It seems that in the real world the number of storms and tornadoes recorded appears to have increased significantly. The jury is still out on the reasons for the increase, as the storm data is limited. In any case, when the storm hits an area, region or an organization, each one is expected to make for a dreadful day. Even with all the improvements in forecasting and warning technology, more people die, and thousands more are injured. The same is the case in the corporate world.
Just like in the corporate world, cyber threats and vulnerabilities have changed and feared, due to the rise of connected technologies that leads to greater vulnerability.
Our general understanding of the elements needed to produce these cyber and data storms improves, so does our ability to give advanced warning before the cyber threats take shape in the corporate world. Data and IT meteorologists now know where to look for in intrusion detection systems, that can identify the realities of cyber risks. When the cyber threat environment is intensified dramatically the Ransomware, Phishing and Spyware surfaces. These ingredients are the basis for the “perfect storm” scenario when it comes to predicting an outbreak.
Not much real support from the big IT and data mastodonts
Numerous attacks throughout the world, have shown, that hackers often gain access to larger organizations by initiating attacks against smaller vendors that provide third-party services like maintenance or meals. Since the cyber threats have been allowed to increase by leaps and bounds without much support from the big IT and data mastodonts, the continued concerns about the misappropriation of financial and personal data are now being replaced by the presence of even more significant and devastating threats. Cyber-attacks on critical infrastructures — like manufacturing plants, power stations, aviation systems, transportation networks, water systems and even nuclear facilities — are the new reality in Europe and around the world.
Let us focus on aviation systems. The aircraft manufacturers have to make sure that the integrity of the IT systems can monitor the performance of aircraft systems closely so that a hacker cannot override the commands using artificial intelligence and land the aircraft safely if hacked. In 2015, FBI agents alleged that a well-known cybersecurity expert claimed to have hacked into an aircraft’s flight controls through the entertainment system, and made it briefly fly sideways. A hacker can access an aircraft’s onboard Wi-Fi through the satellite link and interfere with the internet-enabled devices of passengers and crew. Just as in the corporate world, negligent employees are the no. 1 cause of data breaches at 54%, as careless workers are the root cause of cybersecurity incidents, common devices being used by passengers and onboard staff may interface with the critical as well as the non-critical systems and could pose a real threat when the aircraft is in the air. Recent cyber-attacks with data breaches have affected amongst others, Cathay Pacific, British Airways, Delta Airlines and Air Canada.
Data and IT meteorologists now know to look for
Cyber-attacks against critical infrastructure have been dubbed a potential “Cyber Pearl Harbor” by US military officials. Many European governments and businesses now confront countries as enemies and take the same precautions as when planning a cyber attack in defense or military terms.A French government report recently warns of an “unprecedented threat” to security after nearly 4,000 leading French civil servants, scientists and senior executives were found to have been accosted by Chinese spies using the popular social media network LinkedIn.
The computer models used to make cybersecurity more resilient has come a long way over the last several years in their ability to pinpoint the precautions in which these ingredients will appear and the time frame to avoid the cyber storm. The closer the attack and the outbreak gets, the more data meteorologists can narrow down the attack by installing fully integrated firewall, IPS, Application Control, AV, Anti-Bot, URL Filtering, to brush off the storm.
Prepare for the worst hope for the best
Just like in a real storm, communication and damage control are the most critical aspects. Scenario planning can help rehearse the time to prepare and get the message out to the masses. When the cyber storms began developing it almost instantaneously lays down all computers so that the screen is black. The IT and data speed like in nature inflicted storm is incredibly fast. There is no place to hide when a cyber storm hits the organization.
Therefore, the issue of the speed of the storms as the damage continues, communication of new warnings is difficult, and even well-built data and IT structures are vulnerable to elimination. Still, for some reason, some companies think that “it’s not going to happen to me” mentality and don’t take the warnings seriously.
All of the above cybersecurity components and trends with together with greater internet traffic rates, new, antivirus security kits, more sophisticated malware and future “unknown” cyber threats, and we have yet another perfect storm where cyber criminals are more or less welcomed in all organizations.
Kersi Porbunderwalla is the 1st keynote speaker at the FODP 2018 in Berlin on the 9th November.
To view the whole article see https://www.linkedin.com/pulse/perfect-cybersecurity-storm-how-prepared-businesses-porbunderwala/?published=t