The US is Fighting in the Cyber Trenches
Yes, the US is under cyberattacks - constantly Being a rich superpower comes with a price, as the US found out the hard way. Especially American healthcare and financial organizations remain popular targets since they are rich pickings for cybercrooks. Infrastructure is another favorite, as are municipalities that often have outdated cyber defenses. Looking back, 2017 was a peak year with 1.57B data breaches and close to 179M data records exposed (Source: Statistica). Although it’s only April now, 2018 has already witnessed some pretty scary data breaches.
- On January 3, 2018, the US Department of Homeland Security (DHS) announced that a former employee had made an unauthorized copy of a database containing the personal information of more than 240,000 current and former DHS employees.
- In March 2018, JokerStash, a hacking syndicate, announced that it will release information on more than 5 million credit and debit cards stolen from Lord and Taylor and Saks Fifth Avenue.
- According to the DHS and FBI, Russian government hackers targeted multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation, and manufacturing in March 2018.
- On March 22, the computer systems of the City of Atlanta were breached by a ransomware attack that crippled the city’s online systems. The hackers locked the data and would only unlock it once they received $51,000 in bitcoins.
- At the same time, Denver was hit by a ransomware attack pulling down important websites, including denvergov.org and pocketgov.org, and online services. Since the city was able to control the damage, no ransomware was paid.
- In March 2018, hackers tried to shut down the Baltimore 911 system. The threat was isolated successfully and no other servers or systems across the city’s network were affected.
- On March 25, Boeing was hit by a cyberattack. Few machines of the company were attacked, while the production equipment remained safe.
- At the end of March 2018, the FBI announced that 9 Iranian hackers (who worked together with the Islamic Revolutionary Guard Corps, the Iranian hacker network aka the Mabna Institute, and the Iranian government) attacked the computer systems of 144 American universities and stole 31.5 terabytes of valuable data, including scientific research, dissertations, and journals.
- Identifying critical assets Organizational networks have grown rapidly, spanning a variety of ecosystems, from virtualized data centers to multi-cloud environments. Combined with the growing number of endpoint devices attached to the network and IoT devices, keeping all of them secure has become a major headache. It’s hard to keep clear visibility of the security posture in this fast-shifting infrastructure. Using a BAS platform such as Cymulate’s, allows organizations to get insight into the overall security posture and get recommendations for mitigation to prioritize (e.g., boosting the security of critical assets first).
- Performing risk assessments To really get ahead of vulnerabilities, finding out in advance where security defenses need to be bolstered is essential. Risk assessments help to understand the weak spots of the existing system and environment. With a Breach and Attack Simulation (BAS) platform, organizations can focus on protecting and monitoring their complex networks. It allows them to zoom in on those risks that have the greatest impact by constantly aligning their security and business objectives.
- Boosting the security of the network architecture Network architectures and security frameworks have a tendency to grow in size and complexity, which in turn makes security solutions and controls less effective and more complex. As a result, the network will have blind spots and limited asset protection. To fully understand their strengths and weaknesses, organizations are advised to run assessments using a BAS platform.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe