People talk about “cyber security” as though it’s something we have; they say we’d better be careful (i.e., spend more money), because awful things might happen if we become cyber insecure.

Sorry, but that train has left the station. Our computers and networks, government, corporate and personal, are already unbelievably overrun by bad guys of all sorts. Not just attacked – overrun; the bad guys are already on the inside, doing stuff that would horrify most people if they could see it or understand it. There are millions of mostly-electronic, mostly-invisible (to most people) instances of thefts and vandalism every year.  And it’s getting worse.

How Bad is our Cyber Security?

It’s really bad. While hard to estimate accurately, there is good evidence to suggest that over a quarter of all the traffic on the web is generated by bad guys. Think about it – it’s as though every street you walked or drove had terrorists or obvious gang members or other truly frightening people driving or walking along – not just people you thought looked scary, but people who were genuinely bad, and were out to do damage for their own benefit or just for “fun!”

A lot of this seems to be low-level crime that many people don’t notice, like bad bots.

But even in that case, real money is involved!

Not only is every internet “street” crowded with smart thugs, they are far more effective than the famous robbers of the past. Willie Sutton was a famous bank robber. Over his 40 year career, he got away with an estimated $2 million. And spent decades in prison.

According to a 2009 study by Lexis-Nexis, consumers lost over $4 billion that year; banks lost $11 billion, and retailers lost an astounding $190 billion – all just to one source of fraud, credit cards! Before long, we’ll be talking serious money here…

Slick Willie Sutton is probably rolling in his grave, seething with jealousy.

There are also really scary things like cybercrime directed at things that can make big explosions and kill loads of people. It’s on its way. I’m not going to talk about it any more here, but suffice it to say that I’m not feeling great about it.

If it’s that bad, why isn’t is front page news?

What kind of visual are you going to have on the evening news for another cyber-theft? What is the chance for the news babe to stick a microphone in some grieving person’s face and ask “how did it feel when [the bad guy] [did that awful thing] to [you or your close relative or your neighbor]?”

By contrast, even a single awful thing happening to one person can make a great news story, with visuals and perhaps an interview with a person in distress. No cybercrime (so far) has generated close to the level of compelling visual as a single car-jacking of a single car in Chicago, for example.

In addition, the juicy targets for cybercrime are big organizations. When these organizations are hit, they tend to go to great lengths to cover it up. Most of the big hits (and they’re getting bigger and bigger) don’t make the news – partly because they don’t make “great news” (see above), and partly because the big organizations that get hit keep it real quiet – after all, there are no plumes of smoke, explosions or bleeding people to draw attention to the disaster.

Conclusion

Cybersecurity is way down on the priority lists of most people, for a variety of reasons, among them that it’s mostly invisible and hard to understand. This in spite of the fact that the fruits of cyber-crime from credit cards alone are thousands of times greater than physical robbery, with a fraction of the conviction rate. Cyber-crime is safe and profitable for those proficient in it! Cyber-crime, along with all other aspects of cyber-insecurity, is already at unprecedented levels and is getting worse, while most of us, including those in charge who should know better, are strolling along and whistling, as though everything were just fine. It’s NOT!