Gartner predicts that by 2025 cyberattackers will have weaponized operational technology environments to successfully harm or kill humans. Ambulances rerouted. Gas supplies were disrupted, leading to days of long lines and high prices. Disruption to food suppliers causing shortages.
These are the real-life impacts of cyberattacks. Cyberattacks are seemingly in the news every day, and while sometimes they merely cause inconvenience, they often also have dire consequences. Cyberattacks in critical infrastructure and healthcare sectors don't just affect data – they can also wreak havoc in the physical world.
The wave of recent cyberattacks has impacted everything from oil pipelines to hospitals and shows no sign of stopping. Even worse than that, they may soon turn deadly. The cyber battlefield has expanded, and the stakes are higher than ever before.
Cyberattacks: Prevention and Response
Cyberattacks that involve data breaches can cause logistical headaches as customers deal with the impacts of compromised accounts, data breaches and even stolen identities. However, cyberattacks can cause problems that go beyond a nuisance to downright chaos. Several attacks have impacted infrastructure and safety over the past several years.
The 2021 attack on Colonial Pipeline, which provides about 45% of the U.S. East Coast's fuel, disrupted gas supplies for days. Yet, the damage could have been far worse. The operational technology (OT) systems were shut down in an abundance of caution to pre-empt attackers from gaining access to the industrial space and threatening safety.
In the 2021 Oldsmar attack, hackers remotely accessed the water treatment plant in Oldsmar, Florida, a city of 15,000 people in the Tampa area, and briefly changed the levels of lye in the drinking water. If the operator hadn't been looking at the computer monitor and witnessed the chemical levels changing as the hacker manipulated them, the effects would have been more serious.
In the 2020 Universal Health Services (UHS) attack, 400 hospitals and health facilities in the United States and the United Kingdom lost access to their patient's medical records, resulting in ambulances being rerouted and delayed patient care. The attack not only wiped out IT systems but also took the phone systems out of action. The UHS Healthcare attack cost 67 million dollars - but the human impact was even more staggering. Even with IT technicians working around the clock to restore service, the disruption lasted for three weeks.
In September 2020, the University Hospital Düsseldorf in Germany was the victim of a cyberattack and was forced to turn away patients who came to its emergency room for treatment. After being diverted to a facility an hour away, a patient with a life-threatening illness sadly passed away due to the delay in receiving medical care.
These attacks show that attacks on sectors such as critical infrastructure and healthcare can have dire consequences. Organizations need to be prepared both to prevent attacks and deal with the fallout if they occur.
Assessment & Prevention
Taking Cyber Risk Seriously
Executives and Board of Directors are beginning to take cyber risk just as seriously as any other form of business risk, such as financial risk.
Assessing cyber risk is essential to a business and is a key contributor to its overall reputational risk. Businesses need to take their cyber risk into account in their business strategy and planning. Well-prepared organizations act both to prevent attacks and to mitigate the damage when attacks inevitably occur.
Implementing Security Controls
Once organizations understand where their risks lie, they can implement effective security measures, such as implementing Multi-factor Authentication (MFA) to reduce the risk of attacks occurring. MFA requires end-users to provide two or more verification factors adding a layer of security on top of a single factor, such as a password. Requiring an additional verification source, for example, a biometric factor, such as a fingerprint, facial scan, iris scan, or palmprint, ensures that the person logging in to a system is who they say they are.
Response & Recovery
Disaster Recovery & Business Continuity and Ransomware Response Plans
Organizations now need to think about cyberattacks the same way they would think about natural disasters, such as hurricanes or earthquakes. They need to realize that such events will undoubtedly impact their business at some point, analyze their risk and create disaster recovery plans to mitigate the damage when they do occur to keep their operations running.
Organizations are proactively working to address the disruption of the inevitable cyberattacks by implementing Disaster Recovery & Business Continuity (DRBC) plans. A DRCB plan is a formal business document that outlines in detail the actions and assets needed in the event of a disaster. It includes the required processes, assets, employees, and services.
Businesses can also create ransomware recovery plans to quickly recover their data and resume operations after a ransomware attack. Having a plan in place can help organizations quickly shut down systems to isolate the damage.
Kaseya is an example of a successful recovery. On June 2, 2021, Kaseya's Virtual System Administrator (VSA) was attacked by the criminals behind REvil ransomware. They became aware of the attack when they started receiving reports of "suspicious things happening."
Kaseya's internal playbook dictated that it protects clients by shutting down anything potentially dangerous so it cannot harm multiple parties. This required Kaseya to shut down the VSA module. Within an hour, they immediately shut down the VSA. Within two hours, Kaseya identified the specific vulnerability and created a fix, tested it, and worked with its partners to ensure the fix was secure. Kaseya's response helped them to minimize the damage of the attack.
Attacks are inevitable. If organizations don't have a way to detect it when it happens, they will be in serious trouble if they are attacked. Organizations should be proactive in addressing their cyber risk, planning for the worst-case scenario, having security systems to prevent attacks early on, and disaster recovery and ransomware plans to limit the consequential damage when attacks occur.