Narrative – The Future of Cybersecurity

Cyber Security Privacy, Information Privacy, and Data Protection in High Technology System. Businessman touching hologram screen to protect data from cyber attacking. Business and Network security concept.

Overview
The susceptibilities of our international industries are severe when it comes to cybersecurity, as greater use in technology presents an issue for privacy and data security. The uptake in cybercrimes has exposed substantial amounts of information to hackers; as data continues to be collected by unsecured companies, cybercriminals will persist in these attacks, as the collection of more information and money becomes great in gaining power. With the United States FBI concluding there was a 300% increase in cybercrimes since the start of the Covid-19 pandemic, cybersecurity measures will have to find ways in order to become more effective and individuals will have to immediately gain a greater understanding of the topic as the lack of knowledge results in further data breaches and attacks in the future. To take the correct preventative measures for cybersecurity, it is important to look at some of the most targeted areas: small businesses, healthcare, government agencies, financial institutions, education, and energy and utility companies. What will be their strategies going forth? How will they implement more cybersecurity workers in their entities to combat different obstacles?

Small Businesses
Small businesses are one of the most heavily impacted areas when it comes to cybersecurity, as many small companies are unable and unwilling to allocate sufficient funds to these areas or they are not trained/educated on the subject; these two reasons makes them such easy targets. Other factors that make them so worthy of hacking is the ability to gain important employee and customer information such as records, bank account information, and financial access to the business itself. It is usually assumed that threats on small businesses can originate outside the company, but this is not always the case as some businesses can be subject to internal threats. Typically, the attacks come in the form of phishing, malware, viruses, or ransomware. These types have also been popular when focusing on specific individuals, as hackers often assess the vulnerabilities ahead of the attack.
Businesses need to become prepared for any circumstance, which can be developed through cybersecurity training; but, it is recorded for small organizations that close to “43% do not receive regular cybersecurity training and 8% have received no security training whatsoever.” As threats are on the rise, businesses need to learn more about this topic in order to save their livelihood. What could be done going to tackle this issue in the future as only 14% of small businesses are prepared to be on the cybersecurity defense?

Be better prepared to analyze phishing schemes. Going forward, business owners and their employees must gain insight on how to spot a potential phishing attack to better protect their data going into the future. Do not open any links or attachments as this action could grant the hacker access to all of the files and documents of the company. If an individual chooses not to educate themselves and others on phishing, that person will put themselves in the way of many compromises; examples of phishing effects that can jeopardize them include deactivated accounts, compromised credit cards, and transferred funds.
Safeguard connections to all of the company’s networks. How should a small business take steps to protect these networks and platforms? They could utilize firewalls, create for remote employees “a business-grade connection to their home offices”, and use a secure router for the WIFI connection.
Make employees communicate through secure messaging apps, such as Signal or Wire, that utilize proper encryption for optimal protection of data, especially beneficial for a small business.
To combat internal problems with employees, limit their ability to gain important information and data within the company. This could be completed by having multi-step passcode authentication or utilizing facial recognition. These practices could lessen future complications with workers in the future if a strategy is implemented early on for a small business.
Determine a system for automatic backups. Whether a company stores everything on the cloud, which presents its own set of problems if unsecured, or completes a backup with another system, a small business could be evidently saved if they allow for their files to be stored in another location or backed up.
Focus attention on the various government resources for cybersecurity. Although a company should not strictly rely on the government for cybersecurity help due to many government officials being unaware of the global problems of cybersecurity, taking advantage of the government’s assets could help guide the small business on where to direct their time to cybersecurity. In the United States, some resources include the NIST Small Business Cybersecurity Corner, the FTC Cybersecurity for Small Business, and the National Cyber Security Alliance (NCSA) & Medium-Sized Business Resources.

Healthcare
The healthcare industry has gone through many problems since the beginning of the pandemic, specifically due to scheduling, supply chain delays, lack of workers, closings, and cybercrimes. Healthcare’s cybersecurity has since then been completed disrupted with over 90% of all healthcare organizations reporting one or more security breaches. All these organizations have seen hacks nearly double in recent years, they understand there is a greater problem at large. One of the most influential types of attacks on the industry is ransomware which takes the power away from the users making healthcare information become inaccessible to the users that need it most. These attacks could be costly like the ransomware attack at the University of Vermont Medical Center which was estimated to cost them close to $50 million in lost revenue because of a month-long problem.
The recent bill proposed in the United States by a grouping of bipartisan senators focuses on tackling cybersecurity in healthcare directly. Especially with the impending destruction of Russian cybercriminals, the administration worried about the effects it could have on public health centers. Not only could the possible threat impact the healthcare United States citizens receive. but also it could drive up the existing high prices of healthcare, making it less attainable for lower-income families. The Healthcare Act associates the over 1,000,000 million people impacted by data breaches in 2020 with the need to develop solutions in the government. The Healthcare Act requires collaborative efforts made by the Cybersecurity and Infrastructure Security Agency to mitigate future attacks and pull together resources to share with those in healthcare for the development of products to fit definitive needs.
By 2032, the American Association of Medical Colleges anticipates a shortage of 122,000 physicians, which can be associated with the large percentage of the population being over the age of 65. Additionally, “the country will need more than 200,000 new nurses each year until 2026 to fill new positions or replace retiring nurses.” With the clear shortages in this field, more hacks might be directed toward the healthcare industry over other types of business. Hospitals will need to allocate their funds towards the staff shortages rather than directly to cybersecurity efforts. It appears until more people re-enter this area of the workforce, the problem of cybersecurity will remain throughout the healthcare field even through the efforts by the United States government.

