Key Takeaways from Major Cyberattacks of 2017
From Cloudbleed, to Petya, to WannaCry - each major cybersecurity attack of 2017 has exposed new vulnerabilities in corporations and governments with one…
August 21, 2017 at 08:17 PM
4 minute read
The original version of this story was published on Law.com
From Cloudbleed, to Petya, to WannaCry – each major cybersecurity attack of 2017 has exposed new vulnerabilities in corporations and governments with one scary fact: everyone's data is potentially at risk.
With the digital storage of personal data growing as the norm across every industry, data security officers and CIOs are facing the harsh reality that cyberattacks are no longer rare events, but instead are an inevitability. To get ahead, data security personnel must abandon the view that a major cyberattack is rare, and adopt a stance of readiness that assumes an attack is imminent – it is no longer a question of if, but when.
Kurt Long, CEO of FairWarning, sat down with Inside Counsel to discuss the major trends they represent, and how data security officers can best prepare to counter them in the coming months and years. Long has more than a decade of experience helping companies protect their assets by cultivating a human right to privacy in their workforces through a focus on technological and people-based security solutions.
Organized “Crime as a Service” organizations have grown in maturity as of late. Cyber criminals have morphed into businesses with capabilities to organize and build large attacks. The Wannacry attacks were an example where compromised systems allowed criminals to run attacks off of compromised servers, according to Long.
“We've seen the full gamut of attacks this year from ransomware attacks such as Petya and WannaCry to fake news, information leaks, denial-of-service attacks, and large scale malware attacks,” he explained. 'These attacks have something in common, and that is the fact that the cybercriminals are outworking our governments and corporations. Cyber criminals are now exploiting the outdated systems and infrastructure which government and organizations have been slow to update.”
In fact, the NHS was a sitting duck for cybercriminals due to their outdated infrastructure; their operating systems were so out of date there were barely patches available for their systems. So, there's a complete mismatch with cybercriminals evolving at a rapid pace and government and organizations moving at a slow pace to keep up.
In today's world, our data is so far flung that we are unable to know what corporations or government organizations have it. Therefore, we are unable to tell how well the organizations that have our data protect it, per Long. There is a big variation in priority of security and privacy for different businesses. For instance, if Amazon prioritizes data security very highly, but there's a third-party organization that doesn't take data security seriously, your data is at risk.
“Governments need to step in and mandate citizen data and hold organizations accountable to protect citizen data,” he said. “Governments need to hold themselves to this same standard, and implement fines to organizations accordingly. Legislation such as the General Data Protection Regulation is groundbreaking from a legal perspective. If it is enforced properly, it stands to be a game changer, globally.”
The attacks are inevitable because the attackers are well organized and thus able to scale their operations. They can empower more attacks through automating systems and obtaining tools that help them carry out their attacks. They think like business people now; they scale, probe, use sophisticated technologies and invest to reach more businesses and vulnerabilities faster than ever before.
So. how can data security personnel become proactive? According to Long, they need to come to work and proactively prove every day that their applications and networks are secure and not broken into, instead of waiting for a breach to then react. Their job is to discover and contain a security incident and prevent it from becoming a full-scale breach.
Unfortunately, Long predicts that the scale of the damages are going to continue to go up.
“Cybercrime will begin to attack the very fabric of our democracy, and fake news can now be produced that is indistinguishable from official video of a world leader such as Barack Obama or President Trump,” he said. “This threatens the trust of our large institutions and is an exploitable tool for our adversaries to use against us.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllFatal Shooting of CEO Sets Off Scramble to Reassess Executive Security
5 minute readBen & Jerry’s Accuses Corporate Parent of ‘Silencing’ Support for Palestinian Rights
3 minute readShareholder Activists Poised to Pounce in 2025. Is Your Board Ready?
Regulatory Upheaval Is Coming. How Businesses Prepare and Respond Will Separate Winners and Losers
Trending Stories
- 1Revisiting the Boundaries Between Proper and Improper Argument: 10 Years Later
- 2Hochul Vetoes 'Grieving Families' Bill, Faulting a Lack of Changes to Suit Her Concerns
- 3Life, Liberty, and the Pursuit of Customers: Developments on ‘Conquesting’ from the Ninth Circuit
- 4Biden commutes sentences for 37 of 40 federal death row inmates, including two convicted of California murders
- 5Avoiding Franchisor Failures: Be Cautious and Do Your Research
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250