The Devastating Business Impacts of a Cyber Breach
Cyberattacks are becoming more frequent, with 83% of companies facing multiple breaches in 2022. These breaches don’t just cause short-term damage like a 7.5% drop in stock prices, they also result in huge financial losses. On average, a breach costs companies $4.35 million globally, and in the U.S., this number rises to $9.44 million. These costs include lost revenue, ransom payments, downtime, legal fees, and higher audit costs, all of which drain company resources.
Beyond money, cyberattacks also disrupt supply chains, lower a company’s credit rating, and often force price increases for customers. For example, ransomware attacks can halt business operations, with some sectors like healthcare losing over $7.8 billion in downtime alone. Cybercriminals are getting smarter, targeting both small and large companies with tailored attacks, leading to even bigger issues.
To combat these risks, companies need to be proactive by putting a cybersecurity expert on their board to guide security efforts and develop long-term strategies. This can help prevent attacks or minimize damage when they happen. Additionally, regular security audits and training for employees play a crucial role in defending against these threats.
Cybersecurity isn’t just an IT issue anymore; it’s something that affects the whole company. Having strong security measures in place can help businesses avoid major financial losses, protect their reputation, and recover more quickly from cyberattacks.
In the News – Overheating datacenter stopped 2.5 million bank transactions.
Article summary: In late 2023, the Development Bank of Singapore (DBS) and Citibank suffered an outage due to technical issues with the data center’s cooling system.
Dates of Outage: Mid-afternoon on October 14, 2023.
Length of Outage: two days.
Operational consequence of the outage: No customer or vendor could make payment transactions via DBS and Citibank in the city-state. Over 810,000 attempts to access the two platforms failed, while 2.5 million payment and ATM transactions could not be completed.
Cause of Outage: Issues with the cooling system caused the temperature to rise above the optimal operating range at the data center (called Equinox) used by both institutions.
Equinox identified a contractor as being responsible for incorrectly sending a signal to close the valves from the chilled water buffer tanks during a planned system upgrade.
IT Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP): Immediately following Equinox’s outage, both companies activated IT DRPs and BCPs, which entailed recovering their affected systems at their respective backup data centers.
Both companies experienced DP issues: DBS suffered network misconfiguration / Citibank suffered connectivity issues. Two days passed before the full restoration of services.
This event highlights failures of steps taken in the risk assessment process of the DR by DBS & Citibank, such as:
Discovering and auditing potential threats – such as off-site equipment or system failures, and adhering to government standards concerning unscheduled downtime for critical systems affecting bank operations.
Regularly testing the DR & BCP in case of a disaster – such as recreating the operational environment off-site.
Actions taken by Singapore’s Government: DBS was banned from acquiring new business ventures and all non-essential IT changes for 6 months.
Title: Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators
The article highlights the data backup and recovery strategies for Exchange Server administrators to safeguard against data loss. This is extremely important with growing cybersecurity threats like ransomware. It underscores common causes of data loss like vulnerabilities, human mishaps, and hardware failure. It also explains how financial losses, reputational damage, and downtime can negatively impact and devastate organizations. The article provides key strategies for preventing data loss. Some included VSS-based backups and the 3-2-1 backup rule. The article also discussed proactive measures like security protocols and access control.
Title: US authorities issue ransomware warning, and other cybersecurity news to know this month.
The World Economic Forum reported in September 2024 that U.S. authorities warned about the rise of RansomHub, a ransomware group active since February 2024. It has attacked over 210 victims, spanning sectors such as government, water services, and critical manufacturing, by encrypting and exfiltrating data. The report emphasizes the importance of proactive security measures like system updates and multi-factor authentication to ensure business continuity and mitigate disruptions.
Chinese hackers have breached at least three major U.S. telecommunications providers—Verizon, AT&T, and Lumen—in what appears to be a significant espionage operation aimed at uncovering the targets of American surveillance. The investigation by the FBI, U.S. intelligence agencies, and the Department of Homeland Security is still in its early stages, and the full extent of the breaches remains unclear. The hackers, believed to be connected to China’s Ministry of State Security, may have accessed sensitive information related to lawful federal wiretap requests and general internet traffic, potentially compromising U.S. intelligence efforts. The breaches come amid ongoing tensions between the U.S. and China, as both countries navigate a complex competitive relationship. A spokesperson for the Chinese Embassy denied any wrongdoing, asserting that China is a victim of cyberattacks, while U.S. officials emphasize the significant risks posed by the hacking operations.
