Last year was arguably one of the first times in American history that cybersecurity and cyber defense became a nationally discussed political topic with the possible exception of the Edward Snowden’s NSA leaks. Countless hours of news coverage were dedicated to Hillary Clinton’s private email server and reports of state-sponsored hackers acting on behalf of President Donald Trump.
Despite the Donald’s promise to improve “the cyber,” it appears as though Trump—at the time this article was written—has delayed plans to impose a broad cybersecurity overhaul of the government through executive action.
While the move towards a more robust national cyber defense policy is currently in the works, the past year has given us reason to suspect Trump’s incompetence on this particular issue.
From Russia with Love
During the final leg of the election, nearly every US intelligence agency and independent cybersecurity researcher agreed that Russia had, indeed, hacked the DNC and RNC in an effort to aid in Trump’s election. Despite wide agreement on the matter from the experts who dedicate their lives to protecting our nation, Trump and his apologists (along with Russian media) continued to deny the evidence. To be fair, he has changed his tune in recent weeks.
The Trump administrations inexcusable defense of Russia’s tampering with the US presidential election puts our country at a great risk of cyber infiltration by the foreign dictatorship. Trump even asked Russia to expose more of Clinton’s email (which he later said was a joke, as are all of his controversial statements).
For example, a malware code connected with Russia’s hacking operation of the DNC was used, unsuccessfully, to cripple Burlington Electric’s power grid in Vermont. An ongoing investigation is looking into the matter, but this news is especially frightening knowing that the US is “completely unprepared” for such an incursion.
Additionally, there is a possibility that Russian hackers stole $10 million from a Ukrainian bank through the SWIFT system, a messaging system used by most of the world’s bank for communicating payment orders. Again, the matter is still under investigation.
The conclusion here is that the US needs to take a strong stance against government-backed hacking as it can affect global finances, national infrastructure, foreign elections, private businesses and more. Without indicting Russia’s crimes, Trump’s administration is weakening our cyber defenses.
Little Mistakes Lead to Big Problems
One of the sad truths of cybersecurity, is that people make stupid mistakes. Turns out that the vast majority of corporate data breaches are due to employee negligence; and the public section is no exception. In the case of John Podesta, his emails were hacked by a spear phishing campaign (a good rule to keep in mind, don’t click links in emails).
Well, it appears as if the new administration isn’t doing much better. Turns out that Steve Bannon, Kellyanne Conway, Sean Spicer and Jared Kushner are all using the RNC’s private email server — not unlike the private email server that hounded Clinton during her campaign. Even worse is that Spicer may have been tweeting sensitive information or passwords from his press secretary account. While no one can be sure, entries like “n9y25ah7” and “Aqenbpuu” certainly looks like passwords to something.
Similarly, there has also been controversy surrounding Trump’s notoriously insecure cell phone. “In defiance of all security standards, the president is reportedly still using it,” reports Gizmodo.
So, what’s the harm? While we do not know if the president’s phone is encrypted or connected to public Wi-Fi, there is a danger that hackers could use the phone’s mic to listen in on private conversations, track Trump’s movements, log his keystrokes and more. Hacker group Anonymous even published a simple guide to infiltrating Trump’s phone on Twitter.
In contrast, former President Barack Obama was forced to adopt a secure smartphone incapable of texting or tweeting and was supported by the Defense Information Systems Agency.
Which of course brings us to a less political, but still important point: if a business’s employees are using their mobile devices for work purposes, it may be prudent to discuss cyber defense with a security provider to ensure that communications and data transfers from mobile phones are safe and confidential. Remember to educate you employees about cybersecurity threats as they are the first line of defense against digital incursion.
Late last year, it was announced that Rudy Giuliani would take an active role in Trump’s new administration as the head advisor of cybersecurity. While it is true that Giuliani started a management consulting firm dedicated to exposing cybersecurity weaknesses known as Giuliani Partners, there are reasons to believe that he has very little direct knowledge on the subject.
In an interview with Marketwatch, Giuliani admitted that his company made money in the early 2000s by selling expensive cybersecurity services to his friends. Even stranger, is that the Giuliani Partners company website has gone dark, possibly due to the fact that cybersecurity professionals vetting the site discovered “glaring vulnerabilities” such as expired cryptographic certification, lack of encryption, exposed remote login, outdated software, open server ports and more. Long story short — the GP website was anything but secure.
It is also important to note that Giuliani is reluctant to admit Russia’s involvement in the DNC hack. According to the Wall Street Journal, “when asked, he shrugs and says ‘we’ll see.’”
Don’t go the way of President Trump and his administration. Learn the techniques necessary to defend your business against hackers and malicious actors today! Delaying to act could gravely harm your business. In fact, 60 percent of small businesses go bankrupt in the six months following a data breach.
Do what’s best for your employees, company and customers. We can only hope that our country does the same.
This post is part of our contributor series. It is written and published independently of TNW.
Read next: 10 things your customers want you to do