What was the No. 1 risk to markets in a recent study by the Depository and Trust Clearing Corp.?
Actually, it’s No. 4: the threat of a cybersecurity attack.
It’s such a big issue that Forbes no less published an article on 2019’s top 60 cyber concerns—a list so vast it just goes to show you what happens when you pay authors by the bullet point.
It does, however, beg the question, why is cybersecurity the biggest risk?
Here are six reasons:
1. There’s a lot more stuff to worry about. A few years ago, the top cybersecurity targets were (in order) servers, personal computers, and networking equipment. Today we have something called the “internet of things.”
From outlets controlled by Alexa to the latest high-def curved 4K TV, these devices are controlled by small computers which can be taken over and even repurposed (so that innocent-looking internet-connected radio could be reprogrammed to attack the power grid while ironically playing “Dancing in the Dark” in an endless loop.)
The growth of these devices has been staggering as well, increasing from 15 billion in 2015 to more than 26 billion in 2019.
2. Some of that stuff is critical. Take your car. Starting my first car—a 1975 Ford Maverick (don’t judge)—required having a can of starter fluid and a screwdriver. A successful start meant I drove off with my eyebrows intact.
In contrast, today’s cars have electronics packages that are tightly integrated into every function of the vehicle. This isn’t just the radio either. Computers factor into such necessities as the braking system.
3. Terrorists or rogue nations may do us harm. Most hackers are in it for the money. They’re not rewarded for doing harm intentionally or inadvertently, but by stealing information, getting access to funds, or ransoming your pictures. But others out there may have very different intentions.
4. Mobile makes hacking easier. While 4G and newer 5G mobile networks are fast enough to watch the latest Netflix movie with little buffering, this comes at a price—besides the second mortgage you took to get the phone.
Namely, some of the inherent protocols in these cell networks which allow us to both browse data effortlessly and drive around between cell towers talking to grandma, make for a system ripe for exploitation.
5. Artificial Intelligence (AI) cuts both ways. There isn’t a technology vendor today that doesn’t slip “AI” into their presentation. (Fun game: At the next pitch you attend, yell out “Is there a problem in the AE-35 unit?” every time the salesperson mentions AI).
A primary area of interest for AI technology is cybersecurity: using computational power to recognize and react to larger patterns. This allows an organization to preempt attacks before they start.
The problem is, the bad guys also have access to some of these AI tools. Anyone for the rise of the robots?
6. Protection is piecemeal. There is no single regulatory standard for protecting data and systems in the U.S. We have the Gramm-Leach-Bliley Act which covers financial institutions, the Payment Card Industry Data Security Standard which covers aspects of merchants, and “Hope Really Is a Strategy” for just about everyone else.
That said, some states have implemented their own standards which, while helpful to a point, has scrambled the requirements, especially for multi-state organizations.
Cybersecurity is like buying a car: You can order the basic model (it just has brakes) or go for the luxury version (airbags, radar, crash prevention). Unfortunately, the one most likely to be hacked is the one with the lowest level of protection.
And once it’s compromised, it might not stay in his lane. That’s bad news on the interstate.