A 12-Year-Old Could Hack Most Companies: Expert
As the White House meets with CEOs on the topic of cybersecurity, one expert said that even young amateurs pose risks to corporate computer systems and the U.S. economy.
"It's so easy to get into corporate networks that a determined 12-year-old with good Internet access could download the tools," said James Lewis, senior fellow at the Center for Strategic and International Studies, who advises Congress and the Obama administration on cybersecurity.
"Ninety percent of the successful attacks require only the most basic techniques. It's time to grow up and admit that the Internet is not a safe neighborhood and we have to do different things than just sort of go on assuming that it's blissfully safe."
"Espionage, crime, that's easy. Physical destruction still turns out to be hard," Lewis said on CNBC's "Squawk on the Street" Wednesday, "But people are developing the skills, people are developing the tools. If we stay on the path we are on now, we will see those attacks and that is why the president is meeting with people."
There is an increasing fear from U.S. companies that their digital systems are at risk and their corporate secrets or customer information could be stolen by hackers exposing vulnerabilities or infiltrating employee computers.
"Things could not possibly get worse when it comes to economic espionage," Lewis said.
Last year, he noted, included Chinese espionage, Russian cybercrime aimed at financial institutions, and Iran going after U.S. banks. "I think it was those three things together that makes it something that can no longer be put on the back burner," he said.
Although Lewis said the U.S. government has not yet carried out any pre-emptive attacks on hacking threats, the administration has not ruled out the possibility of doing so, if hackers pose a risk to American lives or the U.S. economy.
"There is real risk to companies in admitting that they have lost valuable intellectual property, and that's not going to change. The C-suite is the focus—you've got to go after the board and the CEO," Lewis said, if there is going to be real change on cybersecurity.
On Wednesday, President Barack Obama meets with several CEOs to discuss the cyberthreats, and although the list of those in attendance has not been made public, CNBC has learned that at least one major CEO, JP Morgan's Jaime Dimon, will be present.
"There are two things they will focus on: The first is measures against China. They're going to hear from the president that the U.S. is going to be ratcheting up pressure on China," Lewis said, "The second thing is an effort to get the C-suite to focus on this. It's not the end of the world, it's not 'death by a thousand cuts,' but it's a big drain on the economy."
Since many services and customer information stores are on the cloud and away from localized servers, Lewis said security depends on the provider. "If you have a good cloud contract and it's a company that's paying attention to security, you'll be better off. If it is a company that doesn't pay attention to security or hasn't figured it out, you'll be in about the same position you are now."
"The cloud gives you a real business advantages but it's not really going to change the situation in the near term. Maybe down the road, cloud providers will make you more secure," he added.