The changing face of cyber attacks

Written By Richard Whitby

I’m part of the crisis management and business continuity industry, but even I can’t keep pace with the latest news on cyber attacks. In August we had Paypal and Southern Water in the UK, Experian SA, WebEx in the US and Twitter revealing that a security flaw may have exposed Android users’ direct messages.

AdobeStock_152829351.jpeg

Are customers and clients becoming used to these hacks and data breaches? Taking my professional hat off for one minute, I’m probably becoming a bit immune to all this. If I had a notification tomorrow from, let’s say, a hotel chain saying that my details had been hacked I’d probably be mildly annoyed, but not surprised.

Does this mean that organisations can pay less attention to the impacts of cyber attacks? Well, no. When we simulate operational disruption and reputational damage in cyber exercises, it’s the business impacts that get the most attention. Being unable to do the things that are fundamental to an organisation’s existence is damaging, frustrating and invariably expensive.

A hack preventing an organisation from accessing its data unless a ransom is paid is nothing new. But we are seeing a marked increase in companies paying ransoms to hackers to unlock their data (the recent Hiscox Cyber Readiness Report states that one in six firms met the demands of hackers by paying ransoms).

I’ve heard a number of conversations in boardrooms around whether or not the organisation should pay a ransom to release data. Many organisations have a ‘we will not pay ransoms’ policy, but this invariably gets questioned during the heat of an exercise (as it should - you really need to bottom out that answer in an exercise and not in real life). And the advice of the authorities, from FBI in the US to the NCA in the UK is that companies shouldn’t pay. But can you blame an organisation for paying? In 2017 Maersk shipping was almost destroyed by a malware attack (that was disguised as a ransomware attack. And in April 2020, it was reported that Travelex had paid the cyberattack ransom fee of $2.3 million to the hackers in order to restore their systems.

Cyber attackers using ransomware as a weapon are getting increasingly smart. They know that their chances of getting paid increase substantially if they can provide proof that the ‘release keys’ will actually work once the money has been handed over (the equivalent of so-called ‘proof of life’ in personnel hijack and ransom).

As ever, organisations must ensure they do everything they can to prevent malicious attacks from penetrating their security in the first instance. But it’s also vital to prepare and rehearse the response in case the worst does happen.

Richard Whitby
Previous

Setting the strategic objective in a crisis
Next

How Will Organisations Prepare for Future Crises?