Malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016, according to a recent report from the Council of Economic Advisers. The high end of the estimate represented more than a half of a percent of the nation’s entire gross domestic product.
Cyberattacks on business and government in the United States are ever-changing and can come from sophisticated adversaries around the world, the CEA reported in February of this year.
Increasingly dangerous attacks threaten not only the economic well-being of the United States but the physical security of the country.
Considering the large and growing nature of risks, I was surprised to learn recently that the leaders of some companies still are reluctant to acknowledge the seriousness of cyber threats and are inclined – mostly for financial reasons, apparently - to resist proposals to improve corporate defenses.
I became aware of the problem recently through an InfraGard event. InfraGard is an information-sharing partnership between the private sector and the FBI that is designed to enhance the nation’s ability to protect critical infrastructure from all forms of attack.
There are more than 80 InfraGard chapters around the nation, including one in South Dakota that meets in Sioux Falls. Vetted members meet to discuss topics of mutual interest, such as software vulnerabilities and incident management.
Nationally, InfraGard conducts webinars, and I recently participated in one as a representative of SDN Communications, a premier regional provider of broadband connectivity and cybersecurity services for businesses. The topic of the webinar seemed interesting: “The business-legal case for counterintelligence: Why the boss should care.”
The fact that a seminar on this topic was deemed necessary seems to be evidence that there is a knowledge or awareness gap in some corporate offices.
Seminar presenter Robin J. Lee is an experienced technology lawyer who recently became the director of analytic programs for InfraGard San Francisco. Lee essentially spent an hour offering advice to technology experts in organizations who need to convince their more generalist-minded bosses about the seriousness of cyber threats.
He suggested, for example, that IT experts avoid using jargon when outlining the seriousness of threats for their superiors. Use “employees” or “contractors” instead of “agents,” for instance, and use “theft” or “data breach” instead of “espionage.” That’s good advice for anyone in the communications business.
Lee even worked in references to the mythological Greek prophet Cassandra, who could accurately predict the future but was cursed and not believed by anyone. IT experts don’t have to overcome supernatural curses, but convincing employers that a company’s cyber defense should be improved can be challenging.
Cyberattacks often are directed at large companies that store a lot of information about customers or employers. Businesses such as healthcare organizations and financial institutions are particularly inviting targets because of the amount of detail they keep on file. However, small and midsize businesses face threats as well, according to the U.S. Chamber of Commerce.
InfraGard can help organizations of any size by providing useful information about risks. The benefits of participating in InfraGard go beyond that, though.
Members get access to threat advisories from the FBI and the U.S. Department of Homeland Security. They also get access to a web portal to check out threat reports and share assessments and best practices with colleagues.
“The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of critical infrastructure,” according to InfraGard literature.
Jay Patel, a supervisory special agent with the FBI, recently encouraged business people from the Sioux Falls region to participate in InfraGard. Patel was one of the featured speakers at the Sioux Falls Cybersecurity Conference on March 27. The Sioux Falls Area Chamber of Commerce and the U.S. Chamber of Commerce hosted the event.
Related Blog: Businesses, beware: Technology has helped hackers, too
The U.S. Chamber also encourages companies to connect with law enforcement through InfraGard.