Russia’s Cyber Threat Was Incomprehensibly Underestimated. How You Can Use Technology to Not Get Caught Flat-Footed Again
In the weeks after the 2020 presidential election, cyber experts largely waved to the crowd as they took a winner’s lap around the cyber racetrack.
Driving the vehicle, the head of the United States Cyber Command told reporters he was “very confident in actions” taken against adversaries “who tried to interfere in our elections.”
“We’ve broadened our operations and feel very good where we’re at right now,” he told journalists.
In February 2021, cyber security officials acknowledged a massive year-long hacking of thousands of federal agencies and businesses in the United States. A foreign government, most likely Russia, is the culprit. China, Iran and North Korea may not be far behind in such an endeavor.
The situation reminds me of the 9/11 attack on the World Trade Center in New York City.
Two months prior to September 11, an FBI agent reported Arabs linked to a London fundamentalist group were attending flight schools in Arizona. A quick investigation showed they:
- Paid cash for the lessons.
- Wanted to learn how to pilot Boeing 757 and 767 aircrafts.
- Showed little interest in the sessions that involved taking off and landing.
The agent suggested a national sweep of such schools for possible terrorists. His superiors declined to investigate the situation.
After the painful lesson of 9/11, we saw a tipping point — a moment in time when everyday things reach epidemic proportions.
Managing terrorist risk evolved into a colossal and coordinated international effort. All hands on deck. Sophisticated communications. Continuous monitoring.
At least two experts on cyber risk believe the 2020 Russian hack will start a similar tipping point.
Scott Kannry, CEO of Axio Global, said: “Everything has changed. Risk managers, insurers, and reinsurers cannot make sense out of cyber security using approaches mostly geared towards getting deals closed. They need actual understanding of what is at risk and how should it be managed.”
“There’s been an awakening in the last six months. Previously there was little interest in technology that helped assess a company’s risk of cyber-related breach. Now it’s a must-have,” added Bob Morrell, CEO of FortifyData.
What does it mean? First, let’s applaud the people at the table:
- Information technology professionals working hard along with cybersecurity experts to thwart systems disruption.
- Corporate and government executives providing resources to detect vulnerabilities and recover quickly from unforeseen cyber events.
- Risk managers coordinating efforts to build “walls” and “doorways” that control entry into electronic systems.
Now, let’s encourage them to work together addressing the points made by Kannry and Morrell. We can achieve a tipping point when our cyber security efforts are:
- Complete. Built on a structure that contains all linked computer and communication systems.
- Customized. Match best practices in detection, prevention and removal to each unique operating environment.
- Communal. Meet the needs of managers, staff, suppliers, customers and other stakeholders.
- Continuous. Operate 24-hours a day.
The only thing we’re missing is timing. When should we build it?
The answer is obvious.
Our victory drive around the cybersecurity racetrack was premature. Our cyber vehicles are not the fastest on the track. They break down in the heat of competition.
Let’s go back into the garage and fix the problem. &