If there is one topic prominent in today’s security world it is ‘cyber security‘. Many articles, webinars and seminars centre around the question of how to best protect information systems from theft or damage to the hardware, software, and to the information on them.
The consequences of insufficient protection have become clear through several stories that have hit the media; large companies losing data resulting in direct financial and reputational damages. The biggest retail hack in U.S. history occured at the end of 2013 and resulted in 40 million stolen credit card numbers. In the days prior to Thanksgiving 2013, someone installed malware in Target’s security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. During the busy holiday shopping season, consumers were unaware that the malware was capturing their credit card numbers and storing it on a Target server commandeered by the hackers.
Even more frightening is what may happen in the future as illustrated by several investigative writers.
Ted Koppel’s book – ‘Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath‘ – published in October 2015, highlights a significant risk – a catastrophic shutdown of one or more U.S. power grids. Koppel reveals that a major cyberattack on America’s power grid is not only possible but also likely and the United States is shockingly unprepared.
This concept is not far fetched as proof was recently found that a cyber attack took down a power grid. A destructive malware app known as ‘BlackEnergy’ caused a power outage on the Ukrainian power grid this past December, resulting in a blackout for hundreds of thousands of people. Ukrainian officials have blamed Russia for the cyber attack. A CNN article states that U.S. systems aren’t any more protected than those breached in Ukraine.
Koppel asks us to imagine a blackout that could last months – where millions of Americans over several states are without running water, refrigeration, light, and a dwindling supply of food and medical supplies. A blackout could shutdown banks, challenge the police as they’ve never been before, and lead to widespread looting.
Closer to home and on a smaller scale, similar incidents are happening frequently but seldom make the news. This is because companies don’t want others to know that they did not protect their IT environment, as they should have. A small non-profit company found itself recently involuntarily advertising for Islamic States. Their website had been hacked and articles glorifying the IS ideology had been placed. Another company saw credit card payments from their customers land in a newly created bank account, set up through hackers. This led to considerable damage, primarily from a reputational standpoint.