Fed President Powell made it official – cyberattacks are the second greatest threat to our economy, behind only the pandemic. This week’s news shows why, with attacks reported across device and organization types.
Jerome Powell, president of the Federal Reserve, appeared on CBS’s 60 minutes this week and had mostly positive things to say about prospects for economic growth in the coming months. Despite the optimism, he highlighted two risks – an unexpected surge in pandemic cases, and a major cyberattack. The latter was cited as the most likely cause of a new 2008-style financial crash, especially if one or more major financial institutions lost the ability to track payments.
“We spend so much time and energy and money guarding against these things. There are cyber attacks every day on all major institutions now,” said Powell. “And the government is working hard on that. So are all the private sector companies. There’s a lot of effort going in to deal with those threats. That’s a big part of the threat picture in today’s world.”
When firewall company Accellion released a string of security-related patches for its nearly retired (and nearly two decades old) file transfer appliance in December 2020, there was bound to be bad news incoming. Four months later, the news keeps coming.
The list of organizations who have had their data stolen is large, and it is full of big targets. Among the US-based recipients of ransom demands: the State of Washington, the University of California System, Kroger, the energy company Shell, law firm Jones Day, and Trinity Health (which owns 93 hospitals).
Because the system was designed to securely transfer sensitive information, the data stolen was highly sensitive. In the case of Trinity Health, it was the personal and health data of more than 586,000 patients. There’s no word yet on what data was stolen from law firm Jones Day, which serves more than half of all Fortune 500 companies.
Proving that nobody is immune from attack these days, CNA Financial was hit with a “sophisticated cybersecurity attack” on March 21, 2021. The company is one of the top 10 cyberinsurance providers in the United States, and one of the top 15 casualty and property insurers as well.
They don’t yet know if the attackers stole any data, but there’s an investigation ongoing including forensic consultants and law enforcement officials.