A clear and present danger

In the few minutes that it takes you to read and think about this Op-Ed, several million cybersecurity attacks will have taken place from around the globe.  For every minute of the day, 500,000 hack attempts happen in cyber space globally.  These attacks result in major breaches for companies and organizations large, medium and small and include some of the biggest corporate names on the planet including the federal government.    

President Obama declared cyber security threats a “national emergency” and proposed a budget of $14 billion for cybersecurity initiatives.   FBI Director James Comey has said “There are two kinds of big companies in the United States.  There are those who’ve been hacked…and those who don’t know they’ve been hacked.”  The F.B.I. now ranks cybercrime as one of its top law enforcement activities.  With the new Trump Administration transitioning into power, cybersecurity is certain to remain a national priority.  


Nation states, non-state actors, hacktivists and cyber criminals lurk in the shadows of our daily lives and seek to do us harm each and every day.  They break into our homes, our offices, and our personal lives not by picking locks or kicking down doors like the old days, but by invading our computers with malicious codes and hacks.  It is a problem that hovers over our economy like a dark storm cloud. 

Cybercrime costs the global economy more than $400 billion each year and is increasingly a “clear and present danger” to our way of life, with the U.S. being the hardest hit nation from cybercriminals.  The average cost of a computer breach for U.S. based companies is now $6.5 million, well ahead of the global average.  Even more alarming is the growing skills gap in cybersecurity – there are too many threats and too few cybersecurity professionals to defend against them.  There will be an estimated shortage of two million cybersecurity professionals by 2019 making education and training a top national priority.   

With a growing skills gap, cyber-attacks on the rise, and the United States continuing the transition to Europay, MasterCard and Visa (EMV) chip technology, cybercrime is very much a threat to our way of life and the global economy.  How we deal with it now will greatly impact the world we live in tomorrow.     

Amid all the doom and gloom – there is good news and reason for hope as we consider the future of cybersecurity and look for ways to stop the bad guys.

The good news is we know what works and what does not.  A 2015 report by Verizon contained a startling fact – 99 percent of all the breaches they reviewed in the past decade were entirely preventable with existing standards and technology.  The problem is not the lack of standards or inferior technology – the challenge is the perpetual need for constant vigilance and training.     

A startling report conducted by Trustwave exposed that the most popular numeric password used by the American business community is 123456.  Amazingly, the word ‘password’ remains one of the most commonly used passwords.  It wouldn’t take a very sophisticated hacker to crack that code!  As is often the case, common-sense security efforts applied diligently, can stop most cyber- attacks.  While no security system is perfect, companies with good habits backed up with an approach to protecting data that includes people, processes and technology stand the best chance of protecting their customers.  

The best way to tackle the problem of cybersecurity breakdowns is to change the way we think about security.  This will not be easy, change never is, but it has to happen in order to turn the tables on the criminals who make breaking into computer systems their life’s mission. 

For some, cybersecurity is “a box you check”. This kind of thinking is a major problem.  Data security cannot just be a “box you check” once or twice a year when your security systems are being reviewed.  It has to be an all-day, everyday priority.  Protecting data is no longer a simple task that companies can just leave to the IT Department.  Organizations that fail to make data protection an everyday priority will be easy targets for international criminals who spend all day, every day, looking for soft spots in cybersecurity systems.           

Fortunately, the winds of change are producing a culture where data security is now becoming a corporate leadership issue.  CEO’s, Boards of Directors and corporate executives are coming to realize that data security is job security.  Most American companies now get it and are dedicating more resources to cybersecurity and making it a greater internal priority.   

Despite our wishes to the contrary, no one single technology is the answer, it is important for American businesses to prioritize strong security principles by maintaining a multi-layer security approach that involves people, process and technology working together to protect consumers.  We cannot fall into the trap of thinking there’s a silver bullet or just a box to check.  Vigilance around data security must be an everyday priority.   

The time for finger pointing has to end because global alliances and partnerships between the private and public sector provide the only path forward to creating cyber security in the 21st century.   

Stephen W. Orfei is General Manager of PCI Security Standards Council and William S. Sessions is the former director of the FBI.

The views expressed by authors are their own and not the views of The Hill.