We are at war; a cyber war

Over the past decade, we have seen attacks grow at an ever-increasing rate. Not only does the quantity of breaches go up, so too does the damage, including monetary loss. In 2021, the IBM Cost of a Data Breach Survey shows a 10% increase in the average total cost.

The average total cost of a ransomware breach costs $4.62M versus the average data breach of $4.24M. Attacks come from all over the world. The most significant attacks are those perpetrated by APT's or Advanced Persistent Threats.

APT's are either funded by governments or permitted to act through tacit instruction or lack of action. We are in a cyber war, and our leaders must educate themselves, enlist experts, and change our defensive posture to a more realistic stance. Money, alerting and education have not worked, and we must adjust tactics.

Cyber War

War is "a state of usually open and declared armed hostile conflict between states or nations." Hostility includes damage to infrastructure, government entities, public and private businesses. Countless examples exist of damage to infrastructure from hostile acts via computer attacks. We must acknowledge and understand that a computer attack has the same impact as kinetic damage from bullets, missiles and bombs. Armed is defined as "using or involving a weapon." Computers are weapons, especially when used in the fashion, our adversaries continually utilize them. Based on these definitions and understanding the current state of events around the globe, we are in a cyber war.

Cyberattacks Kill Patients

A woman in Germany died because systems were down at one hospital, and she passed away while being re-routed to another facility. A close friend with heart problems went to a facility for a critical test. After waiting for three months, his appointment was postponed due to a cyberattack at Centura Health in May 2021. Countless other patients suffered lack of care, lack of testing and lack of medicating due to this and other attacks on healthcare institutions. Nuance creates speech and imaging technology for healthcare providers. When their environment went down during the NotPetya attack in 2017, it impacted numerous clients, including Heritage Valley Health System in Pennsylvania (HVHS).

During the attack, HVHS "physicians and nurses were forced to re-draw pre-operative laboratory results, laboratories and x-ray machines were down, and some patients had to be diverted to other locations." The death toll from these attacks is unknowable. Cyberattacks impact healthcare and lead to loss of life, directly and indirectly.

The cyber war claims lives, just not monetary losses.

Infrastructure, including oil and gas, utilities, and transportation, have been pummeled as well as the healthcare industry. In June 2021, a large portion of the eastern seaboard suffered oil supply constraints after Colonial Pipeline was hit with Ransomware. This provider, the largest pipeline in the United States, was forced to shut down its systems before paying a $5M ransom. During this time, they were unable to pump and deliver fuel to customers. This was a direct attack on American infrastructure by foreign threat actors based in Russia. In March 2019, attackers utilized firewall vulnerabilities in grid operators in the Western United States to cause periodic blind spots for grid operators for around 10 hours. In June 2021, threat actors suspected to be sponsored by the Chinese government hacked into the New York City Metropolitan Transit Authority (MTA) and accessed three of the agency's databases. Evidence abounds; we are under attack and in an undeclared cyber war.

Perspectives from Insurers

Insurance firms recently began refusing to pay policyholders after these attacks. Insurer Zurich American refused to pay US food producer Mondelez International Inc. after NotPetya cost the firm ~$100M stating the policy didn't cover an act of war. The pharmaceutical giant Merck suffered ~$1.3B in damage and now has numerous lawsuits in action attempting to recoup money from insurers refusing to pay as the policies didn't cover an "act of war." Private companies acknowledge the war while our leaders don't seem to draw the proper conclusion. Something must change as everything points to an increase in attack frequency and cost.

What's Next

From citizens to elected officials to business leaders, everyone must stop thinking hackers are individuals sitting in a basement breaking into computers. The vast majority of the most severe attacks come directly from nations or state-sponsored actors. Countries directly or through tacit approval use computers in an offensive capacity on a regular and routine basis. They use these systems for reconnaissance, stealing data, vandalizing systems, extortion, and numerous other reasons. Whatever their motives, they pose a clear and present danger to the United States of America, and our Federal Government must wake up and take immediate action.

Author's note: The comments and statements in this article are my own and don't necessarily represent IBM's positions, strategies or opinions.

Eric Jeffery has nearly 30 years’ information technology experience with over 20 years’ in cybersecurity. Mr. Jeffery currently works as a Sr. Solutions Architect for IBM Security. He has published dozens of articles, presented at numerous conferences, and has a patent filed for a novel cybersecurity defensive maturity model. Mr. Jeffery runs a Podcast under the moniker Cyber Security Grey Beard to help students and early professionals learn, grow and advance in the information security profession. He lives outside of Denver, Colorado with his wife and has four grown children.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.