mobile phones could be widely available within a few years as consumers better understand their data theft exposure and create demand for them. But questions over how to balance personal privacy with access to data by law enforcement agencies still must be worked out, he said.

More rigorous hiring procedures can deter attempts to mine customer data from inside companies, while better analysis of supply chains is another element of addressing vulnerabilities, Simon said.

“It’s a policy problem more than a technology problem,” he said. “It’s going to take a major disaster to work out the line between privacy and security."

In any case, solutions will need to evolve to keep pace with attacks.

“Every time technology advances, attacks increase,” Simon said.