TechTech News

Cybersecurity: An Invisible War Grows More Intense, More Challenging

‘The bad guy only has to be right 1 percent of the time to get through,’ said one security firm founder.
Save
Cybersecurity: An Invisible War Grows More Intense, More Challenging
A person delivers a computer payload while working on a laptop during the 11th International Cybersecurity Forum in Lille, France, on Jan. 22, 2019. Philippe Huguen/AFP/Getty Images
Updated:
0:00

On Nov. 3, 1988, long before most of the world would hear of dot-com and cyberspace, Eugene Spafford, an assistant professor of computer science at Purdue University, awoke to a peculiar problem: He could not log into his school computer from home.

At first, he thought his machine just needed rebooting.

“But later I started looking at system logs on that machine, and some others,” said Spafford, now in his 38th year at Purdue, via email to The Epoch Times. “And I found evidence that [a computer worm] had been present.”

The worm turned out to be the first stand-alone computer malware—created by Robert Tappan Morris, a Cornell University graduate student, who would soon become the first person indicted under the U.S. Computer Fraud and Abuse Act.

At the time, the number of potentially vulnerable machines hovered under 80,000 worldwide—and there was barely any such thing as cybersecurity.

In the 36 years since Morris’s worm, the world of computers and information technology has evolved into a multi-billion-dollar industry with more than 5.5 billion internet users—approximately two-thirds of the world’s population.

And behind the scenes, millions of cybersecurity professionals are fighting cyber criminals in an invisible war that is becoming more intense, more expensive, and more challenging than ever before to keep personal information and business operations safe.

“Cyber crimes are projected to reach $10.5 trillion by 2025, up from $3 trillion in 2015,” said Steve Morgan, founder of Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine, a research and market intelligence firm with locations in Northport, New York, and Sausalito, California.

He said that since 2013, the demand for cybersecurity professionals has been so high that the estimated shortage since then has grown 250 percent—from 1 million to more than 3.5 million in 2024.

“It won’t be until sometime in 2025 that we look ahead with another prediction,” Morgan told The Epoch Times via email.

“But we expect cybercrime growth to slow to around 5 percent annually over the next five years, given heightened awareness by consumers and organizations around the cyber threats, and the measures they are taking accordingly.”

PhishLabs, for instance, founded in 2008, is a globally recognized cybersecurity firm in Charleston, South Carolina, that grew 376 percent from 2012 to 2016. Acquired by Fortra in 2021, PhishLabs protects thousands of businesses each month from cyber attacks, data breaches, and financial losses due to online fraud.

“External threats play a large part in digital threat landscape,” said Eric George, director of solutions engineering in a 2024 company blog.

“And like the name suggests, external threats are those that come from outside of your organization.”

Company founder John LaCour said his main concern is always in the “1 percent.”

“The bad guy only has to be right 1 percent of the time to get through,” LaCour told The Epoch Times via email. “And we have to be right 100 percent of the time to stop him.”

Biggest Threats

Dr. Noah Schiffman, a reformed hacker in Charleston, South California, and now an independent cyber researcher, has worked for much of the 21st century as a chief technology advisor and cybersecurity officer for companies such as KBR, Wave Sciences, and Orbis, Inc.

Much of his focus has been on trying to predict criminal “exploits,” or techniques, and implement measures to stop them before they are executed.

“But new exploits are discovered every day which can’t be predicted,” Schiffman told The Epoch Times via email.

“And most, if not all, of the threats from 10 years ago are still very relevant today. However, many have grown in their sophistication and complexity.”

The five current areas of exploitation that are high on the cybersecurity alert include the following:

Ransomware. As the name implies, ransomware is malware that criminals use to keep data away from their owners, then force them to pay a ransom to recover the data.
Hollywood Presbyterian Medical Center in Los Angeles, California, for example, paid the equivalent of $17,000 in February 2016 to a hacker who seized control of the hospital’s computer systems and ransomed all of its records until payment was made.

In the eight years since then, Schiffman said ransomware has significantly increased in both frequency and severity.

“The use of cryptocurrency as payment has helped with attacker anonymity and made it very hard to trace and track down cyber criminals,” he said.

Cloud Technology. In the not-so-distant past, companies stored their data in-house because it was seen as the safest way to secure it. Now, many companies outsource data storage and services to firms that use a “cloud or data that is accessible from a Web browser.”

