Is it time to ring cyber alarm bells — even louder?
Many CSO, CTOs, military leaders, and even some global company CEOs, are now saying yes.
Late last year, the security industry’s top experts from global cybersecurity company leadership predicted even worse cybersecurity outcomes for 2021compared to what we saw in 2020.
And in December, we learned about how SolarWinds’ Orion vulnerability was compromised, causing one of the worst data breaches in history that is still evolving for about 18,000 organizations.
Earlier this month, Microsoft said there were vulnerabilities in its Exchange Server mail and calendar software for corporate and government data centers. The vulnerabilities go back 10 years and have been exploited by Chinese hackers at least since January, according to CNBC and others who see more serious attacks coming from criminals based on these issues.
Taking a Step Back
What we now know (as of mid-March 2021) is that the security incidents just keep coming at us faster and with more serious consequences. From a continued explosion in ransomware attacks to a record number of data breaches to pledges for much more cybersecurity support in the U.S. and abroad, global headlines proclaim that these criminals must be stopped.
In the past few weeks, we have also seen unprecedented statements from Kevin Mandia, the CEO of FireEye, on several topics. Here are two examples:
“The next conflict where the gloves come off in cyber, the American citizen will be dragged into it, whether they want to be or not. Period.”
- “Apps won’t work. Appliances may not work. People don’t even know all the things they depend on. All of a sudden, the supply chain starts getting disrupted because computers don’t work….”
- “The problem is nobody knows what the rules are. There’s no written document on what the rules are,” he said.
- “And I don’t know if you will get people to agree to rules on espionage because of the asymmetry where most countries can’t beat us with tanks, can’t beat us with airplanes. But in cyber, maybe that’s where they can make investments and beat us.”
“Cyber sleuths have already blamed China for a hack that exposed tens of thousands of servers running Microsoft’s Exchange email program to potential hacks. The CEO of a prominent cybersecurity firm says it now seems clear China also unleashed an indiscriminate, automated second wave of hacking that opened the way for ransomware and other cyberattacks.
The second wave, which began Feb. 26, is highly uncharacteristic of Beijing’s elite cyber spies and far exceeds the norms of espionage, said Kevin Mandia of FireEye. In its massive scale it diverges radically from the highly targeted nature of the original hack, which was detected in January.” Read Full Article >