Although it sounds like the set-up for a joke, I ask the question in all seriousness. The answer, in case you missed it over Memorial Day weekend, is that one of the world’s largest defense contractors known for its missiles, jets and other major weapons systems, and a broadcaster known for its children’s shows, news programs and documentaries both were the subject of recent cyber attacks.
Lockheed Martin announced last week that it had detected a “significant and tenacious” attack on its information systems network. The company’s information security team quickly detected the attack, and took subsequent steps to protect the network and increase IT security. The result, according to the company’s statement, is that its systems remain secure; no customer, program or employee personal data has been compromised.
A recent Associated Press story also notes that the attack demonstrates that some hackers, including many working for foreign governments, set their sights on information that has the potential to be far more devastating than accessing credit cards. Analysts said the latest attack would likely spur rival defense contractors such as Northrop Grumman, Raytheon, General Dynamics and Boeing to take additional steps to safeguard their systems.
“I guarantee you every major defense contractor is on double alert….watching what’s going on and making sure they’re not the next to fall victim,” said Josh Shaul, chief technology officer at database security software supplier Application Security, in the AP story.
The Wall Street Journal also reports that over the weekend, the website for the PBS show “NewsHour” was altered by hackers to include a fake article. The hackers also posted login information that stations and other entities use to access PBS sites.
What The Journal article interestingly points out is the connection between the two attacks. That is, in the past, hackers generally had targeted companies that stored financial data or had classified government information. Today, however, they have expanded their sights to include corporate secrets or information that can lead to valuable data in the future. The end result, says Alex Stamos, chief technology officer at security firm iSEC Partners in the article, is that almost every company is now a target.
Perhaps more troubling, is that so-called hactivists—who seek revenge on companies for perceived slights—also have moved from simply knocking websites off-line, to stealing data. And as Stamos says in the article, there are enough people out there who aren’t worried about the consequences that they are willing to wage a sustained campaign against a global company.
There are two points that really stand out in these events for me. The first, of course, is that IT security may well have become a larger threat than many companies believe it to be—especially given the nature of some of the recent attacks.
The second point, is to wonder if these types of attacks are seen as supply chain disruptions. What are the ramifications for your company if it was the subject of one of these cyber attacks? Conversely, what if one of your key suppliers was the victim of a cyber attack? What type of impact would that have on your business and the supply chain? Do you have a contingency plan in place to cover the possibility?