For business leaders concerned about the threat of criminal hackers breaching their networks, FBI cyber division chief Joseph Demarest has a blunt message: “You’re going to be hacked. Have a plan.”
October is National Cybersecurity Awareness Month, and Demarest’s frank warning was delivered to members of the Financial Services Roundtable (FSR) at an October 20 event focused on how the private sector and law enforcement could work together to combat hacking threats.
Cybersecurity has emerged as a top challenge for both the private and public sectors. While news accounts abound of consumer retailers and financial services firms being targeted for cyberattacks, the reality is that virtually any connected entity is vulnerable to criminal hackers.
In early October, for example, an attack on the Oregon Employment Department exposed the personal information of an estimated 851,000 state residents. Universities and hospitals have also been targeted for data breaches.
FBI Director James Comey, in a recent 60 Minutes interview, emphasized that the number of cyberattacks on U.S. assets is too large to count—and that the motivations for hackers vary widely.
“I think of it as kind of an evil layer cake,” Comey says. “At the top you have nation state actors, who are trying to break into our systems. Terrorists, organized cyber syndicates, very sophisticated, harvesting people's personal computers, down to hacktivists [i.e., hackers driven by political or social agendas], down to criminals and pedophiles.”
A few facts about hacking activity in 2014:
- An estimated 110 million Americans have had their personal data exposed in hacking incidents in the last year, according to the FSR. That’s half the adult population, and many individuals and businesses are unaware they may have been victimized. And while not every hacking incident results in the exposure of sensitive personal information like account information or Social Security numbers, more incidents mean heightened risk of sensitive data being exposed.
- When it comes to the theft of financial records alone, the numbers are staggering. The FBI estimates that some 519 million financial records—more than half a billion—have fallen into the hands of hackers in the last year.
- Moreover, it’s not just financial records and personal data at risk. Perhaps the fastest growth area in the realm of cybercrime is the theft of intellectual property, often driven by state actors around the world seeking access to U.S. trade secrets and commercial properties.
What can be done to counter cyber threats?
Those facts reflect the sobering truth that, while so much of our lives has moved online to the always connected world of the Internet, that connection has created new vulnerabilities and substantial costs.
The question is, how to address the challenge? First and foremost, leadership from the private sector is key. The Chamber has taken a leading role in promoting awareness of cybersecurity responsibilities among the business community, including the following:
- The Chamber published the free 56-page Internet Security Essentials for Business 2.0 guide for businesses to help improve their ability to counter a cyberthreat or to respond when attacked. (For more resources on cybersecurity from the Chamber, government agencies and other expert organizations, click here).
- This year the Chamber has hosted a series of Cybersecurity Round Table events with state and local chambers to provide education about dealing with cyber threats.
- On October 28, the Chamber will host the Third Annual Cybersecurity Summit in Washington, D.C., to focus on how businesses can work to protect themselves against hacking threats, as well as possible public policy solutions to boost response and resiliency to cyberattacks.
A constructive partnership between the private and public sectors will be necessary to counter cyberthreats, according to U.S. Chamber of Commerce President and CEO Thomas J. Donohue.
“Cybersecurity is an issue of both national and economic security,” Donohue says. “The threats we face from hostile nation-states and online criminal organizations are rising, and growing more sophisticated. Effectively addressing this national security and economic challenge requires leadership and coordination among public policy makers and the business community.”
Click here to register online for the U.S. Chamber of Commerce Third Annual Cybersecurity Summit.