Government Agencies
Government agencies have been trying to help different areas fight cybersecurity, but they have their own set of problems that raise concerns. They are the top target for cybercriminals and will most likely continue to be as the war with Russia and Ukraine prevails. Due to the highly confidential information they hold combined with the vast deal of personal data they connect, government agencies have been known to have many costly hits over the past couple of years, especially because of ransomware. Many individuals find it concerning that the government, the sector of our society people look to for answers, does not have the most reliable solutions in place to mitigate these attacks; others are hopeful that the executive order set in place by President Biden will enable the U.S. government to get even more involved on this topic. In the past year, the Alejandro Mayorkas who was the first immigrant and Latino Secretary of Homeland Security, and his office have been circling in on ransomware, the cyber-workforce, industrial control systems, transportation, election security, and international security, but it is evident that the actions are not enough. Having cyberwarfare pose as a great threat due to the vast number of professionals to complete these attacks in other countries like Russia and China, the United States is behind on its attempts to lessen these strikes and needs to allocate more resources to this matter.
It is not just the United States worrying about its stance on cybersecurity, as so many other nations across the globe see vulnerabilities within their current practices. Many nations hope to learn from their current problems in order to fix them in the future, but this truly is not the best strategy. The government should not just be waiting for the possibility of a future attack but should be implementing changes early on, without having to do damage control. Here is a list of some preventative measures that could be useful in the future when looking at cybersecurity:

Along with the United State’s implementation of the zero-trust strategy, it has disordered a Russian-executed bot utilized by their military before it was even able to be used. Could this send a stronger message to Russia?
In Kenya, government officials recognize the disconnect between government and private entities when it comes to cybersecurity and wants to come up with a solution that changes this for the course of the future. This detachment is key for a country to notice in order to minimize the cybersecurity impact. In a quote by Evans Ombati, the current director of Kenya’s National Computer and Cybercrimes Coordination Committee, he details his stance by stating, “we consider collaboration as a major cog in the wheel that drives our cyber resilience.”
India has decided to set up a computer security incident response team (CSIRT) to protect its power grid against future hacks.

Financial Institutions
Because of the 350,000 average exposed files that financial services obtain, it is highly susceptible to server issues and theft. The potential to gain large sums of money is attractive to future hackers, especially Russian cyber-attackers as sanctions are continuously being placed upon their home country. As technology progresses and disruptive innovations move more individuals online, the potential for individual attacks in the finance sector is also great. One cause of this is the popular usage of mobile banking; it has allowed more breaches through app-based trojans and other knock-off banking apps. As of 2021, there were 5.22 billion mobile baking users and that number is only rising in 2022. Since 2015, mobile app fraud transactions have risen by over 600%.
The trend of banks operating strictly digital has started to emerge like in Greece where the first digital bank in that country was recently developed. This presents its own set of issues along with the concept that there will not be any physical locations to go to. Additionally, to combat cybersecurity, the digital banks would need to partner with a security service or develop their own set of cybersecurity experts for the bank. From this movement, cyberattacks will start to rise in this sector.
Another trend that could weaken cybersecurity for United States banks includes the use of artificial intelligence, which is starting to emerge in every area of technology and business. Although many individuals within companies feel like AI will assist a business with help to customer support, it can also disclose vulnerabilities as pointed out by President Biden; those operating the company must not replace safety with convenience in the future. The worry is that the current state of artificial intelligence is not strong enough to fight off upcoming attacks, but as the systems start to progress, the problems with AI and cybersecurity may diminish.

Education
Due to the uptake in remote learning and more advanced usage of technology being implemented in classrooms, cybersecurity in the education sector is at high risk of malware attacks. Having very little funding to begin with, the education sector is dealing with issues involving the lack of resources and staffing shortages, so cybersecurity has not been one of its top priorities. Additionally, having unsecured networks with teachers and students working remotely can have hackers easily access data like finances, health records, phone numbers, etc. With targets to gain data from colleges and universities, espionage could be a result as research in the fields of engineering and medicine is seen as highly valuable information.
When looking to the education system to implement strategies to keep themselves safe, it is quite difficult to do because of their lack of understanding. These topics are not being taught in the classrooms so the students are unable to grasp an understanding of cybersecurity. Teachers have little to no knowledge on the matter. Also, school boards and boards of education have not found funds to allocate to cybersecurity. In the future, more hacks will be surfacing in the education sector unless individual and governmental action steps in.

Energy and Utility Companies
Cybercrimes have the potential to wreck the entire energy and utility grid of the United States and other countries, as one hack could lead to nationwide power outages. Russian hackers have recently been looking closer at energy companies in Texas to collapse systems and infrastructure in the United States. Since the southern part of the country has been dominant in the oil and gas industry, it is crucial for Russia to determine the energy vulnerabilities in Texas. What could happen if a hack occurs there? The Russian government could take control of the power grid system resulting in power to millions of Texas citizens being turned off. Many fear this could happen in the near future due to the attack on the Colonial Pipeline in June of 2021 that disrupted the entirety of the supply chain industry.
What should the government do to resolve these types of problems? The government has imposed a new bill involving the Federal Energy Regulatory Commission (FERC) which will aim to find permanent and mandatory solutions for the power, utility, and energy sectors. In order for this bill to attain a positive result, the government and private businesses would have to work together, although the energy companies rarely like any kind of government overstep or oversight into their mode of operations.