Opinion
    Next Score View the next score

    Opinion | Michael Brown and Edward F. Davis III

    Shore up cybersecurity before it’s too late

    Lesley Becker/Globe Staff illustration; Michael Dwyer/Associated Press photo

    CYBERATTACKS HAVE BECOME a top threat to the United States. Nation-states are frequently targeting and launching attacks against our top corporations, stealing sensitive data, and — politics aside — impacting our national elections. It is only a matter of time until citizens are personally affected by much more than identity theft.

    Attacks have already occurred on our energy infrastructure. Here in New England, the denial of gas and electricity during our harsh winter months could be deadly. We can no longer perceive cyberthreats in terms of a lone hacker sitting behind his computer in a darkened basement. The threat is now driven by hostile foreign intelligence services and military agencies who promulgate an agenda to disrupt both our society and American businesses.

    Security breaches at companies such as Target and Home Depot and at the Democratic National Committee have been widely publicized. But individuals are increasingly being targeted, and Social Security numbers, banking information, and medical records are being stolen and sold on the dark Web. Even some of the nation’s top law enforcement agencies, including some in Massachusetts, have had their computer systems hijacked and held hostage by ransomware. Even after extensive response by federal authorities, many have had to pay ransom fees in order to retrieve their own data. We have successfully investigated these cases locally and around the world. Our clients would much rather prevent an attack from happening than try to recover from one.

    Advertisement

    The Commonwealth of Massachusetts is rich in both technology and health care companies. As a result, we are more exposed than other states because of the wealth of personal information and intellectual property involved.

    Get Today in Opinion in your inbox:
    Globe Opinion's must-reads, delivered to you every Sunday-Friday.
    Thank you for signing up! Sign up for more newsletters here

    In some cases, cyberattacks are inevitable. Therefore, the need to prepare properly is critical. Corporations must better understand this threat to effectively secure their operations. They can develop policy in line with government and industry standards. They must have incident response plans in place to mitigate any damage. How will your business operate if your website or infrastructure is taken out? Informed preparation can allow resumption of normal operations in hours, not weeks.

    Many organizations think of cybersecurity only in terms of technology such as firewalls. This is only part of the solution. In the DNC breach, clicking on a malicious link allowed hackers access to vital information. This heightens the dangers inherent with the human factor in this equation. In fact, more than 70 percent of successful breaches are accomplished by social engineering. Employees need policy and training to disrupt this common attack vector. Corporate leaders need to test their response with both training exercises

    We must also take advantage of the opportunities that arise from the phenomenal pace of technological change. The Commonwealth is fortunate to have an enormous wealth of ingredients that can help lead the way in a secure digital infrastructure. The strength of our academic institutions, research and development organizations, training institutions, innovation engines, cybersecurity vendors, and advanced private sector corporations creates an organized and cooperative ecosystem second to none.

    On the legislative side, we have a governor who recognizes both the risks and opportunities the digital economy brings. Governor Baker announced in September 2017 the establishment of the Mass Cyber Center. Leaders in the public and private sector have been meeting on a regular basis to provide advice on steps the state can take to create a more secure environment while also taking advantage of the unique capabilities that exist here to further economic development. In 2011, the Advanced Cybersecurity Center was established to bring public and private sector organizations to work on cybersecurity issues together — the first such institution in the nation. We have been working on this initiative since its inception and look forward to continuing that collaboration.

    The threats from cybercrime are not leaving us any time soon. We must marshal our resources and continue to bolster our organized-response front. The people who live, play, and do business in this Commonwealth deserve no less.

    Retired Rear Admiral Michael Brown and former Boston Police commissioner Edward F. Davis III are partners in Edward Davis LLC. Davis is a consultant for the Boston Globe.