How a personal data breach can cause a global crisis
- By John DeSimone
- May 03, 2019
Sophisticated hackers, many of which are employed by foreign nations, are escalating the number of cyberattacks on ill-prepared commercial companies and private institutions. A recent report found there are more than 130 large-scale, targeted breaches in the United States each year, and that number is growing by 27 percent annually. These attacks are well-planned, targeted, and have the ability to severely impact our commercial networks, putting our critical services at risk and creating the potential for a global security crisis.
Despite recent breaches, the commercial sector is not prepared for this continued threat, as C-suite leaders are prioritizing other business initiatives over cybersecurity. Our own data found that corporate boards are not engaged, with most reporting that their boards of directors are not briefed on what their organizations are doing to prevent or mitigate the consequences of a cyberattack.
As corporations now own more than 85 percent of network system domains, commercial networks and nation-state defense are deeply connected. Commercial companies are now the front line of defense, which means that government and private sectors must work together to better defend the networks that our critical infrastructure relies on.
From commercial compromise to national security risk
Commercial industries, including hospitality, entertainment, and retail, have become top targets because of the types of sensitive information they store, which can be used in intelligence gathering. Especially in hospitality breaches, this information can illuminate the patterns of life of global political and business leaders, including who they traveled with, where they are, and when they’ll be there next.
Aside from cybersecurity, this can also create a physical security nightmare for business travelers.
Access to political leaders’ private data also means that foreign threat actors can easily obtain classified government information and leverage this data to disrupt civilian life. This includes taking control of our transportation systems, halting shipping, and altering our energy grid - in fact, it can even lead to a full-blown cyber war.
Understanding that a breach of this nature is a real possibility, the Homeland Security Department recently announced an emergency directive calling for all non-national security agencies to take steps to protect their networks against a cyber-hijacking campaign. This is a step in the right direction, but more needs to be done.
Education and collaboration lead to resilience
Educating all private sector employees on the larger implications of security breaches is an essential first step in reducing risk. It’s easier for people to understand breaches in terms of their own data or intellectual property, but less clear to see how these incidents can lead to far worse problems, including cyber warfare.
As employees better understand the larger risk, executives and boards will follow suit, and begin to seek out opportunities to collaborate with government and the public sector to help prevent such incidents. The closer the private and public sector work together on this to eliminate barriers to information sharing, the more resilient the industry can become.
As we approach the 2020 election season, you can see partnership between the private sector and government beginning to take shape. Corporations are sharing information with government parties that could help secure our elections. But beyond election season, we need to share this critical information. Even small pieces of intelligence can amount to significant findings, which could halt the next crippling cyberattack.
In the midst of today's heightened geopolitical tensions and increased cyber warfare, corporations must understand today's reality - they are a prime target, holding information that if accessed by cybercriminals could lead to the next global crisis. It's time for government and public sector agencies to increase partnerships with these corporations, and together, bolster the U.S.'s cybersecurity posture to avoid future devastating implications.
John DeSimone is vice president of cybersecurity and special missions for Raytheon Intelligence, Information and Services.