Google's Vice President of Security and Privacy Engineering, Gerhard Eschelbeck, thinks that the world needs to wake up about the dangers associated with cyber threats. In the U.S. in particular, he postulates, cyber attacks and a lack of understanding about the importance of cybersecurity put personal data, infrastructure, and even democracy itself at risk. The fact of the matter is that cyber attacks are already prominent at hospitals, power plants, government offices, and politically-aligned institutions. That's leaving alone mobile security threats and vulnerabilities that seem to dominate technology news headlines at least once a month. Eschelbeck continues to outline how what he thinks the underlying problem is. While he says that new protection measures based on automation and encryption have come a long way in the past several years, people seem to be less interested or committed to security.
Eschelbeck's argument does make some sense. The most commonly chosen password over the past year was "123456" and most users don't keep all of their software up-to-date on a regular basis, despite that it is a big concern for security experts. Problems found with some two-step authentication methods, meanwhile, are likely part of the reason people don't bother enrolling in those programs, in addition to inconveniences those can cause. Moreover, it is easy to become desensitized or to begin thinking the added security layers offer no benefit with new stories rolling out every other week or month about new vulnerabilities or cybersecurity breaches. Adding to the problem is the fact that high-level security smashing tools, such as those typically used by government-backed agencies or government entities are readily available – and often at no cost – to anybody willing to utilize them. Meanwhile, the threat is also real from governments or government-backed groups, as well, that are either perpetrating or thought to be perpetrating some of the more high-profile attacks.
With as many as 70-percent of large corporations based in the U.S. and Europe expected to see increasingly intense cyber attacks by 2019, organizations, governments, and people can't afford to be lax about security, Eschelbeck claims. Eschelbeck goes on to say that the solution needs to start with education and that the conversation about how to stay secure using two-step authentication, installing updates, and taking other steps needs to start at home and to be included as part of schools' curriculum. Beyond that, governments need to fund cybersecurity organizations and citizens need to pressure representatives to provide funding for national cyberdefense measures – regardless of party affiliation, as a bipartisan effort. Recent decisions to by some local authorities in the U.S. to harden the security of electronic voting machines and efforts from the current and previous administrations to raise funding and budgets, he says, are good starts but are not nearly enough. Meanwhile, organizations and businesses need to look to security experts or hire dedicated security experts to provide oversight of corporate activities in order to maintain strong security through security policies, procedures, and strategies for dealing with possible problems.