By Mark Schaefer
Research shows that the most popular blog posts are positive and uplifting with lots of high energy words. This is not one of those posts.
I don’t know if you can make a point about cybersecurity in this world with a sunny disposition but this has been on my mind and I need to write about it.
I recently had lunch with a friend who is an international cybersecurity expert. It is not a field I normally dwell in, but some of the comments he made to me plucked my head out of the sand …
- “Once you see what is really happening on the internet, it is terrifying. It has changed me as a person.”
- “We are fighting a losing battle. For every one person trying to protect our businesses on the internet, there are 800 trying to destroy it.”
- “Many people think of the internet as baby pictures and funny videos. Imagine the most threatening monster you can dream of. That is the real face of the internet and the picture you need to have in your mind.”
- “A friend asked me if Russia would hack his small business. Hell, China and Russia are hacking this restaurant right now. They’re pinging everything trying to find vulnerabilities they can exploit.”
- “We are not ready for the Internet of Things. It is coming faster than we can handle because every new connection is an entry point for hackers.”
The easy life of a hacker
Like you, I am blissfully ignorant of these internet realities. I LIKE baby pictures and funny YouTube videos and I really don’t want to think about this stuff. At all.
But I am also a realist, and a business professional, and here is the conclusion I’m coming to. We need some sort of government regulation of internet security.
I just felt the cumulative cringing of all my readers, but hear me out and then slam me if you like in the comment section!
The biggest cyber-security problem is that there are no minimum internet security requirements and most people don’t care. It’s easy to be a hacker because we just let them in.
A young man recently told me that his entire apartment building uses the wifi from one resident because it is not passcode protected. When he got into an argument with that neighbor, he simply accessed the router and changed the password to lock him out of his own network. You can see why there needs to be some sort of minimum security applied to these appliances before they’re activated. It would be like getting a driver’s license for the internet.
Cybersecurity is not just a problem for dumb and careless people. I recently learned about a Fortune 500 CEO who had his entire company email inbox downloaded by a Chinese hacker. His company supplies the U.S. defense industry.
Now, multiply this kind of vulnerability times millions of people and millions of businesses and trillions of emails and spreadsheets and contracts.
We can’t stop hackers. But can’t we stop making it EASY for hackers?
The internet is a public utility
Every country has very strict regulations on companies who care for the water supply, air traffic control, electrical transmission, and the construction of roads and bridges. Without the highest standards in these areas, the economy could collapse and people would die.
The internet is the backbone of the First World economy. Shouldn’t this utility be protected with the same rigorous scrutiny?
It is a real dilemma because the beauty of the internet is that it is not regulated. Just combining the words “internet” and “government” makes me a bit nauseous. I don’t think there are more than a handful of U.S. legislators who even know enough about the internet to ask the right questions, let alone recognize the severity of the risk.
A new mindset
When I was in the corporate world, our customers required that our manufacturing facilities become ISO 9000 certified. This is a demanding quality standard that came at a very high cost. And yet once we achieved it, our customers felt more secure — and it even turned into a marketing advantage.
There are now ISO standards for cybersecurity, but there’s a big difference. In the manufacturing world, you maintained quality by minimizing change and production fluctuations. The internet is unpredictable and changing in the moment. It’s a complicated problem.
ISO is also an optional program and it’s not likely to be employed by small businesses with limited resources. Isn’t it time for some sort of minimum security level mandate to protect the most vulnerable businesses?
During my lunch meeting, my cyber security friend told me a story about a friend who had to re-build his small business after a cyber attack. The strongest cyber security measures possible should not be inaccessible to everyone.
As I go around the world and talk to executives about business, internet safety is always named as their number one threat. But it really isn’t even at the top of the national political agenda. Why?
Illustration courtesy Flickr CC and The Heiser Project