Cybersecurity

Study names countries most vulnerable to cyberattacks

Shutterstock image: cyber defense.

The United States is ranked 10th in a pool of 44 countries most vulnerable to a cyberattack, according to a study by University of Maryland and Virginia Tech. But a former Justice Department official said U.S. companies need to be prepared to recover quickly from a significant attack.

Luke Dembosky, former deputy assistant attorney general for national security at Justice, has experience dealing with cyberattacks that come from foreign entities. His resume includes helping with the aftermath of the Sony hack by North Korea and the massive Office of Personnel Management hack, which is largely believed to have originated in China.

One of his concerns now is the impact a breach could have on other, less-discussed sectors -- such as the financial sector, which he said is "vital to society."

"Systems and businesses need to be thinking about how to bounce back," he told FCW. "They need to assume a significant attack will happen. They need to game it out, drill for it, prepare for it [with] the best possible defenses but not stop there. They need to have contingency plans, backups and a plan that ultimately allows them to bounce back to their feet."

V.S. Subrahmanian, a professor at the University of Maryland and co-author of the study, said the U.S. needs better threat intelligence. "We need to understand early on what kinds of attacks are coming down our pipe," he told FCW. "We spend a lot of time looking at attacks after they happen."

The study says that South Korea, India, Saudi Arabia, China, Malaysia and Russia face the greatest risk of cyberattack.

Last year, President Barack Obama and China’s President Xi Jinping met in Washington to discuss and attempt to resolve cybersecurity problems, and Jinping agreed to new cybersecurity frameworks that prohibit China from hacking into private U.S. companies for profit.

"Reaching a norm on that issue with China is really groundbreaking," Dembosky said. "I understand it remains to be seen how it's going to play out, but it's an excellent first step."

Subrahmanian said that when the U.S. is able to identify hackers, the government can take legal action, but "in many cases…we are left unable to do much [because the hackers] are protected by a foreign state."

About the Author

Aisha Chowdhry is a former staff writer for FCW.


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected