The recent wave of ransomware attacks against the U.S. serves as a sobering reminder that no industry is off-limits and no protection is bulletproof.
"There are two types of companies out there, those that know that they've been hacked and those that don't yet know that they've all been hacked," said a security industry expert, Dmitri Alperovitch.
Recent targets include a global meat producer, a key gas pipeline, hospitals, and dozens of government agencies.
"We're not talking about people with a conscience. We're talking about criminals who want to make money illegally or who want to do harm independent of a profit motive," said U.S. Secretary of Homeland Security, Alejandro Mayorkas, during a recent interview.
In a ransomware attack, hackers gain access to a computer system and disrupt or completely lock out users until a ransom is paid. Historically, private companies pay the money quickly and quietly. For other victims, that's not always an option.
"Cities and government, I really don't think that we're in a position to negotiate with a ransomer or pay ransoms, that is just not something that we are really able to do, nor could we afford," Kimberly LaGrue, the chief information officer for the city of New Orleans, told CBN News.
In early 2020, LaGrue led a complete infrastructure rebuild after a hacker attacked and the city refused to pay.
"We built those things back stronger. It did not mean that our systems in whole were destroyed. It just meant that if we were really going to address this and tackle this problem of cybersecurity and safety that we were going to just start with a very fresh and clean environment," LaGrue explained.
As with many attacks, the hackers likely gained access through either outdated infrastructure, or a user not taking appropriate precautions.
"Those legacy systems had their own holes and we were constantly patching them and constantly modernizing other areas...and to have four, over four-thousand employees, we have every one of them as a point of vulnerability into our networks," said LaGrue.
The attack on New Orleans had the capability to completely interrupt or halt government operations. Fortunately, response teams had planned for that type of disaster.
"You have to know where your vulnerabilities are, you have to have a consistent plan, a continuous plan to update and modernize those things, and that's what we were doing and we had been doing for years. Every year we were devoting another part of our budget to infrastructure improvements," said LaGrue.
Those plans allowed her team to move quickly, with money from its cyber insurance policy, to further update and secure systems.
Still, LaGrue says the city must remain vigilant.
"I can't say that we won't be subject to some type of ransom attack again. That is just not feasible. It is really not realistic that those things won't try to happen or people won't try to compromise your systems again," LaGrue explained.
"Unlike traditional warfare, by land, by sea, we are used to thinking that the federal government is the primary defender...in this instance, the first line of defense is the individual or the company, and the federal government does not own the internet, the federal government does not own the network. We don't have the ability to put up those perimeter defenses as a whole country the way that we can when we think about protecting the homeland physically," said counterterrorism expert Elizabeth Neumann.
Frank Gaffney, with the Center for Security Policy, has raised flags about critical infrastructure vulnerabilities for decades - specifically the U.S. power grid.
He says that threat goes way beyond these ransom-style attacks.
"We have in our electric grid at the moment by some estimates as many as 200-300 Chinese manufactured transformers. What could possibly go wrong, as they say. Were those to be shut down, presumably at the command of people in Beijing, the effect of that could be catastrophic to national security," Gaffney told CBN News.
With this recent wave of attacks, he hopes action will finally be taken to harden the grid and protect other critical infrastructure. Action, he believes, could ultimately save the lives of tens of millions of Americans.
"My persistent prayer has been that I'm wrong about these challenges to our country, to our economy, yes, to our security, to our people. I take no pleasure in being vindicated and I will be particularly devastated if the warnings, mostly unheeded, about our electric grids vulnerabilities, are exploited by one or more of these enemies who understand them," Gaffney said.
The reality is, America is under attack from a number of sides, and it's the very connectivity we rely on every day that makes us most vulnerable.