Study names countries most vulnerable to cyberattacks
In a new study, the U.S. ranks 10th among 44 countries most vulnerable to a cyberattack, and a former top Justice official said companies need to focus on resiliency.
The United States is ranked 10th in a pool of 44 countries most vulnerable to a cyberattack, according to a study by University of Maryland and Virginia Tech. But a former Justice Department official said U.S. companies need to be prepared to recover quickly from a significant attack.
Luke Dembosky, former deputy assistant attorney general for national security at Justice, has experience dealing with cyberattacks that come from foreign entities. His resume includes helping with the aftermath of the Sony hack by North Korea and the massive Office of Personnel Management hack, which is largely believed to have originated in China.
One of his concerns now is the impact a breach could have on other, less-discussed sectors -- such as the financial sector, which he said is "vital to society."
"Systems and businesses need to be thinking about how to bounce back," he told FCW. "They need to assume a significant attack will happen. They need to game it out, drill for it, prepare for it [with] the best possible defenses but not stop there. They need to have contingency plans, backups and a plan that ultimately allows them to bounce back to their feet."
V.S. Subrahmanian, a professor at the University of Maryland and co-author of the study, said the U.S. needs better threat intelligence. "We need to understand early on what kinds of attacks are coming down our pipe," he told FCW. "We spend a lot of time looking at attacks after they happen."
The study says that South Korea, India, Saudi Arabia, China, Malaysia and Russia face the greatest risk of cyberattack.
Last year, President Barack Obama and China’s President Xi Jinping met in Washington to discuss and attempt to resolve cybersecurity problems, and Jinping agreed to new cybersecurity frameworks that prohibit China from hacking into private U.S. companies for profit.
"Reaching a norm on that issue with China is really groundbreaking," Dembosky said. "I understand it remains to be seen how it's going to play out, but it's an excellent first step."
Subrahmanian said that when the U.S. is able to identify hackers, the government can take legal action, but "in many cases…we are left unable to do much [because the hackers] are protected by a foreign state."