The world has turned. Corporate boards everywhere are suddenly demanding top-priority attention be given to the now-soaring business risks from cyberattacks. Over the past few months – virtually overnight in today’s era of instant everything – the rules and risks of living in today’s digital-powered environment have changed forever.
I forewarned of this looming eventuality in my September 7th, 2013 post, “Will 2013 be the Year Cybersecurity Crashes the Party in the Boardroom?”
Less than a year later, predictions have become reality.
The handwriting had been on the wall. During the Creation Era of the Internet, a period ranging from the mid-1990’s up until the recent cyberheist of Target, almost all military weapons systems, corporate R&D, and financial, medical and customer records became digitized; web sites were designed and constructed for ease of information availability; and government, corporate, and national infrastructure networks were linked to the Internet for open access.
The only thing missing? Attention to security. As the most Internet-dependent nation on the globe, America became the world’s most valuable target.
The Stage Was Set
The stage, with all of its players, was thus set for cyberespionage, cybercrime, and the early stages of cyberwarfare to begin.
The official start of the Second Internet Era began with the Target attacks, where 40 million customer credit card records and some 70 million personal records were stolen. With losses from attack recovery mounting rapidly, customer retention and revenues in a downslope, profits collapsing, and a growing pack of lawsuits threatening major financial litigation, the board of directors insisted on the ouster of the company’s CEO and top two IT executives.
The era continued as storm-class cyber breaches swept across America: 1.2 billion customer records from 420,000 websites; 25,000 classified employee records from the Department of Homeland Security; and 4.5 million patient records from the hospital chain Community Health Systems, the largest theft of customer information ever reported for a publicly traded company.
If there was any remaining doubt about the Second Internet Era beginning, the final blows came on August 22nd with the U.S. Secret Service fraudulent payment systems unit announcing that Target-style attacks had been repeated on an estimated 1,000 additional organizations, and on August 27th with the news of cyber breaches at JPMorgan Chase bank and other major U.S. financial institutions.
Cybersecurity Gold Rush
Within a nine-month period, the new era of Internet security has begun. Executives and corporate board members suddenly went from having an anecdotal interest in cybersecurity to insisting it be a key item on the business agenda.
With this newly awakened interest in cybersecurity, it became evident that the majority of U.S. businesses either had not installed cyber intrusion protection systems or that such protections were not working properly. Further, by far the majority of the companies penetrated and experiencing data loss had no idea the attacks were going on.
Suddenly, the rush was on. Cybersecurity protection and software firms found demand for their offerings soaring. Cybersecurity merger and acquisition levels, as reported by accountancy Ernst & Young, hit new highs in the first six months of 2014.
Those organizations looking for protections from the U.S. government found little. The Department of Homeland Security is responsible for protecting civilian government facilities, and the U.S. Cyber Command for military organizations. Meanwhile, the private organizations (that also hold responsibility for 75 to 80 percent of the nation’s critical infrastructure, such as the power grid) are on their own.
In a world of cyberwarfare where there are no governing international laws, no standards of conduct, and no accepted norms of retaliatory response, the United States today finds itself a prime target, wide open and lacking defenses, an emperor without a robe.
The full story of this second era of the Internet is now being played out and written. The saga of the third era most certainly will follow, but America must get through the second era first.