Ukraine was hit hard, with serious intrusions at its power grid reported. Russia's Rosneft oil company, Danish shipping giant A.P. Moller-Maersk and British advertising agency WPP are among those companies reporting disruptions.
The Department of Homeland Security issued a statement on Tuesday, saying it is monitoring the reports and is coordinating with international and domestic cyber partners.
"We stand ready to support any request for assistance. Upon request, DHS routinely provides technical analysis and support," the agency said.
There is little information about who may be responsible for the attack, but Carlin said it is possible it could be a ransomware attack or a ransomworm, which is a combination of ransomware and a worm that replicates itself across the world.
"If you are a business — and every business these days is a tech business — you are vulnerable," said Carlin, who also chairs Morrison & Foerster's global risk and crisis management and is a former assistant attorney general for the Justice Department's national security division.
He said companies need to start rethinking their security and perhaps create a whole separate system not connected with the main system.
—CNBC's Eamon Javers and the Associated Press contributed to this report.