The U.S. faces the severe threat of cyberattacks every day. Our networks are not secured, making them ripe for attacks, from both private hackers and state actors. In the news, we hear about cyberattacks on the public and private sectors every day. These attacks can cause significant damage in a number of forms, such as financial losses, compromised intellectual property, and stolen sensitive personal information. Consumers can be subjected to this threat, whether directly through their online activity or indirectly through where they shop, as we saw with the attack on the major retailer, Target.
Symantec Corporation, a cybersecurity firm, conducted a study which found that there are 59 million consumers who are victims of cybercrime in the U.S. each year. The average cost of cybercrime in the U.S. over the past year was $38 billion, with the average cost per victim running about $298.
Cyber thieves target our networks because it is profitable to do so. They seek to steal financial information such as credit cards or even Social Security numbers, which could ultimately lead to identify theft. In fact, a study by the United Nations Office on Drugs and Crime reported that identify theft is one of the most profitable forms of cybercrime, generating about $1 billion in revenue every year on a global scale. Victims of identity theft pay the price, with the total cost to U.S. victims who were targeted through cyber techniques reaching $780 million.
Besides exposure to cybercrime through direct online activity, consumers can become victims indirectly, simply by where they shop. Everyone is familiar with the massive cyberattack on Target’s networks this past winter. Cyber thieves stole personal information from approximately 110 million customers, including credit card numbers from 40 million people.
Some analysts estimate the attack has cost Target over $61 million, and ultimately it cost the CEO of the company his job. The monetary costs are related to reissuing cards, bank settlements, credit monitoring and enhancing security systems.
There are other negative consequences of the attack which are more difficult to quantify, such as the time spent on corrective action and a damaged reputation. Target CFO John Mulligan testified at a recent Senate Judiciary Committee Hearing that the cyberattack shook customers’ confidence in Target.
Target was victimized because it is one of the biggest merchandise retailers in the country, however; the private sector as a whole is at risk for attacks. In January, the FBI sent a letter to retail companies warning them that cyberattacks would likely increase in the coming year. The reason is that hackers are making a lot of money from the crime, so they are always looking for new ways to exploit our private sector networks.
The Target attack required a massive, expensive cleanup – after the damage had already been done. This paradigm shift of cyberspace becoming a battlefield requires us to act. We must have foresight and work to prevent these attacks from occurring in the first place, ultimately protecting U.S. consumers and our economy as a whole.
The reason that hackers can penetrate our networks is that we do not have a legislative framework in place to protect them. The President issued an Executive Order which aims to protect critical infrastructure, but this is only one step in addressing the problem. The issue requires information-sharing legislation in order to truly protect our cyber networks.
In an effort to address this problem, the House Intelligence Committee Chairman Mike Rogers and I introduced the Cyber Intelligence Sharing and Protection Act (CISPA) of 2013. The bill allows for information sharing between the public and private sector in order to prevent cyberattacks from occurring.
Cybersecurity requires a partnership between the government and private sector, as the private sector owns about 80% of the Internet, making it difficult for the government to help protect it.
Under CISPA, if a company is cyberattacked, they could report the malicious code they found to the government, which could then use that to prevent other companies from becoming victims. Currently, there is no legislation that allows this type of sharing, and companies are concerned about discussing cyberattacks with other companies and the government because of anti-trust laws and privacy reasons.
CISPA also offers real-time sharing, which is necessary so that a cyberattack can be stopped before much, if any, damage is done.
In the process of developing the legislation, many privacy groups indicated concerns about CISPA violating privacy. I am proud to say that CISPA protects privacy and civil liberties in a number of ways, such as by requiring multiple layers of oversight, limiting use of cyber-threat intelligence, and prohibiting the sharing of personal information.
Also, it’s important to keep in mind that cyberattacks violate privacy – when hackers exploit our networks, they are accessing some of our most private information like medical records and Social Security numbers. This situation begs the need for CISPA, so that businesses and, ultimately, consumers are protected.
The Senate recently introduced cyber legislation, which means that we are one step closer in handing the President a finished product he can sign. Until then, I look forward to continuing an ongoing dialogue with the White House, my colleagues in the House and Senate, business leaders and privacy groups in order to solve the problem of cybersecurity together, so that ultimately our country, its economy, and our consumers are protected from the vicious attacks that have already caused too much damage.
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?
This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its affiliates.