[ad_1]
Susan Gordon, former senior deputy director of national intelligence, told CNBC that the massive cyber attack targeting federal agencies “will take years to overcome,” as senior intelligence officials report there is no doubt the Russians were in it. the authors and that they were still there.
“Information is the power and the target, and attackers are going to pursue it,” Gordon said. “It’s a big deal. It’s bad for national security, it’s bad for the discipline of cybersecurity, the professionals and the craft.”
Major agencies, including the departments of Homeland Security, Treasury, Commerce and the National Nuclear Security Administration, have been the target of the months-long security breach. The reach of Russian hacking is widening, and authorities claim that attackers entered the systems through a third-party vendor, an IT company called SolarWinds. The Department of Homeland Security’s cybersecurity division has warned governments and “critical infrastructure entities” across the country of the “serious risks” that hacking poses.
Mark Douglas, founder and CEO of adtech Steelhouse and former VP of technology at eHarmony, explained how the breach happened at SolarWinds.
“When a business or agency upgrades their software, ironically for security patches and other changes, they introduce a vulnerability because the change carries risk.” Douglas said “The News with Shepard Smith.” “In this case, this update contained malware that compromised government and commercial systems, and this malware was implanted by hackers in the updates.”
James Carder, head of security at LogRhythm, added that third-party vendors are “handy fruits” for the country’s adversaries to attack and take control of their primary targets, government agencies.
“With the increase in attacks against third-party vendors, small technology companies with large-scale use and access to a whole customer base including government and commercial companies, which do not practice the best cybersecurity, are at just as much risk. than they, ”Carder said.
DHS warned that the security breach involved multiple tactics and warned, “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still under investigation. investigation.”
Gordon told host Shepard Smith that more resources should be spent on strengthening cybersecurity in organizations because no matter how people choose to communicate, they will be vulnerable. She added that leadership is part of combating and managing these types of attacks.
“We need the president to be able to deal with the attack on the nation,” Gordon said.
President Donald Trump has yet to speak publicly about the attack. President-elect Joe Biden released a statement Thursday saying he will work to punish those responsible for the attack and make cybersecurity “imperative.”
“I want to be clear: my administration will make cybersecurity a top priority at all levels of government – and we will make tackling this breach a top priority as soon as we take office,” Biden said.
Douglas stressed the importance of the role of government in cybersecurity.
“We can clearly do more to prevent piracy, which is almost always the initial vulnerability. Ensuring that every software vendor used by government is protected from piracy should be a renewed priority.”
[ad_2]
Source link