Insecurity: Is $14 Billion Allocated for U.S. Federal Cybersecurity Enough?

Just how big the hacking threats have become in recent years can be seen from President Obama’s budget proposal for the next year, in which $14 billion is to be allocated for federal cybersecurity.
Threats posed by the Internet’s omnipresence range from the tracking of our online activities to using our identity and our computers for criminal schemes.

Everything we are and what we do these days is out there in the cyberspace. It sounds scary, when you think about it. Technology is susceptible to failures, and those failures are often not predictable. If we add malicious human intervention in a form of a cybercrime, hacking, cyber espionage, and cyber warfare into the equation, we can see how the internet can be a dangerous place. It represents an old technology. Its protocols operate on an honor basis, and they should be redesigned to adapt to the new paradigm of cyber omnipresence. Although experts reassure us with the great improbability of a major internet crash, because of the internet’s redundant nature (network of networks) and a number of mitigating technologies in action, individual systems are subject to constant surveillance and abuse.

From military installations and government systems to banks and medical records, everything is underpinned by computer networks. Cybersecurity is therefore a paramount in the world that is completely dependable on networked computers.

Each year, millions and millions of cyber attacks occur daily in the US alone. Apart from national security, the economy is the most vulnerable sector with over $ 400 billion in annual losses on a global level. Every now and then we read front-page headlines heralding recent virus attack, which sends disquieting ripples through the cyberspace. Despite millions, perhaps billions of dollars invested in the development of computer software, each one of them is susceptible to security breaches, due to unnoticed flaws in the system. That is particularly the case in recent years when the accelerated development of the technology and applications, followed by the exchange of a large amounts of data, does not allow enough time to readjust security systems to new threats.

According to the BBC, Europol’s Cybercrime Center identified around 100 cybercriminal gurus behind the majority of serious internet crime activities around the world. Nevertheless, law enforcement agencies have difficulties keeping pace with them, since they operate off-the-grid (as funny as it may sound in this context), across national borders and with ever-increasing resources. Some of these groups specialize in malware R&D which has become a big business in the online markets of Asia, Europe, and the Americas. These days, anyone can purchase criminal toolkit on shady internet forums, and use them without any previous knowledge. One should also be aware that any opportunist can potentially gain access to your personal computer and compromise it in a way to use it as a tool for launching cyberattacks. Some of these computers are subject to auctions on internet forums.

In the same way, anyone can purchase stolen personal or business data, including Social Security Numbers, credit card information, and customer data, which are openly sold in a network of stolen data trading sites. They go so far as to offer a rating scheme, with members’ feedback on the quality of data. We should keep in mind that any information these hackers can get their hands on, can be valuable to someone when put in the context. Any devoted amateur data analyst can make your full profile out of pieces of seemingly benign information that may be found on social networks, airline and travel agencies’ records, online shopping sites without secure checkout, and similar places which usually don’t have elevated levels of protection.

What we can do to mitigate the level of threat we are exposed to when online?
• Experts advise us to reduce the amount of personal information we share online to a bare minimum. Additionally, we should be careful when following links offered in emails, or opening email attachments from unverified sources.
• We should have the latest versions of firewall and anti-virus software installed, with updated patches for browsers.
• Be careful what sites you visit, and what do you download from them.
• Beware when using wireless networks in public places; anyone can assume your identity or access files on your device during a session. Similarly, do not type any sensitive information on public computers, as there may be a spyware installed on them that can record every keystroke.
• Keep webcams off, or even better – disconnected, when they are not in use, since they can be hijacked and activated remotely.
We should put our best effort in keeping ourselves and our families safe. However, if Pentagon, Google, Sony and other giants cannot fully protect themselves from cybercrime, what can we mortals expect?