Beware of Cyber Attacks & Natural Disasters
It’s been a disastrous few months for many. The firestorms in California and hurricane Florence in North Carolina have severely restricted the ability for many to conduct business. But rather than sitting back and letting this get the best of you there are things you can do to ensure business continuity.
Disasters like earthquakes, fires, and flooding are as much a security issue as mitigating cyber attacks. While you have no control over Mother Nature, you can control your disaster recovery planning. Some wait until the last minute to think about doing this. They’re the ones that get stranded without their technology. Don’t be like them – get your disaster recovery plan in place now and revisit it at regular intervals.
Is Your Technology Earthquake Proof?
If a disaster were to occur, will your business continue to operate? The disaster will also affect your employees as well. It could be weeks before they could come back to the office (if it’s still there).
Natural disasters like earthquakes can lead to flooding, fires, and structural damage. They also cause power failures that can limit your ability to access your IT system. By setting up redundant IT backups to offsite locations like cloud-based data centers in multiple locations around the country, you can minimize the chance that you’ll experience a catastrophic data loss.
Is It Protecting us Against Today’s Cyber Threats?
A new form of malware is circulating called Industroyer. It can take direct control of electricity substation circuit breakers. This means that our power stations, transportation control systems, water, and gas plants are all at risk.
These systems are prime targets for terrorist cells, criminal syndicates, and rogue governments.
There is a concern with the record high WannaCry ransomware attacks in the last few years. With attacks on our critical infrastructures increasing, we should be very concerned.
These attacks often go unreported because governments and corporations want to protect their reputations. For example, In 2011, workers at a utility in Illinois found an issue with the controls that managed the water system. An Eastern European criminal syndicate was able to hack into their IT system. The perpetrators too control of the system and turned the pump on and off repeatedly until it burned out. Cyber attacks like this that target our critical infrastructures are a very real threat.
All Of This Creates The Perfect Storm
Technology that performs a number of elementary, yet mission-critical tasks control our industrial facilities, telecoms networks, and defense warning systems. However, despite their importance, they remain highly vulnerable from an IT security standpoint.
We would plunge into chaos, if a cyber-attack cut off our water management systems and power.
Hackers could compromise these targets during an earthquake, flood or firestorm, panic would ensure, and confusion results in mass casualties (or fatalities). An attack like this could be deem the perfect storm from a hacker’s perspective.
Hopefully, this will never occur, but the fact remains that it is a possibility.
What’s The Answer To The Perfect Storm?
Disaster planning is the answer. It includes Information Security that protects the integrity, confidentiality, and accessibility of data, and a Business Continuity Plan to ensure data is available 24/7 no matter what. Such a plan would prevent downtime even during a natural disaster or cyber attack.
This isn’t a simple undertaking. It requires:
- A Business Impact Analysis to identify the critical information and systems that must stay up and running.
- A Risk Assessment to determine where IT vulnerabilities exist, and
- protection of data through backups and plans for restoring critical data so it’s available to those who require it.
After you implement. You must review, maintain, and verify regularly. Review implementation when new hardware and software solutions are put in place.
Follow us on LinkedIn, Twitter, Facebook, and Instagram for more tips and tricks on how to keep your information secure. Intivix Testimonials | Intivix: IT Services, Consulting & Cybersecurity. It’s important to stay up-to-date on IT security events and threats. Visit our Blog to educate yourself and your staff about what you need to know about technology today.
Here are a few articles:
Phishing is the act of sending phony emails to people for the purpose of tricking them into revealing their user name and password. The sender pretends to represent an organization that has a viable reason to make an information request. For instance, you might get a genuine-looking email that looks just like it’s from PayPal. The sender will be claiming that there’s something wrong with your PayPal account. They want you to click on their link and go to your PayPal site and then log in and change your password or some other action.
Hashcat is a type of hacking tool, and a password cracker specifically. It is able to hack the most complex of passwords, targeting multiple aspects of coding simultaneously. Additionally, according to online sources including Infosec Institute, it is regarded as being highly versatile and fast in comparison to other password hacking tools, making it especially threatening.
Fluxion is a new program that combines social engineering and technology to trick users into giving up their log-in and password information. This program is a step above WIFI phisher, which lacks the ability to verify WPA passwords. Fluxion takes all the work out of hacking using a variety of processes that quickly and easily convince users to provide their Wi-Fi password.