Like it or not, the US is in a Cyberwar with Russia, ISIS, North Korea, China and Iran to name a few state-sponsors of criminal acts via the internet. Unlike wars of the past, the casualties in this twenty-first century conflict is civilians and corporations.
Case in point is Iran’s recent hacking of Bowman Dam in Rye, NY, located in Westchester County. In 2013, hackers infiltrated the dam which sparked concerns which reached the White House according to the Wall Street Journal. The Department of Homeland Security was notified of 295 industrial-control-system hacking incidents over the 12 months ending September 30th. Over the previous 12 months, the number was 245. While these numbers are small in comparison to the 57,000 internet-connected industrial-control systems in the US, attackers can do a tremendous amount of damage by controlling just a single system. They could shut down power potentially for months if they are able to get control of a nuclear facility for example.
While this dam was small and perhaps not a threat, the potential for greater damage exists. Many would consider such actions by a nation to be an act of war and respond accordingly. But the response to Iran after learning of the hacking news was to lift sanctions, freeing up to $150 billion for Iran to spend. Certainly, the US government isn’t taking the matter seriously, so you have to.
While cyberthreats are nothing new, the alarming success rate we are seeing should be a wake-up call to CEOs everywhere… Especially neighboring Fairfield and Westchester Counties which are home to numerous financial and insurance companies - natural targets for attackers. In reality, there is no company which is immune to the problem, regardless of location.
Although not a panacea, cybersecurity user-training is probably the most important step companies can take to protect themselves.
For example, a simple spear-phishing attack targets an individual meaning a specific message is crafted and sent to them in the hopes they will click it and infect a computer which will lead to a network infection. This can be done simply by looking at a person’s Twitter account or LinkedIn to gauge their interests. At this point, an email can take advantage of this knowledge offering for example, free tickets to a concert which correlates to the interests of the target. An unsuspecting user is typically no match for repeatedly sent, custom messages which are tailored to their interests.
It is for this reason, Apex Technology Services has a highly-successful user-training practice which helps management and employees steer clear of malicious messages and other cyberthreats. A single attack can put a company out of business by encrypting its data and holding the company hostage. In this war, the employees and management are on the front lines, making you the virtual soldier. No battle can be won if the soldiers aren’t prepared. This ongoing cyberwar is no exception.