Organizations quite often spend millions of dollars on deploying various technologies on cybersecurity to defend against data breaches. Despite that, devastating hacking continues to occur. Let's not forget the breaches at Target, Sony, Home Depot, along with the recent theft of millions of dollars from a Bangladesh bank by attacking financial transaction network SWIFT and the many examples of ransomware in news headlines this year. Does it mean that the technology is not advanced enough to outwit hackers? The race between security professionals and hackers seems to be a never-ending game, and hackers are seemingly always ahead in this race.
Businesses and governments will need to relook their approach to cybersecurity in order to cope with the current technology landscape, and this may mean changing their country's legislation and law enforcement capabilities. Singapore, for instance, had been reassessing the way it addressed cybersecurity and identifying areas that needed to be tweaked, according to its Minister of Home Affairs and Minister for Law K Shanmugam. He pointed to the country's National Cybercrime Action Plan, which aimed to coordinate local efforts in deterring, detecting, and disrupting such activities. Speaking at the RSA Asia-Pacific Conference 2016 this week, Shanmugam further underscored the need to focus on prevention as well as establish a speedy and strong response to cybercrime. The local legal framework also must be able to facilitate efforts in this area, he said, adding that industry collaboration should be encouraged as the ability to combat cybercrimes would have to come from a shared responsibility.
Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required. "This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students," said Senators Edward J. Markey, a Democrat from Massachusetts, and Richard Blumenthal, a Democrat from Connecticut, who are both members of the Commerce, Science and Transportation Committee. "In this new Internet of Things era, we cannot let safety, cybersecurity, and privacy be an afterthought," the senators added. On Monday, NHTSA released a document, titled "Cybersecurity best practices for modern vehicles," that laid out the agency's "non- binding guidance" to the automotive industry for improving motor vehicle cybersecurity. Markey and Blumenthal introduced in July last year in the Senate the Security and Privacy in Your Car Act, also known as the SPY Car Act, which would direct the NHTSA and the Federal Trade Commission to establish federal standards for vehicles made for sale in the U.S. that would protect them from unauthorized access to their electronic controls or data collected by electronic systems.
For years, the US government's offensive hacking operations were kept in dark shadows, neither acknowledged nor discussed. That changed with the discovery of Stuxnet in 2010--a computer sabotage operation reportedly conducted by the US and Israel to destroy machines used in Iran's once-illicit nuclear program. Stuxnet was the first US digital sabotage operation to be exposed, but it's not the first government hacking operation ever conducted. Documents leaked by Edward Snowden in 2013 shone a light on a vast underground operation conducted by the NSA's Tailored Access Operations team (TAO), responsible for what the government refers to as computer network exploitation and computer network attacks. Those may sound similar, but there are important differences between them.
At the second annual Everything IoT Summit in Sydney on Monday, professor Jill Slay, director at the Australian Centre for Cyber Security at UNSW in Canberra, lamented Australia's lack of leadership around cybersecurity, as well as vendors overpromising and under-delivering, and urged Internet-of-Things (IoT) developers to incorporate security into the core design of IoT solutions. Currently, there are more than 8 billion devices connected to the internet globally, according to IHS's Connected Device Market Monitor, with this number estimated to grow as high as 212 billion devices by 2020. Though market predictions vary considerably -- Cisco has estimated this number is more likely to sit at around 12.2 billion -- the general consensus is that we have surpassed the "emergent" phase and that IoT will continue to grow at an accelerated pace. However, there are urgent cybersecurity challenges we need to address before we diverge further into a connected world, according to Slay, who said the growth of cybercrime in Australia has been exponential. The first is the skills shortage, she said, and as technology advances, so too does crime.