By: Angel Grant, Director, RSA Identity and RSA Fraud & Risk Intelligence and
Russ Schrader, Executive Director, National Cybersecurity Alliance
Think about your life 15 years ago versus your daily habits today. Did you have a smartphone glued to your palm? Or, even one single social media profile? Were your camera, your phone, your alarm clock, and your music player all four separate pieces of plastic and metal?
From the introduction of Facebook in 2004 to the launch of the Apple iPhone in 2007 and the adoption of the cloud to store your music, photos and documents—these tech innovations have altered your life and daily routine, as well as the course of modern history.
Today, it’s not uncommon to have our mobile device(s) by our side to check social media accounts, control the lights in our home, shop online, conduct a banking transaction or to stay connected with family and friends. However, with these changes in human behavior—triggered by the adoption of tech innovation—we have also experienced the consequences of living a connected life: a rise in stolen credentials, massive data breaches, ransomware and other malicious cyberattacks—driven by increasingly sophisticated cybercriminals.
October marks the 15th annual celebration of National Cybersecurity Awareness Month – and an opportunity to take a look at the state and future of cybersecurity in light of tech innovation.
After all, the pace of innovation is not slowing down, and neither is the adoption of new technology. In fact, IoT connected devices have already outpaced the number of humans on earth. From connected watches to connected homes, things we never imagined have become essentials in our daily lives. In the immediate future, everything we touch will somehow be connected. Remember, just 15 years ago we were accustomed to the sounds of dial-up and having to manually connect to the Internet. Soon, 5G networks will accelerate mobile Internet connectivity while introducing a complex new threat landscape. This creates unprecedented threats for both consumers and businesses and opens up a new range cybersecurity and privacy risks.
Some of the biggest and growing threats include:
- Fraud by mobile app has increased more than 600% in the past three years
- Phishing represents 41 percent of all fraud attacks today, and represents one of consumers’ top threats and concerns
- Social media is not only being used as a new marketplace for cybercrime activity, but fraudsters are weaponizing the information you share as a way to socially engineer a malicious attack
- The reverberations of the ransomware WannaCry/NotPetya cyberattack of 2017 are still being felt and demonstrated the global business impact of an orchestrated attack
National programs like National Cybersecurity Awareness Month and increased spending on cybersecurity solutions show that there’s reason to hope that we’ll be able to better address some of these current threats. However, as the pace of innovation quickens, new threats and challenges are inevitable. The risks increase, as do the rewards to criminals.
The way in which we think about privacy and security will need to change as well. For starters, no longer is cybersecurity just the concern of IT teams. For businesses, having IT security as part of a business strategy conversation is essential. Why? Organizations are now repositories of data—a consequential asset–and one that malicious actors are motivated to obtain. As such, businesses must make cybersecurity and privacy a foundational element of their business strategy as consumers have entrusted them to be stewards of their information. A single data breach now has the ability to tarnish that trust and destroy a brand.
At the same time, we now have the opportunity—and responsibility—to use all the data surrounding us as a resource for intelligence. Emerging technologies like artificial intelligence and machine learning are changing the game for cybersecurity, underpinning new efforts to add layers of safety, detect fraud and protect against damaging data breaches.
And finally, as part of this shift to making security a priority, educating employees about cyber hygiene is key. The organization must equip employees with the dos and don’ts to ensure end users aren’t introducing a threat into the network. In turn, having “cyber aware” employees means they go home and exercise those same best practices. As the National Cybersecurity Alliance points out: this is a Shared Responsibility. We each have to work together to keep ourselves, families, communities and our nation safe.
While many security practitioners bemoan the grave outlook of the connected world, there’s reason to believe that through education, collaboration and a new security and risk mindset, we can address the cybersecurity and privacy challenges facing consumers and businesses today, and in the future.
October is National Cybersecurity Awareness Month (NCSAM). Organized by the National Cyber Security Alliance, NCSAM is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. To join the industry discussion, follow @StaySafeOnline, @RSAsecurity or search #CyberAware on Twitter.