The White House Council of Economic Advisors has released a report on cyber attacks and says in 2016 they cost — depending on where you get your statistics — the United States between $57 billion and $109 billion.
Like we already didn’t know that?
The report looks at the many different forms of attacks which is why the large gap between the lowest cost figure and the highest. Forms of attack range from denial of service to data breaches to the theft of intellectual property to sensitive financial and strategic information.
The attacks are not just business. Power grids, communication systems, dams, food production and highways are also targets. Attacking these systems has an economic spillover, “If a firm owns a critical infrastructure asset, an attack against this firm could cause major disruption throughout the economy,” the report said.
The report says the worst hits are in energy and financial companies and those attacks are very dangerous to the economy. “These sectors are internally interconnected and interdependent with other sectors as well as robustly connected to the internet, and are thus at a high risk for a devastating cyberattack that would ripple through the entire economy,” the report added.
It also said the most malicious of the nation-states doing the attacking are Russia, China, Iran and North Korea in that order
Then there’s the U.S. government. The 2018 Thales Data Threat Report, Federal Edition has the highest volume of hacks of all governments worldwide.
• 57% of federal agencies had a data breach last year
• That’s up from 34% from in 2016-2017
• It was 18% in 2015-2016
• Worldwide that figure is 26%
• 68% of federal agencies say they are very or extremely vulnerable
President Trump wants to modernize the nation’s IT system via Executive Order 13800. He wants a full-scale review in a hurry.
The president wants 4,000 IT projects fixed in mission delivery, administrative services, support systems, IT infrastructure, security and IT management. Thales report notes that cuts are likely coming to IT budgets this year and the budget fell in 2017 by $6.2 billion.
And funds — says the 2018 budget — to just maintain what we have now grew from 68% in 2015 to 70.3% now. A huge percentage of the budget is being used just to maintain current and often antiquated, insecure systems.
Critics also say Trump hasn’t given anyone doable requirements to update the nation’s cybersecurity or to upgrade the federal system.
Thales said that a huge concern, “Aging legacy systems may pose efficiency and mission risk issues, such as ever-rising costs to maintain and an inability to meet current or expected mission requirements. Legacy systems may also operate with known security vulnerabilities that are either technically difficult or prohibitively expensive to address and thus may hinder agencies' ability to comply with critical statutory and policy cybersecurity requirements,” the report said.
In other words, nothing these days can be trusted. Government, energy, finances, name it and it can — and will be — hacked.
Menlo Security did some research recently to point out the seriousness of the problem. The State of the Web 2017 report found visits to 42% of the nation’s top 100,000 websites are very risky. Here’s why:
• The homepage or an associated background site is running software that is vulnerable
• The site is known to distribute malware or launch attacks
• The site has suffered a security breach in the last 12 months
Menlo says websites often rely on an average of 25 other sites to produce content. The content ranges from displaying video to show an advertiser’s ad. Anti-virus programs check out the website but fail to go to the background sites.
What Menlo didn’t do is list the sites it determines are the most problematic. It did — however — categorize them by content.
• 49% of news and media sites meet at least one of three criteria for riskiness
• 45% of blogs and entertainment and arts sites meet one of the three criteria
• 40% of personal sites and blogs meet at least one of them as well
You can pretty much guess that adult and pornography sites are risky but you wouldn’t think that of a business and economy site. Menlo says another problem — as noted with the federal government — many sites continue to rely on aging software technology.
• 32,000 in the study still use Microsoft IIS 7.5 a version released with Windows 7 and Windows Server 2008 R2
• Business and the economy led the most dangerous with 51,045 of them relying on vulnerable software
• 9,452 educational websites are considered vulnerable as well
And we’re all aware of the dangers of email. A Proofpoint study titled the Email Fraud Threat Report, said of the 160 billion emails delivered to 2,400 global companies in 2017, a whopping 88.8% of those businesses were targets of at least one phishing attack delivered via email.
• Almost half of those companies have more than five spoof email addresses
• They are used to impersonate individuals within an organization
Source links: The Journal, Insurance Business America, ZDNet, Media Post