Cybersecurity threats are on the rise: What to know so you can address them
This article provided information from the 2024 Data Breach Investigations Report (DBIR), and basically summarized the findings. The article highlighted a few key points such as vulnerability exploitation, human error in cybercrimes, ransomware attacks, and stolen credentials. The thing that stood out the most to me was the emphasis on how much cybercrime is growing. The article predicts that by 2028 global cybercrimes costs could reach $13.8 trillion. A large reason for this is because of the growing success of the initial access method, and also human error. Human error has contributed to around 68% of breaches. Phishing attacks are the main reason for the number being so high. The concern that I have is whether or not we will find a solution for human error.
Modern Business Impact Analysis must address confidentiality, integrity, and availability of mission-essential assets.
This article talked about how risk managers can leverage Business impact analysis template to consistently evaluate, record and monitor the criticality and sensitivity of enterprise assets. The article went on to explain that assets are not limited to technology; they include critical data, intellectual property. Therefore expanding use of BIA to include confidentiality and integrity considerations supports comprehensive risk analysis, this this means that BIAs need to address confidentiality and integrity as appropriate to the resource types being identified and prioritized in a BIA. Conceivably, it is possible for a resource with low availability requirements to be at the top of the confidentiality or integrity priority list.
Title: Coronavirus and the Cybersecurity Threat Landscape
This article talked about the consequences and impacts to businesses that developed around the Coronavirus. The repercussions from Covid hit every organization, no matter how resilient the business was. The following led to impacts
Hardware and skill shortages – pandemic led to shortages in hardware and skilled security professionals
Budget cuts and supply chain failures – organizations are facing financial constraints and disruptions in their supply chain
Increased insider threats – rise in threats from disaffected former employees
Manipulation of news for scams – cybercriminals are exploiting new events to conduct scams.
78% of Organizations Suffer Repeat Ransomware Attacks After Paying
I think that this is an important thing to highlight in the landscape of breaches and ransomware. If disaster recovery is not prioritized then not only do you risk falling victim to attacks such as ransomware. Even if you get your data back, if you have to pay in order to do so and do not learn from the experience then you identify yourself as a future target. Why would bad actors go after a new target when they can go after an org that not only doesn’t seem to be learning their lesson, but also keeps paying them
SEC Charges Four Companies With Misleading Cyber Disclosures
This press release from the Securities and Exchange Commission (SEC) details the fine levied against 4 technology companies in connection to the SolarWinds hack that occurred in 2020.
Unisys, Avaya, Mimecast, and Check Point were accused by the SEC for making misleading statements to the general public and investors regarding the extent of the intrusions by the SolarWinds hack.
The SolarWinds hack was a compromise in the Orion platform created by SolarWinds to monitor infrastructure and enterprise networks. The platform was compromised which gave threat actors backdoor access to the systems and information of thousands of SolarWinds’ customers including local, state, and federal agencies.
These 4 companies allegedly intentionally downplayed the extent of the attacks on their systems to investors in which the commission believed deprived investors of full knowledge on the extent of the incident. The SEC further alleged that these companies disclosed the risk and impact of the breach as hypothetical even though gigabytes of data was exfiltrated from each of these organizations.
Each company was fined between $990,000 and $4,000,000 in civil penalties with Unisys being fined the highest penalty. Each of these companies agreed to settle the charges and desist from making similar false claims to investors.
A shocking number of IT bosses are turning off security controls
This article discusses a recent study conducted by Arctic Wolf, which revealed that many IT leaders have admitted to disabling security controls and reusing system passwords. Despite this, around 80% of these leaders are confident their employees wouldn’t fall for phishing attacks, even though 64% of the leaders have fallen victim themselves. In reality, 83% of employees have been caught by phishing attempts, as shown by their clicks on phishing simulation links
The article also mentioned that overconfidence could leave companies vulnerable, and firms need robust cybersecurity that requires an honest assessment of risks and vulnerabilities.
Title: Radisson’s Country Inn & Suites hack claim, thousands reported breached
The Country Inn & Suites by Radisson hotel chain has reportedly been hit by the Everest ransomware group. The attack exposed sensitive information of thousands of guests, including credit card numbers, account usernames, and passwords. The ransomware gang claims to have stolen billing data, internal emails, booking details, and more. They have given the hotel group a 10-day deadline to negotiate before the data is published.
