The Never Ending Increase of Severe Cyber Attacks.
On May 7, the system of a Southeastern American pipeline was struck by ransomware, a computer virus that encrypts the computer’s entire storage and turns it hostage. The virus’s creator will only allow the users to restore their data upon payment of a (pretty large) amount of money. In this case, it was 75 bitcoins, that is, 4.4 million dollars.
Last week, a group invaded the servers of EA (Electronic Arts), one of the largest game publishers around, and managed to steal about 780 GB of data, including source code and assets of games yet to be launched, such as FIFA 21 and Battlefield 2042.
Not to mention that database breaches are becoming ever more common. Recent large and famous leaked data include information of 500 million Facebook users (April 2021), 2.3 million Indonesian citizens (May 22, 2020), 6.9 million Dutch citizens (March 11, 2020), 220 million Brazilian citizens (January 2021), 250 million support records from Microsoft (January 22, 2020), among many, many others.
We have a problem
For most companies, even tech companies, cybersecurity has always been a secondary matter. Many more investments were made in physical security (such as implementation of security systems in company headquarters) than in securing their servers and terminals.
And that is because hacking wasn’t such a common problem for a long time. It used to be very difficult to manage to learn how to crack open databases and invade server farms. Companies would suffer breaches only when they didn’t take simple measures such as encrypting their databases. The main problems were dealing with software and hardware cracking/jailbreaking, like those that happen to the iPhone (remember GeoHot?), game consoles and PC games.
Now, however, there are thousands of internet forums and groups dedicated to cracking software and doing malicious hacking, everywhere in the world, and those guys even manage to crack especially difficult anti-piracy software, such as the famous Denuvo, in a matter of days. There are reportedly even military hacker armies in some countries, such as Russia, Iran and North Korea.
Better late than never
With the rise of data breaches, many measures came forward in order to try to prevent more of them. On one side, large tech companies started investing in cybersecurity, and some cybersecurity startups and products started to come up left and right, such as Cloudflare, ThreatLocker and VPNs. On the other side, it also caught the attention of governments everywhere, leading to the creation of General Data Protection Regulation (GDPR) in the European Union, which then became a model for data protection laws in other countries. So, if getting the bad fame of having your data breached wasn’t enough incentive to invest in cybersecurity, a big enough fine accompanying it probably would be.
So now, of course, every company out there is scrambling to catch on to the hackers and protect their servers, terminals, and whatever kind of software and hardware they have that is connected to the internet – along with measures to prevent other kinds of data breaches, such as break-ins and social engineering (ever watched Mr. Robot?).
However, creating effective cybersecurity is pretty hard.
You see, you can’t major in cyber security awareness, for example, nor do any kind of specialized course focused on it. There may be one or two courses on it during a major in Computer Science, or maybe just a lecture. If you’re lucky, maybe there are graduate programs on it.
Hacking, and by extension cybersecurity, is still more of a craft: you have the masters, and you have the apprentices learning from them. It is a very secretive endeavor, and you have to know your way around the deep web in order to learn more. And that means putting yourself at risk: if those guys can play around with huge tech companies and government databases, they can just as easily find out who you are if you take a step in the wrong direction.
So, cybersecurity is in high demand – but the supply of good white hat hackers is still far from enough. Meanwhile, the black hats are thriving. How do you think this is going to end?