But no matter what you call it, there’s no doubt that American industries seriously lack attention for the threats posed from cyberattacks. I saw it at the AIAA aviation convention and am seeing it again at the Association of Emergency Managers: scant attention to the risks of cyberattacks.
But attitudes are changing. I predict 2013 will be recognized as the year that the chickens came home to roost, the year corporate executives recognized that continuing to ignore cyber threats would expose their organizations to growing operational, legal, and customer loss risks.
Why the sudden recognition? Strong pressures came into play during 2013, which acted as a form of shock therapy that forced executives into action.
What were these pressures? Let’s take a look at three:
- Edward Snowden. The former NSA contractor who’s been publishing stolen top secret documents on America’s military use of cyberspace did more to publicize the use of cyber weapons than any leak in history. As a consequence, the NSA was forced into numerous Congressional testimonies on America’s cybersecurity programs, opening the public’s eyes on the cyber risks facing the U.S. Cybersecurity has since remained a top for the daily news cycles.
- Increased cyberattacks. Throughout 2013, major banks, national defense firms, stock exchanges and other private and public organizations felt the brunt of increasingly frequent and severe cyberattacks. As shareholders became more aware of the cyber risks facing the companies they do business with and invest in, pressure for cyberthreat management and protection increased.
- Legal liabilities. Citibank and Countrywide Financial were forced into financial settlements with the Connecticut Attorney General for “lax protection” of their networks, which resulted in customer data theft. A settlement with the state of California is pending. The U.S. Attorney General sued Wyndham Hotels for similar lack of adequate cyber protection processes, and other lawsuits are in process.
Adding fuel to the cyber fire, the chief of America’s military cyber force, USCYBERCOM, weighed in by saying that America’s public utilities ranked about a “three out of ten” in their readiness to defend against cyberattacks.
The result of these pressures? Increase awareness for one thing, but more importantly, public and private organizations are finally starting to take action to get their cyber defense capabilities in order. Now, cyber IT specialists are seeing their pay soar high above their IT peers, companies are finding it increasingly difficult to hire good people at any price, and well-funded technology startups on the search of improved cyber defenses are proliferating.
The Worst News is Yet to Come
Awareness is one thing; preparedness quite another. A lag clearly exists between cyberattack threats and organizational defense capabilities. If 2013 is a transition year in awareness, American organizations are in catchup mode.
Such a “tipping point” will produce increased cyber defenses, but the lag to develop and implement these defenses means our computer networks could remain vulnerable for two years or more.
Rudy Giuliani’s website frames the risks this way: “With cyber warfare a new global reality, companies and organizations are facing an ongoing and very real threat to their future that could cripple business and international financial systems.”
For unprepared CEOs facing government action, shareholder and customer unrest, and potential major disruptions in business operations from cyberattacks, I would be very, very afraid of what lies ahead.
("Empty Meeting Room" image: sixninepixels/FreeDigitalPhotos.net)