For nearly two decades, government analysts have warned of a “cyber 9/11” or a “cyber Pearl Harbor” following the Sept. 11, 2001 terrorist attack, whose 20th anniversary is tomorrow. Those warnings – focused on the dangers of a catastrophic cyberattack with 9/11-level consequences – started as early as 2003 and peaked early in the Obama administration when cyberspace was beginning to …
When the WannaCry ransomware attack was launched in May, it shocked businesspeople around the world. But security experts will tell you that it was just part of a larger, ongoing trend in which cyberattacks are constantly evolving—and becoming more sophisticated.
Dealing with cybersecurity challenges is an unending battle. But CEOs can take steps to help ensure that their organizations are ready—and a good starting point is a comprehensive view of the issue. Cybersecurity needs to encompass people, processes and technologies, says T. Casey Fleming, CEO of the BLACKOPS Partners security firm in Washington, D.C., and it needs to receive top management’s attention. “This needs to be led and driven by the CEO and board,” he says.
For nearly a decade, Cisco has published comprehensive cybersecurity reports that are designed to keep security teams and the businesses they support apprised of cyber threats and vulnerabilities—and informed about steps they can take to improve security and cyber-resiliency. In these reports, we strive to alert defenders to the increasing sophistication of threats and the techniques that adversaries use to compromise users, steal information, and create disruption.
With this latest report, however, we find we must raise our warning flag even higher. Our security experts are becoming increasingly concerned about the accelerating pace of change—and yes, sophistication—in the global cyber threat landscape.
Since May, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries.
Among the companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan., according to security consultants and an urgent joint report issued by the Department of Homeland Security and the Federal Bureau of Investigation last week.
Two cyber security companies said they have uncovered a sophisticated piece of malicious software capable of causing power outages by ordering industrial computers to shut down electricity transmission.
Analysis of the malware, known as Crash Override or Industroyer, indicates it was likely used in a December 2016 cyber attack that cut power in Ukraine, according to the firms, Slovakian security software maker ESET and U.S. critical-infrastructure security firm Dragos.
The discovery may stoke fears about cyber vulnerabilities in power grids that have intensified in the wake of the December Ukraine attack, and one a year earlier that also cut power in that nation.
Internet of Things (IoT) devices are revolutionizing the way we share data and carry a huge charter to improve our banking, shopping, transportation, patient, and individual care and safety, to name a just a few. The mission is admirable, but with thousands of devices flooding the market, the lack of standards and multitude of security deficiencies are creating an on-ramp to corporate, government, and private networks that is wide open to cyberattacks.