Fragile Cybersecurity Receiving Knocks from Unexpected Quarters

Written by

It’s not an overstatement to say that cyber-criminals are on the prowl, bidding for the smallest opening to launch waves of attacks.
 
Some 60% of European retailers claimed to have seen an increase in fraud from 2017 to 2018, according to a report from Adyen last November, and the fact that 60% of small businesses will close within six months of a major cyber-attack is not a nice pill to swallow.
 
It’s an open secret that agencies responsible for protecting our physical infrastructure at the local, state, and federal levels aren’t spending nearly enough on global cybersecurity. Many CIOs at various levels of governments around the world are equivocal in their expectation of an increase in cybersecurity spending in 2019.
 
According to research from Gartner, Alia Mendonsa, co-author of the report says, "Security is really fundamental to the delivery of digital services overall, and government's greatest asset is data. As the stewards of the public's data, they really need to do everything in their ability to retain that trust."
 
What do we have? The US two-week shutdown almost threw the spanner in the works. The shutdown has been touted the longest in the United States history and with the possibility of another still looming, cybersecurity is seriously receiving knocks. 

Agencies like the Department of Homeland Security’s recently formed Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology (NIST), that handle cybersecurity duties had to carry out their operations with reduced staff. While this may be in order to ensure skeletal services, there is no doubt that it will create opportunities for an avalanche of malicious cyber attacks 

It’s expected that some of the shutdown’s effects will be felt in the short term. According to one report, it was discovered that Transport Layer Security (TLS) certificates for at least 80 U.S. government websites have expired, This is a potentially dangerous situation that could lead to lapses in security certifications. 

Other effects like seeing fewer cybersecurity professionals considering careers with the federal government after these events could be expected to happen in the long term.  A lack of access to the cybersecurity documentation that occurred during the shutdown severely hampered businesses’ ability to develop and implement robust security measures, those that could have been hurt terribly are businesses that depend on the documentation to ascertain they’re following the appropriate guidelines and measures.
 
If anybody wanted to make excuses for the shutdown, it should be taken into consideration that before then, the federal government was not overly known for a robust, consistent security posture. The White House's Office of Management and Budget (OMB) discovered that an astonishing 74% of federal agencies are in urgent need of digital defense upheavals.
 
More than half don't have the ability to classify and index the software that runs on their systems, and only about 25% of agencies gave a nod to the OMB that they are ready to identify and thoroughly assess signs of data breaches. Meanwhile, federal cybersecurity spending continues to lag, with some estimates suggesting it will reach a meager $22 billion by 2022. 
 
Japan is a member of the G7 and is considered one of the topmost technologically advanced nations in the world. So it will be absurd if we start having issues from such a country that will jeopardize the global cybersecurity situation.
 
Yoshitaka Sakurada, 68, is the deputy chief of the government’s cybersecurity strategy office and also the minister in charge of the Olympic and Paralympic Games that Tokyo will host in 2020. He, however, to the utmost surprise of everybody confessed that he does not use computers and that he is not very familiar with cybersecurity issues as reported by the Japan Times.
 
Nobody could have thought that was possible in a world of waves and hundreds of waves of cyber-attacks. What policies is he expected to implement as regards cybersecurity?
 
We know that we are at the risk of cyber attacks on a daily basis but what amazes one is putting our fragile cybersecurity level in a dicier situation. While it’s true that the art of running a government is not an easy one and certain rash decisions have to be taken in extreme cases like the shutdown, measures should be put in place to ensure that people and businesses are not endangered.

Issues like cybersecurity should always be given top priority and adequate funding. Top grade technocrats who are well versed and grounded in cybersecurity, as well as the internet of things (IoT), should be employed to handle such sensitive positions. 

The report that Britain publicly chastised China’s Huawei Technologies for failing to fix long-standing security flaws in its mobile network equipment and revealed new “significant technical issues,” is a welcome development. Proactive measures like this should be taken by governments to ensure the safety of sensitive materials, they should not wait for attacks to occur first before embarking on remedies to mop up the severely damaging after-effects.


John Ejiofor is the founder and editor of Nature Torch, a blog that discusses the impact of humans on our mother nature. He’s a freelance writer and has been featured on some of the top blogs around the world.


What’s hot on Infosecurity Magazine?