This year has been one that many people have been looking forward to forgetting. It's one of those 12-month-long stretches that has been witness to a seemingly endless stream of bad news. Sure, for some of us, there may have been moments of euphoria akin to what the double-rainbow guy must have felt back in 2010 when he was hanging out on the front porch of his house near Yosemite. (If you don't know to what I'm referring, check out the YouTube video here. It and the Winnebago man, yet the basis for another viral video, still remain my go-tos when I'm due moments of levity.)
After his few minutes of fame – with his video making it to Jimmy Kimmel Live – double-rainbow guy explained in yet another video what was behind his raw, public emotion: namely, he felt that his house with its surrounding farm and other self-sustaining attributes was like Noah's Ark. I sit here recalling this because I'm feeling like after all of this year's happenings in information security, we may need to start building one ourselves. I mean, the plethora of cybersecurity-related incidents and the still-emerging details of other state-sponsored cyberattacks being released should see all of us voicing earnest concern. No, we're probably not at the ark-building stage of worry, but still, we should be paying close attention to this year's many alarming cybersecurity attacks and their implications for the wider country and world. They should see us taking appropriate actions to protect ourselves, our businesses, our overall economy, government and, certainly, the country's democratic processes (such as they are) and independence.
Of course, for those of us who have been involved in this arena for 20 years, much of what's currently happening lines up with expectations. That is, when we've now seen some of the largest data breaches in our history take place or we've witnessed vulnerabilities in IoT devices being harnessed to set off waves of DDoS attacks against Dyn DNS (that took down well-known businesses), many of us will say to our non-technical friends, “We knew this was coming,” or “We warned you guys.”
This also applies to still unfolding details of Russia reportedly influencing presidential election results by breaching Republican and Democratic systems to systematically release information to harm the chances of a Democratic win or to undermine Hillary Clinton had she won the Oval Office. Indeed, intelligence officials from the CIA and NSA even have identified Russian officials who they believe are responsible for the hack, but these have not been made public, according to reports from the Washington Post and New York Times. Whatever the findings end up being, that U.S. intelligence officials reportedly are stating with “high confidence” that Russia made covert moves to promote Donald Trump as president is a grave and sadly not far-fetched scenario.
No matter one's political leanings, supposed actions by a foreign entity to meddle in a U.S. election should give us all pause. This, along with the Dyn DDoS attack or news of children's IoT-connected talking dolls from Genesis Toys and Nuance Communications using companion apps to request access to the host device's storage, mic, camera and more without parental consent, shouldn't prompt us to finalize our ark-building plans. Rather, corporate and government leaders, along with average Joes and Jills, must give cybersecurity initiatives and the professionals in our organizations and the wider nation touting them more than just a listen and nod of agreement. (Think of the 90-page “Report on Security and Growing the Digital Economy,” from the president's Commission on Enhancing National Cybersecurity, that pushes for greater cooperation among private citizens, businesses, academic institutions and the government as just one recent example.) Too many are doing little to nothing to address security needs. Continuing to simply ponder the many challenges we face is now just lame, lazy or dumb. Actually taking some real action in terms of investment, training, executing and then upholding impactful strategies and tactics is where we all need to be – whether we're talking private companies, households or federal halls.
Yes, when considering the state of cybersecurity in this country, some of these last 12 months have been pretty painful to endure. But, with realistic states of mind, proper attention, working partnerships and the actualization of some well-thought-out plans, we could see a few double rainbows of our own… OK, yeah, that is totally too Pollyanna a thought, so let's just say, we might see fewer squalls, typhoons, dust devils, blizzards maybe, or…
Happy Holidays, everyone, and fingers crossed for a more cheerful, safe and secure New Year.