As you might have heard, the 2018 United States midterm elections are just around the corner. While the intelligence community have unequivocally stated that foreign cyber-influence has posed and continues to pose a risk to US elections and national security, there doesn’t seem to be a united front to reflect the seriousness of this threat, both in public life and in private business.
There is little doubt, as per the intelligence community, that the US is under a constant stream of cyber attacks by Russia and other foreign entities. Whatever your politics, there is clear evidence that the cyber threats, aren’t just real, they are ongoing. Besides public institutions, there are constant attacks on devices, systems, infrastructure, companies and individuals via ransomware, targeted phishing, and compromised data.
Of course, this isn’t only an American problem. It has had dramatic consequences on a global scale. But the current lack of cohesiveness in American politics, as well as a pivotal 2018 midterms (with possibly heavy stakes for the many global geopolitical players) makes it ripe for a wild ride.
Political Espionage Making Crazy Headlines
Microsoft recently discovered phishing attempts on three congressional candidates, without saying for which party they were from nor where the attacks originated. They did say that (thankfully) the targets did not share critical information. A separate report by the Daily Beast indicated that Senator Claire McCaskill was one of the targets, and that the attacks was carried out by Russian intelligence with a phishing email.
Facebook announced it’s own findings on election interference, saying that they’ve already uncovered complex efforts to influence the 2018 midterm elections that could be part of a disinformation campaign, yet have not placed the blame on any state sponsored actors, as of yet.
A report by Positive Technologies found a 32% increase in year over year cyber security incidents, including a 75% jump in malware, driven heavily by increases in spyware and government targeting.
Yet, in this crazy environment (yes, crazy even for cyber security) we are seeing senior FBI officials quitting their cybersecurity positions, while the position of cybersecurity coordinator on the National Security Council was eliminated. According to the NCC, this doesn’t reduce the importance of cybersecurity, but it appears in stark contrast to the common sense approach most organizations are taking in increasing the prominence of their cyber security staff.
And of course, Russian President Putin proposing a joint Cybersecurity group takes all the cake!
Plenty of Problems, And Not Enough Money
Yet amidst all this, it doesn’t even seem that individual States know how to protect themselves. They don’t understand the threats, and that makes allocating and demanding resources pretty challenging. 75% of federal agencies were found to be vulnerable to cyber threats according to the Office of Management and Budget (OMB). Why? Not understanding cyber security risks make it really hard to defend against them.
As Christopher Krebs, the undersecretary of the National Protection and Programs Directorate (NPPD) said in an interview with The Hill,”rather than just say, ‘We need money, give us money,’ it’s, ‘We need X amount of money to address X threat and find out X amount of risk,'”
Overall, it is not looking good.
Buy Cyber Stocks?
Goldman Sachs is recommending buying cybersecurity stocks and ETFs ahead of the 2018 midterms. They suggest increases in spending will result from attacks on America, and as is often the case, when breaches and attacks make headlines, stock prices tend to rise.
This is on top of cybersecurity being considered a “secular long term growth trend”, which is stock-speak for “it’s going to go up no matter what”. That’s where our understanding is on how significant the problem is. We know that cyber security is going to be increasingly demanded due to increasing threats. Yet, on top of this is how insignificant the effort to address cyber security seems to be.
It’s Pretty Wild Out There…
What kind of stories are going to get swept under the rug in the midst of all of this? Are there other cybersecurity events that don’t make huge headlines, but may have a bigger impact on everyday life – whether it’s at work or elsewhere?
There are positive signs. Operation Wire-Wire was a drop in the bucket, but an indication that the FBI is taking cyber-assisted fraud seriously. Ransomware might be declining (only it is being replaced by cryptojacking). US Attorney General Jeff Sessions does seem to talk the right talk on cyber crime, however the sense of gridlock and inaction in the US Federal Government seems to be working against unified progress on this front. The World Economic Forum’s establishment of The Global Centre for Cyber Security is a bright step forward.
This Centre is an indication that cyber risks and threats are top of mind for some global leaders, but with the current state being a lack of unity, cooperation and focus, the only fact that seems to be clear is this: the next few months will be pretty wild.
Leave a Comment