Joseph Carson, Chief Security Scientist at Thycotic:
Cyber-attacks are increasing and have become a global concern as many systems and devices that run critical infrastructure and decision making are now connected through the worldwide web commonly known as IoT. This means that devices like web cameras and critical systems such as power stations are all connected.
Public and private companies have become more vulnerable to cyber-attacks as established IT security controls are now failing to protect the current systems. Many companies are not moving quickly enough to new technologies, often because of cost and time constraints. As a result, cyber-attacks have been deemed one of the greatest threat and concern to eight global economies – the USA, Germany, Estonia, Japan, Holland, Switzerland, Singapore and Malaysia.
This means that it is highly important that cyber-attacks become an urgent boardroom debate; they are no longer an IT problem, but a whole company problem and everyone is now responsible for cybersecurity. Cyber risks put the regulatory frameworks under pressure as they to adapt to these new high frequency and high risk economic threats.
Well, Ransomware of course was going to be a big topic but who would have foreseen the impact of both WannaCry and NotPetya. The impact was huge causing many disruptions around the world and highlighted the importance of patching systems with security updates. Was the lesson learned well NO, shortly after WannaCry we got introduced to NotPetya in late June, this time escalating out of Ukraine and quickly cascading around the world impacting system after system and causing havoc with energy companies, transportation, medical, power grid, bus stations, airports and banks.
The financial gain from both variants of Ransomware was quite low with approximately combined total of $150k compared to older variants like Zeus that claimed more than $100 million. However, the destruction caused by both WannaCry and NotPetya left many companies with a major financial impact running into hundreds of millions of dollars and the overall global impact will likely run into billions.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.