Cyber protection is no longer optional. The future is now, and the war in Ukraine has escalated the threat of destructive ransomware attacks to an all-time high.
"You think about the effect of one piece of malware. Russia literally has not 10s or hundreds of 1000s of cyber tools that they could launch," said Sen. Mark Warner (D-VA).
The intelligence community says it's focused on four potential scenarios.
"We're very, very focused on ransomware actors that might conduct attacks against our allies or our nation. We're very, very focused on some type of cyber activity that's designed for perhaps Ukraine that spreads more broadly into other countries. Third, is any type of attack that an adversary would conduct on an ally. And finally, certainly our critical infrastructure," said NSA Director Gen. Paul Nakasone.
As the U.S. focuses on defense, private businesses and government agencies alike are on the offense, trying to hire nearly 600,000 people for cyber security.
"We've got a lot of gaps that have to be filled, and there are a lot of holes that can be explored by malicious actors in cyberspace," said Jason Blessing, a Jeane Kirkpatrick Visiting Research Fellow and cybersecurtity expert with the American Enterprise Institute.
Blessing told CBN News, when it comes to this critical area, public and private sectors share the responsibility of protecting national security. A breakdown on either end, could have dire consequences.
"In today's society, everything is connected, everything is interdependent, and therefore, everything is potentially vulnerable," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), recently told Congress.
CISA is tasked with key roles such as prevention and emergency response, yet, Easterly struggles to keep her agency fully staffed.
"We've done a careful analysis of all of the 20 plus steps that it takes to actually hire somebody into the federal government, which is way too onerous. We were able to reduce by 13 percent the number of days that it takes to hire somebody but it's still way too long, it's over 200," Easterly testified.
Another challenge: competing with private sector salaries.
"At the end of the day, people want to come to CISA to defend their nation, but given the competitive environment, we also want to be able to pay closer to market," said Easterly.
Still, experts say the biggest overall problem is that there aren't enough qualified people to fill all the open positions.
"In 2019 in the U.S., you had about a bit less than 50,000 people who...graduated from a master's in computer science. And basically, like, if you want to do cybersecurity, you need to have this kind of skills," said Kwame Yamgnane, the founder of Qwasar.
The numbers just don't add up: 50,000 people to fill nearly 600,000 jobs. So the tech industry is trying to help fill the void. Microsoft, for example, is providing free cybersecurity curriculum to all public community colleges.
"Basically, like 70 percent of all students in the U.S. are in community colleges...so community colleges have the very strong role to be able to provide enough training, enough learning to learners, to be able to fulfill the workforce," Yamgnane told CBN News.
He noticed another problem is finding experienced educators to teach these skills.
"If you live, like for example, in the Bay or Peninsula in California, and you are really good at doing computer science, you get to get a six figure job somewhere like at Facebook or Google... So why would you be a teacher in a community college?" Yamgnane questioned.
His company, Qwasar, provides courses for community college instructors, enabling them to teach what's needed to their students.
"Our job is to be able to provide to anybody sufficient enough of training to have at least all the basics required to be able to protect our free world," Yamgnane said.
The hard reality is that there's no immediate fix. In the meantime, however, the average American can be an important first-line of defense against a cyber attack.
"You want to make sure that your online presence is scrubbed well. So this means enabling multi-factor authentication, either through text message or temporary links for your banking or other online services. Using a password manager that utilizes local encryption so that you can just plug it into your browser and it will secure and help you have stronger passwords. And just be mindful of when and where and from whom you get messages," said Blessing.
According to Deloitte, 91 percent of cyber attacks start with a phishing email, a message designed to trick unsuspecting employees into divulging sensitive information.
So the bottom line is that protecting sensitive data is no longer the sole responsibility of highly trained cyber security professionals, it's a job that falls to all of us.