The beginning of what we now call cybercrimeI have been in this career for decades, yet it seems like we are still at square one. Back in 1970-1995 Kevin Mitnick had an advantage \u2013 he was a groundbreaking hacker, long before all the script kiddies showed up on the scene.Mitnick penetrated some of the most high-profile networks in the world using social engineering schemes. He tricked insiders into revealing access codes and passwords. We now call this phishing and it\u2019s highly automated.Then, in 1988, worms like the Morris Worm showed up. What started as a seemingly small playful exercise launched from a computer lab at MIT, the worm spread much faster than anticipated. It went so bad Robert Morris was eventually the first to be convicted of violating the Computer Fraud & Abuse Act.Kevin Poulsen made his mark in 1988-1994 when he took over the phone lines in Los Angeles to win a radio station contest. The prize was $20,000 in cash and a Porsche 944 S2 Cabriolet.In 2011 things shifted into high gear. Enter the Stuxnet Worm. This was to become the world\u2019s first weaponized attack. Stuxnet targeted Iran\u2019s nuclear program, causing physical damage to their enrichment centrifuges. This was not the act of a lone hacker, prankster or script kiddie. This was the work of a Nation State.Later in 2011, as social media was in full swing, hackers used this medium to publicize their work. The group Lutz Security would hack and tweet about their victim\u2019s poor security. They even hacked Sony\u2019s PlayStation network in an event that compromised more than 24 million users\u2019 personal information. At the time, most operating systems were still not being not designed with strong security and neither was the internet.Speaking of the not-designed-to-be-secure, in 1969 \u2013 the year of the Man on the Moon, Woodstock and the Miracle Mets \u2013 something else very significant happened. At the time very few knew about it, because there was no newspaper, radio or TV coverage of it.On this day in October 29, 1969 the birth of the internet took place. Leonard Kleinrock, a professor of computer science at UCLA, sent the first message over a network that would eventually become the web. In an interview with CNN on October 29, 2009, Kleinrock had this to say about today\u2019s internet:\u201cThere's a very dark side to the Internet, which we're all familiar with. It started with a worm in 1988, and it became spam in 1994, and now we have pornography, we have denial of service [attacks], we have identity theft, we have fraud, we have things like botnets [pieces of software that cyberthieves use to remotely and secretly control your computer], which really worry me.\u201dThe internet grows up, but can we control it?So, we have this global network that was never designed to be secure, then suddenly in 2000 the dot com boom happened, and everyone was on the internet or getting on it. E-commerce was born. We would immediately place all our military secrets, medical records, educational records and banking credentials online.Everything was now online. Did I say all of this was put on a network that was never designed to be secure?It\u2019s only natural to ask if greed has contributed to our cybercrime problem? Did we ignore security in our quest to make as much money as possible? Are we still doing this? Is security just too inconvenient for our customers?Think about this: For the first time in history you could rob a bank in the US from Russia or anywhere in the world without ever leaving your safe and secure home or office. Every computer in the world now has the ability to connect to any other computer in the world.How many targets are there? Add IoT, the Internet of Things, and cyber criminals can not only snoop on your baby monitor and home security system but also compromise you bank account and much more. How many devices are on the internet today? According to Internet World Stats, 4,383,810,342 as of March 31, 2019. According to Privacyrights.org, the total number of records breached since 2005 is 11,578,188,519.I used to regularly give security presentations and I would always talk about the latest data breaches: Target, Sony, Home Depot, the US Government\u2019s OPM, Adobe, Yahoo, eBay, Anthem, Equifax and Marriott, to name some of the more notable and newsworthy. Notice I didn\u2019t include hospitals, where ransomware shuts down access to critical life-saving systems.I\u2019ve lost count. It\u2019s become commoditized information when you announce another data breach. It\u2019s like saying there\u2019s another accident of Interstate I-4 in Orlando. In other words, it\u2019s routine. We have become as numb to it as violence on the evening news.The solution: Let\u2019s work together\u2026like the cybercriminals doThe 2019 Verizon Data Breach investigations report looks like this:C-Suite executives are 12 time more likely to be targeted in social engineering attacks than other employeesNation-state attacks increased from 12% of attacks in 2017 to 23% in 2018Phishing is involved in 32% of breaches and 78% of cyber-espionage incidents90% of malware arrived via email60% of web application attacks were on