Cybercrime: 'We've only seen the beginning,' expert warns

Hacker RTR FBN

If you think 2017 was a bad year for cyberattacks, just wait to see what happens in the coming years, one cybersecurity expert warns.

“We’ve only seen the beginning,” Dr. Eric Cole, CEO of Secure Anchor and former CTO of McAfee and Lockheed Martin (NYSE:LMT), told FOX Business. “Cybercrime is big business … and it’s a very high-payoff, low-risk crime … we’ve seen nothing yet.”

In 2016, U.S. financial losses stemming from cyberattacks totaled $1.33 billion, a 24% increase over the year prior, according to an FBI report. An Accenture study concluded that the number of hacks likely increased by more than 27% between 2016 and 2017.

Throughout 2017, U.S. institutions and businesses suffered some high-profile data breaches, including the U.S. Securities and Exchange Commission (SEC) and credit reporting giant Equifax (NYSE:EFX). The Equifax hack resulted in thieves gaining access to the personal information of more than 145 million Americans, which will have financial implications for consumers for years to come. Uber also revealed in November that it suffered a hack in 2016, which it attempted to cover by paying the hackers $100,000 to keep the breach secret.

Cole, who was a member of the Commission on Cyber Security for President Bill Clinton and a security advisor for Bill Gates, said criminals tend to get away with cybercrime because they are often international actors from countries with no cybercrime laws or extradition treaties. That means, even when authorities figure out who is responsible for an attack, which is a challenge unto itself, they have no way of punishing the offenders.

In order for the United States to begin to combat that issue, Cole said the government needs to work with other countries, and the United Nations, to implement international laws governing cybercrime. Each country’s individuals laws are largely “useless,” he said, because most of the time the crimes are being committed in a different country.

Secondly, the U.S. government can implement penalties in order to enforce good security practices, Cole added. A company like Equifax, for example, failed to update a software vulnerability that led to the compromise of more than 145 million Americans’ personally identifiable information, and faced no clear punishments for putting consumers in financial jeopardy.

While Cole said security experts are constantly trying to figure out how cyberattacks will evolve in the future, he believes an attack on the United States’ critical infrastructure, including water supply and electrical grid, is “on the radar.” Further, he said a “true information war,” which could devastate countries and result in loss of life, is within the realm of possibilities.

In the interim, it’s critical for security teams to be proactive, because cybercriminals, unfortunately, have the upper hand.

“[Cybercriminals’] game is easier, they have to find one weakness. We have to find them all,” Cole said.