Cyberattacks - A Virtual Hurricane

In a world full of disasters, this one should really scare you
Business Continuity Plans have long since listed out the traditional disasters as probable scenarios to plan and account for in case of operational shut down. But the last several years have shown a new type of disaster - one that is not listed in the books. Just like a hurricane, a cyberattack can bring a bustling business to a standstill and leave the company scrambling to deal with the repercussions for months on end.
 

 
Weathering the Virtual Storm
NotPetaya[1] struck parts of Europe and Asia Pacific but the brunt of the cyberattack seemed to have been focused at Ukraine[2]. Danish shipping giant Maersk[3] found that many of their IT systems were facing a downtime forcing them to close down some of their shipping terminals in Mumbai and Los Angeles.
Whereas a traditional disaster can wipe out operational services, a cyberattack can cause a myriad of problems for you from theft of data, to denial of service and to data ransoming. With the information at hand, you can identify the critical data your organization houses and plan ahead to safeguard it.
A cyberattack is an intentional action that has a motive behind it. Understanding the goal of your attacker can help severely mitigate the effect of the attack. This enables you to anticipate the point of attack and intensively guard that front.
 

 
Why Integrate Cyber Security with BCP
The essence of a BCP is to have a premeditated plan that immediately takes into effect in the event of a disaster. This is because at the time of a disaster - or a cyberattack in this case, it would already be too late to identify the company’s critical assets.
Once the attack is detected, every passing second is crucial for your organization to safeguard itself. This is why it is imperative to analyze and understand your company’s most critical assets and take steps to ensure their safety at the time of the attack.
To be capable of effectively mitigating the onslaught of a cyberattack, cybersecurity concerns must be addressed while making the BCP. Your organization must adapt to taking the following parameters:
  • Technically analyze the situation
  • Predict business impacts
  • Identify attacker’s motive
 

 
Learning from History
In 2011, Sony was hacked, compromising approximately 77 million accounts and their respective private information. This forced them to be subjected to immense scrutiny and public ridicule which took years to recover from. Similarly, Target the convenience store giant of USA was affected by a cyberattack causing the loss of millions in sales and a huge hit to client confidence.
It is virtually impossible to be completely protected from a cyberattack - it is never a question of an ‘if’ but a ‘when’. That is why it is paramount to involve Cybersecurity with your BCP. Keeping this in mind, you must approach Cybersecurity just as any other business risk and not chalk it down to an IT issue.
On the 28th of February 2018, GitHub found themselves fighting off the biggest DDoS attack till date clocking in at 1.35 TB per second of traffic hitting their website. While their website crashed for a short while, they managed to regain full control of the situation and fend off the attack within 25 minutes.
 
Why You Need It
The Chances of you experiencing a virtual disaster is much higher than the probabily of facing a physical one. Just in the month of January 2017 alone, 7 major cyberattacks took place crippling companies and consumers alike. If you don't have a BCP in place, now would be a good time to invest in one.

 

References

  1. ^ Smith, Ms. “NotPetya ransomware hits hospitals, while Shadow Brokers touts its July VIP service.” CSO Online, CSO, 28 June 2017
  2. ^ Dearden, Lizzie. “Ukraine cyber attack: Chaos as national bank, state power provider and airport hit by hackers.” The Independent, Independent Digital News and Media, 27 June 2017
  3. ^ Reuters. “Has WannaCry struck again?” Newsweek, 28 June 2017

 


Featured Blog Posts

Explore the intersection between business and IT and how it affects your daily operations.

Disclaimer

This Blog Post is for informational purposes only. Any information provided on the KIT Blog is accurate and true to the best of our knowledge, but that there may be omissions, errors or mistakes. Even though KIT is an IT Consultancy, the KIT Blog must not be seen or substituted as any kind of Consultative advice. Readers must not rely solely on any information posted on the KIT Blog, doing so would be at their own risk. For any Consultative advice regarding IT solutions, products and/or services, please contact info@kit.ae.

Did you find this useful?

Share your feedback to help us improve!