by Alex Lang
I remember the first time I used a computer was as young as five years old. I thought this cutting-edge technology was fascinating and spent most of my free time playing video games. At that time, the internet was just beginning to become popular. Then, I was introduced to the World Wide Web. I was slightly self-conscious about giving away personal information but did not prevent me from creating various online gaming accounts. I ended up using the computers ever since throughout my life of personal and education purposes. Many years down the road, the Target corporation was involved in a major data breach affecting millions of credit card holders personal and financial information. My family did not get affected, but afterward, Americans were becoming more mindful of their sensitive information. However, cybersecurity regulations at its current standing are not enough to protect the privacy of consumers.
Cybersecurity has been a serious obstacle throughout the years because cybercrime has increased in magnitude and have become rather difficult for companies and government agencies defending its system. Most Americans can remember previous important information incidents such as the Target Corporation credit card breach, Edward Snowden scandal, and recently the Hillary Clinton email leak (McCutcheon par. 2). The difficulty with modern-day cybersecurity is the lack of precaution to prevent future attacks. According to Chris Doggett, former managing director of Kaspersky Lab, “Online attacks by criminals and hostile nations are growing in volume and sophistication” (qtd. in Price par. 1). There are more cyber-attacks than ever before and increasingly difficult to recognize these operations. I believe enforcing stricter regulations for strong cybersecurity protection before the cyber-attack occurs can potentially reduce future information breaches. By preventing as many cyber threats as possible, there are fewer opportunities for hackers stealing private information.
One example of data theft involves, Robert Hartle, a forty-six-year-old adult. He is a victim of identity theft who had his credit card and private information stolen. Credit card fraud has changed his life forever and caused thousands of dollars of debt from fraudulent charges. The individual who stole Hartle’s data opened accounts and racked over $100,000 of debt under Hartle’s name. Once he discovered the charges from collection agencies, he had to repair his identity and credit history because it was too late. Robert Hartle spent over a hundred hours restoring the financial damaged to his name. In the meantime, he could not acquire any loans because of his ruined credit (Allison 1). This is an example of what could happen if cyber criminals steal credit card information and personal data. Most Americans realize cybersecurity is inadequate for today’s standard and are overly concerned about others who many have your information.
Furthermore, corporations and government agencies gather enormous amounts of data from their online services and alternative entities. All of this knowledge that gets organize uncovers the habits about consumers. The problem is sensitive data is not always acted upon ethically and respectfully for Americans’ privacy rights. In certain situations, using this information to recognize terrorist threats, dangerous criminals, and illegal activity is completely acceptable, but using these observations to spy on an everyday American goes far beyond why scientists invented the internet (Granick). Other situations include corporations and internet service providers selling basic information to advertisers for a profit. The browsing history includes health, financial, personal interests, and additional data to precisely describe the users’ daily routine. Either way, I believe personal information should not be used in these ways unless given permission or to detect threats to the United States.
The National Institute of Standards and Technology Cybersecurity Framework is one approach that has been known to improve cybersecurity with three main features. During President Barack Obama’s second term, his executive order established the NIST Framework to standardize feasible cybersecurity improvements (Shackelford and Bohm). The Framework includes the profile, implementation tier, and core components that describe standardized cybersecurity practices, risk management, and activities (Guinn). Any critical infrastructure and organization who adopt this Framework are seeking cybersecurity enhancements while aligning to business goals and limitations. The NIST Framework is not a United States federal law but a voluntary standard being used by major corporations in the United States and across the world.
It is important for companies and government agencies to analyze its security protection because over 90 percent of companies are not sufficiently equipped for cyber-attacks (Gabel, Detlev, et al.). Cybercrimes disrupt companies’ operation from a range of sabotages and data breaches which reduce the overall trust among its customers. According to Kenneth Olmstead and Aaron Smith, journalists for the Pew Research Center, states, “A majority of Americans (64%) have personally experienced a major data breach, and relatively large shares of the public lack trust in key institutions – especially the federal government and social media sites – to protect their personal information” (Olmstead and Smith). Data breaches and disruptions diminish the companies’ profit and damage the economy over time. Additionally, the internet users are not aware of the unreported, stolen information. Then, the victims do not realize the fraudulent charges to their bank account until it’s too late. Most companies compensate the victim by removing the charges, but sometimes the damage is beyond repair. Therefore, cybersecurity is critical to protecting the personal privacy of its users.
The request for a stronger cybersecurity regulation has recently been a concern for most Americans. Throughout the years, data breaches and security problems have compromised Americans’ private data which affects the company reputation and customers’ status. Once the private information appears online, it is impossible for the victim to remove it. Exposed private is damaging for the victim and the company’s reputation. These regulations are intended to retain the privacy of online users and balancing outside threats but small changes are not enough, unlike a new law. Many people such as myself believe that we are not protected from outside threats and do not realize that the government gathers sensitive information about anything to serve their purpose. By adopting new cybersecurity regulations such as the NIST Framework, this will protect privacy by reducing the number of data breaches and stolen data in the United States.
Allison, Stuart. “A Case Study of Identity Theft.” Scholar Commons. University of South Florida Tampa, 2003, pp. 1-63. scholarcommons.usf.edu/cgi/viewcontent.cgi?article=2321&context=etd. Accessed 9 Mar. 2017.
Gabel, Detlev, et al. “Cyber risk: Why cyber security is important.” White & Case LLP International Law Firm, Global Law Practice, 1 July 2015, pp. 1-9. http://www.whitecase.com/publications/insight/cyber-risk-why-cyber-security-important/. Accessed 7 Feb. 2017.
Granick, Jennifer. “Data and Protecting the Right to Privacy.” Center for Internet and Society, Stanford University, 29 Sept. 2015. cyberlaw.stanford.edu/blog/2015/09/data-and-protecting-right-privacy/. Accessed 30 March 2017.
Guinn, Jim. “Why you should adopt the NIST Cybersecurity Framework.” PwC United States, PricewaterhouseCoopers LLP, May 2014, http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/adopt-the-nist.pdf. Accessed 21 Feb. 2017.
McCutcheon, Chuck. “Privacy.” CQ Researcher, CQ Researcher Online, 14 July 2014, library.cqpress.com.leo.lib.unomaha.edu/cqresearcher/cqr_ht_privacy_2014.
Olmstead, Kenneth, and Aaron Smith. “Americans and Cybersecurity.” Pew Research Center: Internet, Science & Tech, The Pew Charitable Trusts, 26 Jan. 2017. http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/. Accessed 31 Jan. 2017.
Price, Tom. “Cybersecurity.” CQ Researcher, CQ Researcher Online, 25 June 2015, library.cqpress.com.leo.lib.unomaha.edu/cqresearcher/cqr_ht_Cybersecurity_2015.