Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cyber Tactics ColumnCybersecurity News

Addressing Escalation: When Hackers Get Destructive

By Steven Chabinsky
Cyber Security
January 7, 2015

Ask most corporate executives to define cybersecurity and their initial thoughts turn to data privacy. That’s for good reason. Companies are bleeding corporate trade secrets and personally identifiable information at such an alarming rate that confidentialityissues and related compliance concerns can’t help but dominate the cybersecurity agenda. Yet, ask cybersecurity professionals what keeps them up at night, and the topic invariably turns to data deletion, tampering with control systems, and the potential to cause physical harm over the Internet. These concerns fall into categories that are distinct from protecting data confidentiality. Instead, they demonstrate the importance of maintaining an enterprise focus on the integrity and availabilityof your company’s most essential data, systems and services.

In fact, it is possible that data privacy concerns may soon pale in comparison to other types of potential cyber harms. In that vein, there is a growing list of victims when it comes to data destruction.  At least as early as 2010, criminal syndicates began using malicious software, now commonly referred to as ransomware, to hold a victim’s computer hostage by locking it up until the hacker’s demands were met. The risk in these cases isn’t lost data privacy; it’s lost data, period. Today’s ransomware more commonly encrypts files, rendering them into useless bits, followed by the hacker’s demands for online payments in exchange for the password.

Just as in the physical world, however, destructive attacks typically are not financially motivated. In 2011 for example, a security company fell victim to hackers that stole its data, published much of it online, intentionally deleted the rest of it and adding insult to injury, then discovered and deleted the company’s remote backups. From a risk management perspective, although encryption might have prevented the disclosure of the company’s and its clients’ secrets, it would have done nothing to protect against the accompanying large-scale data loss. Rather, backups kept on write-once media (which cannot be modified intentionally or by accident) would have offered an effective approach for digital disaster recovery. That of course is the risk management lesson. Different tactical approaches often are required to mitigate different types of harm, even to the same data. By storing encrypted data on write-once media, at a separate physical location, with limited access that is logged and audited, a holistic approach to data security begins to emerge.

Consider the 2012 case of a global energy company that lost use of its internal network services after hackers unleashed a malicious virus that effectively erased 30,000 of the company’s 40,000 computers. The company stated that it successfully restored those machines, indicating a mature backup and recovery strategy. However, even with an effective plan in place, rebuilding the internal network took 10 days.

Fast-forward to this past December, when the FBI issued a rare warning about a destructive malware campaign. An ongoing FBI investigation determined that the malware provides its masters with the ability to overwrite data files in a manner that makes it “extremely difficult and costly, if not impossible, to recover the data using standard forensic methods.” Cybersecurity and risk managers should heed this message as a call to pay closer attention to the unique demands of keeping data (including data backups) reliable and available despite the potential for malicious alteration, deletion, or denials of service. 

Still, despite the importance of data integrity and availability, far more troubling are Internet threats in which hackers might engage in physical destruction, and do so from afar. In 2007, the Department of Homeland Security engaged Idaho National Labs as a proof of concept to hack into – and explode – an electric power generator by remotely manipulating the hulking machine’s circuit breakers. The media obtained a video of the successful attack, which was later aired on TV and posted to YouTube. In 2010, Stuxnet was exposed as state-sponsored network sabotage targeting Iran’s nuclear power plants. Apparently, malware can be designed not only to alter the spin rate of the centrifuges used to enrich uranium, but to do so while having the control monitors indicate that everything is still working fine. Based on these two examples alone, it should come as no surprise that, in 2011, the FBI retrieved a terrorist recruitment video in which the former leader of Al Qaeda in Iraq pronounced, “I think that the electronic warfare is one of the most important and effective future wars.” The terror segment ends with a call to “electronic jihad.”  

Finally, just this past October, the European Police Office (Europol) warned that, with the emergence of the Internet of Everything, we can expect to see “new forms of blackmailing and extortion schemes (e.g. ransomware for smart cars or smart homes),” as well as “physical injury and possible death.” The time to prepare most certainly is now, mindful of that fact that greater convergence of a company’s physical security program with its cybersecurity program soon may no longer be a choice.   

KEYWORDS: cyber attack cyber risk mitigation hackers

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chabinsky 2016 200px

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber tactics feat

    What to Expect When Working with Cyber Cops

    See More
  • SEC1118-cyber-Feat-slide1_900px

    Clear, Purge & Destroy: When Data Must be Eliminated, Part 2

    See More
  • SEC1018-cyber-Feat-slide1_900px

    Clear, Purge & Destroy: When Data Must be Eliminated

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing