Wednesday, January 28, 2015

2015 Marks a Critical Juncture for America's Cyber Security

By Jim McFarlin

2014 was a challenging year for America’s cyber security. Like falling dominos, a wave of corporate, government and military organizations succumbed to damaging, expensive and–in many cases–embarrassing breaches of their information networks.

2015 promises to be even more challenging. The Department of Homeland Security estimated a 215% increase in reported cyberattacks over the past three years, with similar acceleration projected into the foreseeable future.

Last year’s attacks offered many lessons, most notably these:

      It was repeatedly demonstrated that when cyber assailants come to call, the U.S. is vulnerable, unaware, and open to attack. 

      It was also apparent that the safety of personal financial and investment accounts is effectively in the hands of those with malicious intent, not the institutions that hold our assets.

The only positive claim any of those attacked could make was that the damage was contained--and eventually stopped. However, it’s important to keep in mind that these are the institutions that were unaware of their network intrusions for weeks or even months.

Further, in a reported 71% of cases, those being breached only became aware of the attacks once informed by an outside party or government agency.

The list of compromised businesses includes retailer Target, which somehow managed to miss or ignore alerts they were under cyberattack despite 24/7 outside monitoring and the installation of a brand new $1.6 million cybersecurity system just three months before the attacks. The assault swept across the land throughout the year, ravaging the likes of Neiman-Marcus, Michael’s Stores, PF Changs, Home Depot, JPMorgan, and many others.   

JPMorgan, considered the “gold standard” for cyber security in the financial services industry, boasts a staff of 3,000 cybersecurity professionals backed by an annual cybersecurity budget of $250 million. Even this was not enough to stop cyberattackers from hacking account information. In fact, the banking giant realized that up to 83 million accounts had been compromised only after an incidental tip from a third party.

The Sony Pictures attacks in November went beyond data theft, involving not only misappropriation of intellectual property (films), but also destruction of computer systems, extortion, and threats of 9/11-style violence. 

The confused, conflicting, and oft-reversed response from Sony and involved U.S. agencies clearly illustrate yet another lesson from 2014: the U.S. is woefully unprepared to respond to serious cyberattacks in a coherent, effective manner.

With such examples of successful attacks against major institutions, can the organizations that produce and distribute our electrical power be far behind?

The answer is that no such safety, perceived or otherwise, can be taken for granted. In a serious cyberattack against U.S. power generation or distribution facilities, power outages impacting large swaths of the country could continue for weeks, months or longer, rendering traditional preparedness actions ineffective, and in the end, only delaying the inevitable chaos, loss of life and lack of social order.


When considered against the deadly combination of escalating global instability, the growing black market availability of cyber weaponry, and the startling propensity for Islamic extremists to take their war to the home turf of Western democracies in Europe and beyond, cyber insecurity appears to describe America’s future for the coming year.


("Global Networking" Image by bluebay/FreeDigitalPhotos.net)

8 comments:

  1. Network security should include the most up to date data encryption, virtual private network, and firewall technology, as well as other common cyber threats.
    iDeals data room

    ReplyDelete
  2. Cyber security is top question in the online internet. Big companies are keeping their documents in open access for hackers, and it's very dangerous for them. So, always think about cyber protection, at least use this VDR systems that Sam is promoted.
    security-online

    ReplyDelete
  3. The problem of cyber crime gives rise to the need for cyber security training and aggressive controls to protect data. Anyone considering learning cyber foundations can learn the proper handling methods of sensitive corporate data. cyber security training in hyderabad

    ReplyDelete
  4. Thumbs up guys your doing a really good job. It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.
    Cyber Security Course in Bangalore

    ReplyDelete
  5. Very nice blog and articles. I am realy very happy to visit your blog. Now I am found which I actually want. I check your blog everyday and try to learn something from your blog. Thank you and waiting for your new post.
    Cyber Security Training in Bangalore

    ReplyDelete
  6. I will really appreciate the writer's choice for choosing this excellent article appropriate to my matter. Here is deep description about the article matter which helped me more.
    Best Institute for Cyber Security in Bangalore

    ReplyDelete