Cyber sabotage: the new world war?Given the reliance on technology in today’s business environment and the vulnerability of the large volumes of data stored on enterprise networks and in the cloud, cybersecurity has rightfully become a major concern for businesses.
In the US, Defence Secretary Leon Panetta has warned of a ‘cyber Pearl Harbour’. As this article was being written, hackers infiltrated the Twitter account of the Associated Press and sent a fake tweet with terror overtones, which caused US financial markets to fluctuate wildly for several minutes. This serves as a sobering example of the domino effect a cyber attack can have and the tenuous nature of our technologically connected world.
A real threat to business
Regardless of whether cyber attacks are state-sponsored or perpetrated by a lone hacker, the stark reality is that all types of businesses are vulnerable. In contrast to the clumsy, misspelled phishing emails of years past that were easy to recognise, today’s cyber attacks are difficult to prevent and detect because the techniques used have become increasingly sophisticated. For example, botnets can blast out millions of very convincing, seemingly personalised email messages thanks to techniques that link customer names to companies with which they conduct business. This destructive software enables attackers to gain control of infected computers. Businesses report all kinds of losses as a result of cyber attacks including lost productivity, revenue, and direct financial loss, which can be devastating.
Compromised organisations also pose risks to business partners to whom they provide supplies or services. In cases where there are direct data connections between partners (often requiring no more authentication than a user name and password) cyber attackers can exploit these pathways to infiltrate other enterprises.
According to a study of US companies conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the financial impact of cyber attacks has increased nearly 40% over a three-year period.
How prepared are you?
Promoting good governance practices throughout your organisation can reduce the financial impact of a cyber attack. A risk-based approach is recommended for threat management, with threats ranked according to the risk they pose. A typical IT risk assessment looks at areas such as:
- vulnerability management (cyclical practice of identifying and remediating software and firmware vulnerabilities, such as open ports and outdated patches)
- password policies
- endpoint protection (e.g. anti-virus protection, firewalls)
- access controls
- back-up and disaster recovery plans
- security awareness training
- BYOD (bring your own device) policies.
Companies should review all their agreements, contracts and arrangements with service providers and understand what information they have, how they will use the data, and what steps they will take to protect it. Contracts should clearly state each party's responsibilities and which party would pay the costs in the event of a data breach. An audit of the arrangement by an independent party may be a good idea.
A company should also review its liability in the event of a cyber attack. Insurance is available for events such as transmission of viruses to third-party computers and systems, employee-related theft, third-party unauthorised access to private information, network business interruption, and regulatory compliance costs (e.g. credit monitoring services for affected customers).
Don’t become the next victim
Whatever the cyber criminal’s motivation, the chance of becoming a victim of a cyber attack has become more a question of ‘when’ than ‘if’. By deploying effective security tools, promoting strong IT policies, and remaining vigilant, organisations can minimise the risk of becoming the next victim.
For more information, contact:
Glenn C Davis
T +1 973 871 4039