Firms then handle the cloud’s data security for the companies as a service. And this cloud technology gives hackers new and possibly more targets to breach.

“Despite the large budgets cloud providers spend on security, breaches still occur due to things like service provider vulnerabilities, insider threats, misconfigurations, and poorly handled credential management,” Schiffman said.

Mobile Computing. Schiffman said the average number of personal computers used to be one per family. In 2023, this figure rose in North America to more than 13 per person, and includes desktops, laptops, gaming platforms, and hand-held devices such as smartphones and tablets.

“Mobile phones now outnumber traditional computers in ownership and use,” Schiffman said.

“As the number of these devices increases, your susceptibility to being attacked increases, because there are more targets. Therefore, this continues to be a target of cyber criminals, with largely phishing attacks as the main attack vector.”

Phishing. In this cyber crime, criminals posing as reputable sources use fraudulent email in an attempt to trick the recipient, usually an end user, into revealing confidential company information, such as login credentials, passwords, or account data.

If the recipient responds as intended, they unwittingly let criminals into a system to steal money and account information.

“Since the end user is always the weakest link of the security chain, targeting individuals through phishing will always have a degree of success,” Schiffman said. “The most effective prevention is through end-user education.”

Artificial Intelligence. Cybercriminals use AI to carry out a variety of sophisticated attacks, including data poisoning, password hacking, social engineering schemes to trick individuals into revealing sensitive information, and deepfakes to manipulate visual or audio content and make it seem legitimate.

Both Schiffman and Morgan pointed out that AI is just the latest cyber threat—and likely not the last one.

The growing sophistication of threats has led to some massive security breaches.

Kaspersky Lab, a privately owned cyber security company headquartered in Moscow, reported that a cyber gang known as Carbanak stole up to $1 billion from 100 financial institutions worldwide from 2013 to 2015.
In June 2015, the U.S. Office of Personnel Management in Washington discovered that background investigation records of current, former, and prospective federal employees and contractors had been stolen. The theft included the Social Security numbers and other sensitive information of 21.5 million individuals.
From Nov. 27 through Dec. 18, 2013, when cyber criminals breached the computer systems of retailer Target, approximately 40 million cards were compromised, as well as 70 million customers’ personal details.

In December 2023, about 1.5 billion records were leaked from New York-based online real estate education platform Real Estate Wealth Network—in what Schiffman called one of the largest leaks in U.S. history, with an exposed database of nearly 1.16 terabytes due to having “non-password-protected folders and system access.”

The database of National Public Data, a Florida-based background check company, was hacked in December 2023. Schiffman said this breach of an estimated 2.9 billion records impacted 270 million people. Much of the stolen data was leaked and “made freely available in a 4TB dump onto a cybercrime forum July 2024.”

In 2012, the South Carolina Department of Revenue in Columbia was the victim of a phishing attack that affected 700,000 businesses and compromised the Social Security and bank account numbers of 3.8 million individuals.

Biggest Preventives

When asked what individuals could do to better keep private online information safe, both Schiffman and LaCour suggested limiting the use of debit cards, keeping a close eye on transaction history, backing up computer data, integrating anti-viruses and firewalls into computer systems, and assessing risk vs. convenience when selecting payment cards.

“No system is 100 percent secure,” Schiffman said. “But the more layers of security you have, the better.”

Many schools and institutions now offer degrees and certificates in cybersecurity, with training and courses in computer engineering and security principles.

“A career in cybersecurity is definitely a good direction to go in,” LaCour said. “Because there’s practically zero unemployment in the sector.”

And as cyber threats continue, Schiffman said the war to control the cyber world is likely to become more potent, more costly, and more difficult for both sides—with the outcome very much in doubt.

“Cyber crime happens a whole lot more than is publicized,” he said.

“And my gut feeling is that it’s just going to get worse. It’s a cat-and-mouse game now, and no one knows where it’s going.”

L.C. Leach III
L.C. Leach III
Author
South-Carolina based, Leach has previously written for Greenville Business, Charleston Business, Island Vibes, Mount Pleasant Magazine, and HealthLinks Magazine. His specialty is getting to the story behind the story of the people who shape business, products, services, and concepts.