Here's the tough reality: Cybercrime isn't a new threat that just appeared out of nowhere.
The threat has been building gradually since the rise of the internet. We just have this habit of refusing to look a problem in the eye until it's knocked us flat and we're staring up at it, scrambling for solutions.
Significant data breaches have been increasing within the United States since the beginning of the 21st century, and here we are today, 20 years in, with little to show for it. Two decades and we're complaining that we haven't had enough time to train cybersecurity professionals or thoroughly educate the public about basic security habits.
With technology evolving at a pace that we are stretched to keep up with, both state and federal government institutions need to buckle down and come up with a plan soon because what's being used now isn't working.
Image Credit: Pixabay.com
Consider the implications of this statement by Infosec Skills author Emmanuel Tsukerman: "It might become hard to tell who the content is written by-- if it's really written by a human." If that doesn't give you the chills when coupled with the imminent rising of our AI overlords, then I'm not sure what will.
Technology as we know it is evolving at a fast pace. We are headed at lightspeed toward a reality that we have only imagined in our wildest dreams.
Deep Fake learning involves neural networks that allow the possibility of making it look like anyone is saying anything. Consider your daily Facebook scroll, the sure intellectual death of us all.
A shocking 41% of social media users feel that they are wasting valuable time when it comes to their social media habits, which they continue to pursue despite this guilt. And how exactly are we spending that time?
Viewing posts where someone is heralding their political view as the next best thing since sliced bread (or since their last great idea that they came up all on their own and definitely did not take from some overrated public figure they just so happen to idolize). How often do you see news shared from questionable sources with such intense fervor that it absolutely cannot be anything other than the truth?
Already this type of ignorance is prolific and leaches into every facet of our life, destroying relationships and creating generations of irresponsible web-users who use their newfound ignorance to destroy the structure of society as we know it. We are plunging ever deeper into a world of people that think the earth is flat, the environment is just fine, and every entity that is not the US is obviously a threat that should be neutralized.
Mix this all together with our naïve delusion that anything in a video must be real and the ever-growing threat of deep-fake learning and it doesn't take much to see the dangerous path that we're on.
Emmanuel goes on to describe the process by which a machine could potentially target an individual on social media. Via machine learning, a virtual bot analyzes all tweets belonging to a certain user, identifies a trend in interests, and posts in regards to those interests. Basically, your reality is fake and you're officially living in the matrix, specifically the one from your worst nightmares.
It's not just individual users on social media who are vulnerable. The fact that homes are now connected thanks to the prevalence of IoT devices, which are very vulnerable to hacking. As Canadian cybersecurity expert Ludovic Rembert of Privacy Canada notes, there are effective security systems that people can use to help secure their homes and devices.
"It never hurts to be careful when protecting the ones you love and your valuable possessions against would-be threats," says Rembert. "Luckily, in this day and age, there are plenty of options. There are certain services that allow you to have a state-of-the-art security system without doing one thing to get up and running. Just like that, you will have your children protected and your new television secure. For the people who want to set up a high-tech home monitoring system all by themselves, there are options if you are inclined."
And while taking individual action with these kinds of tools to help protect your home and devices is important, it's clear that regulation at the governmental level is necessary as well. Each day is another day that we're getting more and more behind in proactive cybersecurity regulation as our digital technology continues to advance in complex ways that we are not prepared for.
Consider the newly emerging technology of quantum computing and how it will essentially make defensive cybersecurity methods that use standard encryption (hint, that's most of them) completely obsolete.
Currently in the cybersecurity regulation landscape are major privacy acts that stand out as examples for the global community, and foreshadow the future of widespread cybersecurity regulation in the U.S.
Privacy acts are where it's at for current regulation with the California Consumer Privacy Act (CCPA) and the European Union's General Data Protection Regulation (GDPR) as global models.
Image Credit: Pixabay.com
The GDPR is considered the most rigid set of privacy laws on the globe. Violation of any part of the act promises to dole out the harshest of fines up to tens or hundreds of millions of dollars.
A violation may constitute anything that falls within the categories of a confidentiality breach, availability breach, or integrity breach.
The GDPR tends to hit businesses, especially small businesses, quite hard. Offering something as simple as non-GDPR-compliant downloadable invoice templates is an invitation to violate the new regulations without even realizing it. If you are not careful about the personal data you collect on each invoice, you could be in jeopardy of violating the GDPR.
The CCPA essentially puts the control of data back in the user's hands, also promising stricter punishment for organizations that choose to not comply. The CCPA has been compared to the GDPR in terms of effectiveness and is expected to serve as a model for the future of federal regulations.
The primary federal privacy protection acts in place include the Computer Fraud and Abuse Act (CFAA), which lays out both civil and criminal penalties for cybercrime; the Health Insurance Portability and Accountability Act, also known as the last page on a doctor's office clipboard that we all sign without much ado; and Gramm-Leach-Bliley Act for financial institutions.
Now it should be noted that following these regulations flawlessly gives you only the bare minimum of security and is by no means a cure-all for potential threats. These are meant to be based standards by which we live our lives and transmit our data, and it's up to us as responsible citizens, employees, and employers to utilize additional safeguards.
But unfortunately, chances are we're not going out of our way to learn more about safe and secure practices. We'll wait until we're personally affected by the loss of capital or stolen identity because our attention span only has the capacity for immediate danger, thank you very much.
We've covered healthcare, finance, and government. And sure, these are arguably important sectors to focus on. But industries that center around the internet, such as ISPs and software companies, are not heavily regulated. They can store, sell, and analyze your data in any way they deem necessary if you've signed your life away by checking the terms and conditions box that many tend not to read.
The future of regulation will need to tackle effective ways to resist instances of unsuspecting consumers being victimized by weaponized personal devices due to creative cybercrime hacks, such as botnets, networks of computers that have been targeted by a remote user and are subject to their most devious plans.
Other common hacks include browser hijacking which is more common than expected as they are used in tandem with free applications and appear harmless. Meanwhile, someone somewhere is installing copious amounts of malware on your precious machine. We can't afford to approach cybersecurity the way we half-heartedly approach everything else. This is a problem that requires an immediate action plan and time spent educating the public.
Combating a threat that we can't perceive nor predict is at face-value a losing battle. But the last thing we should do is accept defeat. Federal regulations and regulations at the state level will need to up the ante and institutions both public and private will need to invest in the development of consistent public education around cybersecurity.
(Devdiscourse's journalists were not involved in the production of this article. The facts and opinions appearing in the article do not reflect the views of Devdiscourse and Devdiscourse does not claim any responsibility for the same.)