Dear Fellow Marylanders,

Hopefully, you’ve heard the warnings: don’t open attachments or click on links from sources you don’t know. Read emails carefully – are they really from who you think they are? Use strong passwords and enable multi-factor authentication for an extra layer of protection. If some online offer seems too good to be true, it probably is. All these are meant to protect you from the vast network of bad actors who want to steal your online identity, steal money from your accounts, or worse.

My message this week is to urge you to pay attention and be safe online. I write this not only because October is Cybersecurity Awareness Month, but because I would like to save you the cost and frustration of being a cyber-victim.

If you had an account hacked or a computer compromised, you are not alone. According to one industry leader, Norton, “more than half of all consumers have experienced a cybercrime, with around one in three falling victim in the past year alone.” In 2020, some of the most recent data available, the FBI estimated that Americans lost over $4.2 billion to cybercrimes.

More than 75 percent of cyberattacks start with emails. And the number of fake emails, spam and phishing attempts are on the rise.

Phishing isn’t a misspelled version of dropping a line from your friends boat in the Chesapeake Bay. Phishing, is when someone tries to lure YOU into doing something online that opens up your computer or phone, and all your data, to them. Systems around the world are loaded with cybersecurity defenses, but they do little if the weak links – humans – unknowingly open the door for cyber thieves. 

For the federal government, cybersecurity is multi-layered. Every department, agency or contractor is tasked with keeping personal and business data secure, as well as national security information, and everything in between. Keeping us all safe takes a dynamic partnership between federal, state and local partners, as well as the private sector, business community and academia. The government can provide guidance and resources, but it is the private sector – not the government – that actually operates the vast majority of our nation’s critical infrastructure.

Marylanders have a bit of a home-court advantage over other states. The National Institutes of Standards and Technology (NIST), headquartered in Gaithersburg, develops cybersecurity standards and best practices to meet the needs of industry, government and the public. The National Security Agency based at Fort Meade serves as both a codebreaker against our nation’s adversaries and a codemaker to protect U.S. Government communications. U.S. Cyber Command, also located at Fort Meade, helps to support our combatant commanders around the world and protect U.S. Department of Defense facilities against cyber-attacks. We also host a growing number of cybersecurity contractors, and educational institutions that are expanding their cybersecurity research and training with students spanning from elementary to graduate school.

If you get the sense that this is a large and complex challenge, you would be correct. It’s estimated that there is a cyberattack in this country every 39 seconds – more than 2,200 per day.

Because so much is at risk, last year, as part of the Infrastructure Investment and Jobs Act, Congress authorized nearly $2 billion in cybersecurity funding and IT network modernization. The major focus was on transportation, energy, water utilities and grants to state and local governments. Our legislation also set aside funding for the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) to help prevent cyberattacks and support organizations, including private companies, that fall victim to attacks.

Just last month, DHS announced a new cybersecurity grant program for state and local governments, who face challenges such as ransomware, but may lack the resources to properly defend against such attacks. Most recently, local jurisdictions, including Baltimore City, Leonardtown and North Beach have had to endure such attacks, along with the Maryland Department of Health (MDH). These new grants will provide federal funding to address cybersecurity risks and cybersecurity threats to information systems. The Biden administration has taken a number of other important steps to enhance our cyber defenses and strengthen our nation’s cybersecurity.

If you are among the 41 percent of people who “don’t think their accounts are vulnerable enough to be worth a hacker’s time,” think again. You could be the target of someone wanting to steal money from you, or your system could become an unwitting bot in a larger scheme to spread malware or steal intellectual property.

Ninety-two percent of Americans use the internet. That’s more than 307 million individuals. While we work to expand broadband access, reliability and speed for rural households and businesses, as well as low-income families and seniors, the threats to our online safety grow, as well.

So take precautions every day and not only during Cybersecurity Awareness Month. Change your passwords regularly and enable automatic security updates. Be cautious with new and trendy apps on your phone. And please, think before you click.  

Thank you for your time. Please feel free to reply to this email with your thoughts on this and any other topic. Or use my website to share your opinion.  

Sincerely,

     Ben Cardin