cloud-based email serversMost email threats and BEC attacks only resulted in data breaches because multi-factor authentication had not been implemented52% of cyberattacks involve hacking34% of attacks involved insiders43% of cyberattacks were on small businessesRansomware is the second biggest malware threat and accounted for 24% of malware-related breachesThere has been a six-fold decrease in attacks on HR personnelMisconfiguration of cloud platforms accounted for 21% of breaches caused by errorsI can\u2019t and won\u2019t speak for all nations, but for my home country the USA. It appears our siloed approach to cybersecurity is still hurting us. In Europe, privacy is considered a human right. It\u2019s not even mentioned in the US Constitution (it only shows up in the 4th Amendment under illegal search and seizure).Another issue hurting our ability to secure user data are the mostly unknown data brokers. We know that data brokers have free reign in the US because profits appear to mean more to Congress than our privacy. Our lobbyists often come from the government and go on to work for corporations, including data brokers who fund congressional elections. This gives them power to manipulate our government and its laws.Just this week I read on the International Association of Privacy Professionals (IAPP) website that Congress is going to conduct a hearing on data brokers and the impact on financial data privacy, credit, insurance, employment and housing. Forget what info Snowden or Assange say our government has on us. This industry This industry knows everything about all of us\u2026and sells it.And with our mixed bag of State and Federal laws, there is little to no consistency or standards that we as a nation can comply with.It\u2019s time our government moves toward uniform laws. California and Massachusetts have their own data privacy laws, while some states have little to none, while the feds go another direction. This siloed approach guarantees that we will always come up short.The government pushed electronic medical records for good reasons, but it was another example of too much too fast. They themselves became victims in the Office of Personnel Management (OPM) data breach, wherein the most sensitive government security clearances were stored, and everyone including the FBI director\u2019s identity was compromised by China. In short, the same government that was unable to secure its own security clearances was simultaneously pushing for all our medical records to be online and ready for the taking.Just how many healthcare records have already been compromised? According to HIPAA Journal, between 2009-2018 there have been 2,546 healthcare data breaches, resulting in the theft or exposure of 189,945,874 health records.Let\u2019s face it: we are still losing this battle. Microsoft keeps forcing patches on their OS, an OS that is inherently large and complex and has unlimited vulnerabilities. Too many people are spending too much time attacking it and looking for new ways to exploit it. Why? Because for some, it\u2019s apparently much easier than working for a living (and it\u2019s very profitable).We know where we\u2019ve been, and we know where we are: still in reactive mode with no uniform or comprehensive laws that address security and privacy for all business sectors across our nation. Will the US do the right thing even if special interest groups lose some market share, or will we continue to have\u00a0 a Darwinian approach cybersecurity laws where some win and others lose all at the expense of the global data feeding frenzy.Will we keep kicking the cybersecurity can down the road?Why have we made so little progress lately? Because Congress is too busy fighting itself. It\u2019s time for our country to stop the partisan politics. This behavior is so wasteful and unproductive. While the endless fighting and division continues, cyber criminals who don\u2019t work in silos are all too happy to continue to exploit our banks, medical records, military secrets and intellectual property.We must acknowledge the risk of doing business online and prioritize the risk by industry. We need to provide real world solutions that manage this risk by including industry executives and cybersecurity experts.We need uniform state and federal laws and security frameworks that everyone must adopt. We can\u2019t have some cities or corporations doing nothing while others spend large amounts of money addressing this issue. Some industries are regulated, and others are simply ignored or are able to have substandard security in place.There needs to be consistent and comprehensive mandatory security and privacy laws and corresponding compliance frameworks to meet them. We also need to work with the European Union and adopt GDPR. Even if we don\u2019t address data privacy in the Constitution, it should still be a human right \u2013 especially in the digital age.In the end, we must decide: are we really serious about cybersecurity and privacy, or will we continue down the path of ignorance and survival of the fittest in a global game of cybercrime that is working 24 x 7 to take everything we have?We can do the right thing. Will we?