4 minute read
A R YLAND V I R GINIA
GREATER WASHINGTON’S CYBERSECURITY CORRIDOR _
The Greater Washington region is the hotbed center for cybersecurity. Home to the federal government, agencies, and a surging cyber-related private sector, it’s no wonder companies are flocking to the region for network security needs and access to the best minds in the country.
Advertisement
FBI Department of Justice
Secret Service
White House
George Washington University
Cybersecurity Policy & Research Institute
American University Kogod Cybersecurity Governance Center
Washington D.C.
Cyber Command
FORT MEADE
3rd largest military base in the US
CIA
Department of Defense
Department of Homeland Security
The MITRE Corp.
Vadata, Inc.
Computer Sciences Corp.
AT&T
Science Applications
International Corp.
Northrop Grumman Corp.
Kratos Defense & Security Solution
TASC, Inc.
General Dynamics Corp.
Raytheon Company
Ciena Corp.
ITT Exelis
KEYW Corp.
Unisys Corp.
The Aerospace Corp.
Lockheed Martin Corp.
EMPLOYS
56,000
BUILDING
600,000 sq. ft. data center
5 Million Gallons a day of cooling ability
3,000
Jobs available soon for Cyber Command Center
The Challenge
From ransomware to cyberespionage, the most common types of threats online.
As cybersecurity speeds its way to the top of boardroom agendas, companies are working to fortify their systems and networks against a potential cyberattack. But unlike securing a physical structure, attackers can sneak in at any moment, through any number of methods.
“It’s not about digging a deeper moat and building a bigger wall to keep people out,” says Sondra Barbour, executive vice president for information systems and global solutions at Lockheed Martin. “There will be an attack and they will get in somewhere.”
Indeed, the attackers do appear to be at—or already inside—corporate gates all over the world. Lloyd’s of London says cyberattacks on major companies have jumped 44 percent since 2013. Companies that collect and store a vast amount of credit card data—Home Depot, Target, and Staples among them—have been widely publicized victims of attacks. But they’re hardly alone.
The corporate networks of Sony Pictures Entertainment, Anthem, and Apple are some of the dozens who have acknowledged recent cyberattacks. Government agencies are just as vulnerable: the White House, the
IRS, the State Department were all attacked. The biggest attack of all, the Office of Personnel Management, exposed records of nearly 14 million current and former government workers.
And there’s no end in sight to the ongoing battles. Gov. Tom Ridge, the former secretary of Homeland Security, says he believes digital attacks against companies and organizations of all kinds will now be “a permanent condition of the global, economic community.”
Shawn Bray, director at INTERPOL, agrees. “You can’t govern and regulate as fast as technology changes.”
Common Threats
Security experts say that when it comes to threats against companies, the digital world is not much different from the physical world. Just like there are disgruntled employees who might make off with or damage company property, the same people might act similarly in the virtual world by attempting to expose or destroy sensitive data in a company’s network. In other cases, criminals who try to steal cash or goods from companies in the physical world may siphon funds digitally as cybercriminals.
“The difference,” says Marcus Sachs, the former vice president of national security policy at Verizon and current chief security officer for the North American Electric Reliability Corporation, “is that in the physical world, you can see and touch these people and build physical barriers against them. In the cyberworld, the threats could be coming from halfway across the world, and the perpetrators are virtually invisible.”
Not only that, others point out, these hackers aren’t necessarily working on a specified time frame. “An attacker views your network with a particular goal in mind,” says Matthew Devost, president and CEO of FusionX. Even if a company is able to uncover and thwart one hack, the attackers will remain in the system until they’ve achieved their goals.
Still, even virtually invisible attackers have some common patterns. Here are some of the most frequently employed kind of attacks.
Ransomware A malware that cuts off access to data on infected machines. Cyberattackers then demand payments in exchange for releasing the data. Ransomware has also been used to hold cloud data hostage. In one recent case, the online data of a small-town police department in New England was held for ransom. And cybersecurity firm FireEye has projected that ransomware will infect data accessed by mobile devices with increasing frequency in the coming months.
Cyberespionage A particularly hardto-track form of attack where hackers —possibly from foreign governments or from competitors—gain access to a corporate network. From there they can monitor conversations, view business strategies, steal research and development materials or other intellectual property.
Cybertheft _ Theft of data, including personal information, passwords, and credit card information. Dozens of high-profile cases of this kind have been reported in 2015 alone, affecting healthcare providers and retailers especially.
Denial of Service _ Hacking attacks intended to shut down a company’s internal data networks or those it uses to sell to or communicate with its customers. Tech companies are frequent targets of denial of service attacks. And the FBI says more than 100 banks were also threatened with massive denial of service attacks in 2015. Bring Your Own Device _ When companies open their networks to employees’ personal digital devices—laptops, mobile phones, et cetera—hackers can gain entry to those networks by infecting the employees’ devices. Internet of Things _ As companies connect more “smart” products—everything from coffee makers to cars—to the Internet, hackers are finding ways to disrupt those products’ operation.
CYBERATTACKS OF 2015 _ Anthem
Internal Attacks Exposure of proprietary data or system disruptions by current employees.
Third-party Attacks Both Home Depot and Apple experienced breaches of their systems when the networks of their suppliers, who had access to the larger partners’ networks, were compromised. Security experts believe this form of attack against smaller firms will continue to increase as large companies become more resilient to attacks within their own networks.
Talking Security
Gov. Tom Ridge discusses with Board Agenda: Cyber attendees about the importance of cybersecurity involvement at the board room level.
The Challenge
Cybersecurity is no longer just an IT problem, but the entire company’s—from the board of directors to the interns.
