BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Will The US Experience A Massive Cyber-attack Soon?

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 27 Jul 2015 17:59:21 -0600
http://techaeris.com/2015/07/26/will-the-us-experience-a-massive-cyber-attack-soon/

er the past year the cases of major cybersecurity breaches have seemed to
increase and it does not seem to be slowing down. Companies like Target,
British Airways. Lenovo, Sony, the Internal Revenue Service, the US Postal
Service, the US Government and now Ashley Madison have all felt the sting
of hackers. The hits keep on coming but is this just the tip of the
iceberg? Will the US experience an even larger cyber-attack soon? Thomas
Lee of The Guardian seems too think exactly that and I completely agree
with his assessment.

Technology moves at a rapid pace and that is a good thing for us the
consumer. We walk around with more computing power in our pockets than we
had in our desktops just ten years ago. While the country enjoys its yearly
upgrade to the latest smartphone many companies and government agencies are
still using old technology to sell you new technology. The US Navy is still
using Windows XP to operate their ships out at sea as well as other
critical systems.

Why? Likely these companies and government agencies are running software
that is dependent on older operating systems and the amount of time and
money to upgrade that software is massive. Companies are in the business of
making money and sinking billions of dollars to basically upgrade
infrastructure that isn’t to their liking. As far as the government
agencies, the amount of tax dollars needed to upgrade would be equally high
and it would take convincing Congress to invest dollars into such a project.

But is continuing to run antiquated software worth the cybersecurity risk?
In my opinion, no. At some point sooner than later you have to bite the
bullet and upgrade those systems and software. The long term damage far
outweighs the short term cost. As Lee points out in his piece, companies
like Target are sinking in millions of dollars into new technology that
they expect to sell to the consumer (smart home tech) but they are doing
little to invest in making sure to secure their systems from another
potential cyber-attack. Perhaps it is time for consumer based technology to
give way to a national push to increase cybersecurity in both the private
and public sectors. A cyber-attack against a company or the US Government
does not just affect those entities but it affects the entire country and
on a larger scale the world.

By 2020 the US will be hit with an earthquake of a cyber-attack that will
cripple banks, stock exchanges, power plants and communications, an
executive from Hewlett-Packard predicted. Companies are nowhere near
prepared for it. Neither are the Feds. And yet, instead of mobilising a
national defence, we want a toaster that communicates with the washing
machine over the internet.

We’re blinded by all the shiny things that we can’t see the forest for the
trees and companies are blinded by the money we throw at those shiny things
that they are ignoring it too. The hackers are out there and they are not
stupid, they are working tirelessly to make their way in and around massive
computer systems that house billions of personal details and financial
data. It is just a matter of time that a group of them will launch
something bigger than we have ever seen and we are just not ready for that.
As Lee writes in The Gauardian, “But don’t count on companies or the Feds
to prevent the Big One. Because they are just as lost as we are.”

A whopping 57% of chief executives have not been trained on what to do
after a data breach, according to a report by HP. And more than 70% of
executives think their companies only partially understand the risks.
Buying antivirus software is one thing; deploying an effective strategy is
quite another. However, companies don’t even want to admit they were hacked
in the first place.

Both private sector business and the United States government need to sit
down and take this situation more seriously, otherwise, we could have a
fallout that could bring financial ruin to many.

What do you think about cybersecurity in the United States? Are companies
prepared for a larger scale cyber-attack? Is the United States Government
prepared for such an event? Let us know in the comments below or on
Google+, Facebook and Twitter. And be sure to read Thomas Lee’s article
over at The Guardian.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: