Natural Disasters & Cyber Attacks
It’s been a disastrous few months for many. The firestorms in California and hurricane Florence in North Carolina have severely restricted the ability for many to conduct business. But rather than sitting back and letting this get the best of you there are things you can do to ensure business continuity.
Disasters like earthquakes, fires, and flooding are as much a security issue as mitigating cyber attacks. While you have no control over Mother Nature, you can control your disaster recovery planning. Some wait until the last minute to think about doing this. They’re the ones that get stranded without their technology. Don’t be like them – get your disaster recovery plan in place now and revisit it at regular intervals.
Is Your Technology Earthquake Proof?
If it is a disaster occurred, would your business be able to operate? Your employees are going to be affected by the disaster as well. It could be weeks before they could come back to the office (if it’s still there).
Natural disasters like earthquakes can lead to flooding, fires, and structural damage. They also cause power failures that can limit your ability to access your IT system. By setting up redundant IT backups to offsite locations like cloud-based data centers in multiple locations around the country, you can minimize the chance that you’ll experience a catastrophic data loss.
Is It Protected Against Today’s Cyber Threats?
A new form of malware is circulating called Industroyer. It can take direct control of electricity substation circuit breakers. This means that our power stations, transportation control systems, water, and gas plants are all at risk.
These systems are prime targets for terrorist cells, criminal syndicates, and rogue governments.
This concern had been raised to a record high in the last few years, with the WannaCry ransomware attacks. With attacks on our critical infrastructures increasing, we should be very concerned.
These attacks often go unreported because governments and corporations want to protect their reputations. For example, In 2011, workers at a utility in Illinois found an issue with the controls that managed the water system. Their IT system had been hacked by an Eastern European criminal syndicate. The perpetrators too control of the system and turned the pump on and off repeatedly until it burned out. Cyber attacks like this that target our critical infrastructures are a very real threat.
All Of This Creates The Perfect Storm
Industrial facilities, telecoms networks, and defense warning systems are controlled by technology that performs a number of elementary yet mission-critical tasks. However, despite their importance, they remain highly vulnerable from an IT security standpoint.
Imagine if our water management systems and power were cut off by a well-executed cyber attack? We would be plunged into chaos.
If hackers compromised these targets during an earthquake, flood or firestorm, panic would ensure, confusion could result in mass casualties (or fatalities) and civilization as we know it would be extinguished. An attack like this would be deemed the perfect storm from a hacker’s perspective.
Hopefully, this will never occur, but the fact remains that it is a possibility.
What’s The Answer To The Perfect Storm?
Disaster planning is the answer. It includes Information Security that protects the integrity, confidentiality, and accessibility of data, and a Business Continuity Plan to ensure data is available 24/7 no matter what. Such a plan would prevent downtime even during a natural disaster or cyber attack.
This isn’t a simple undertaking. It requires:
Once implemented, the Plan must be reviewed, maintained and verified regularly. It should also be revisited when new hardware and software solutions are put into place.
It’s important to stay up-to-date on IT security events and threats. Visit our Blog to educate yourself and your staff about what you need to know about technology today.
Here are a few articles to get you started:
Phishing is the act of sending phony emails to people for the purpose of tricking them into revealing their user name and password. The sender pretends to represent an organization that has a viable reason to make an information request. For instance, you might get a genuine-looking email that looks just like it’s from Paypal. The sender will be claiming that there’s something wrong with your Paypal account. They want you to click on their link and go to your Paypal site and then log in and change your password or some other action.
Hashcat is a type of hacking tool, and a password cracker specifically. It was created to be able to hack the most complex of passwords, targeting multiple aspects of coding simultaneously. Additionally, according to online sources including Infosec Institute, it is regarded as being highly versatile and fast in comparison to other password hacking tools, making it especially threatening.
Fluxion is a new program that combines social engineering and technology to trick users into giving up their log-in and password information. This program is a step above Wifiphisher, which lacks the ability to verify WPA passwords. Fluxion takes all the work out of hacking using a variety of processes that quickly and easily convince users to provide their Wi-Fi password.