This article highlights the growing threat of AI-driven cyberattacks targeting retailers, especially during the busy holiday season. These attacks include business logic abuse, DDoS attacks, bad bots, and API violations. AI tools and specialized bots are being used by cybercriminals to exploit vulnerabilities in systems, which increases the complexity and volume of attacks. The rise of AI-driven attacks requires a thorough BIA to understand which business processes are most at risk. AI-driven attacks can cause prolonged downtime or data breaches, so a well-prepared DRP helps ensure that systems can be restored, operations resumed, and data recovered in the shortest time possible. AI-driven threats emphasize the need for robust BCM strategies to ensure retailers maintain operations, minimizing customer impact and financial loss.
The Devastating Business Impacts of a Cyber Breach
Cyberattacks are becoming more frequent, with 83% of companies facing multiple breaches in 2022. These breaches don’t just cause short-term damage like a 7.5% drop in stock prices, they also result in huge financial losses. On average, a breach costs companies $4.35 million globally, and in the U.S., this number rises to $9.44 million. These costs include lost revenue, ransom payments, downtime, legal fees, and higher audit costs, all of which drain company resources.
Beyond money, cyberattacks also disrupt supply chains, lower a company’s credit rating, and often force price increases for customers. For example, ransomware attacks can halt business operations, with some sectors like healthcare losing over $7.8 billion in downtime alone. Cybercriminals are getting smarter, targeting both small and large companies with tailored attacks, leading to even bigger issues.
To combat these risks, companies need to be proactive by putting a cybersecurity expert on their board to guide security efforts and develop long-term strategies. This can help prevent attacks or minimize damage when they happen. Additionally, regular security audits and training for employees play a crucial role in defending against these threats.
Cybersecurity isn’t just an IT issue anymore; it’s something that affects the whole company. Having strong security measures in place can help businesses avoid major financial losses, protect their reputation, and recover more quickly from cyberattacks.
https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach
In the News – Overheating datacenter stopped 2.5 million bank transactions.
Article summary: In late 2023, the Development Bank of Singapore (DBS) and Citibank suffered an outage due to technical issues with the data center’s cooling system.
Dates of Outage: Mid-afternoon on October 14, 2023.
Length of Outage: two days.
Operational consequence of the outage: No customer or vendor could make payment transactions via DBS and Citibank in the city-state. Over 810,000 attempts to access the two platforms failed, while 2.5 million payment and ATM transactions could not be completed.
Cause of Outage: Issues with the cooling system caused the temperature to rise above the optimal operating range at the data center (called Equinox) used by both institutions.
Equinox identified a contractor as being responsible for incorrectly sending a signal to close the valves from the chilled water buffer tanks during a planned system upgrade.
IT Disaster Recovery Plan (DRP)/Business Continuity Plan (BCP): Immediately following Equinox’s outage, both companies activated IT DRPs and BCPs, which entailed recovering their affected systems at their respective backup data centers.
Both companies experienced DP issues: DBS suffered network misconfiguration / Citibank suffered connectivity issues. Two days passed before the full restoration of services.
This event highlights failures of steps taken in the risk assessment process of the DR by DBS & Citibank, such as:
Discovering and auditing potential threats – such as off-site equipment or system failures, and adhering to government standards concerning unscheduled downtime for critical systems affecting bank operations.
Regularly testing the DR & BCP in case of a disaster – such as recreating the operational environment off-site.
Actions taken by Singapore’s Government: DBS was banned from acquiring new business ventures and all non-essential IT changes for 6 months.
Source: https://www.theregister.com/2023/11/07/overheating_datacenter_singapore/
Title: Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators
The article highlights the data backup and recovery strategies for Exchange Server administrators to safeguard against data loss. This is extremely important with growing cybersecurity threats like ransomware. It underscores common causes of data loss like vulnerabilities, human mishaps, and hardware failure. It also explains how financial losses, reputational damage, and downtime can negatively impact and devastate organizations. The article provides key strategies for preventing data loss. Some included VSS-based backups and the 3-2-1 backup rule. The article also discussed proactive measures like security protocols and access control.
Link: https://thehackernews.com/2024/01/preventing-data-loss-backup-and.html
Title: US authorities issue ransomware warning, and other cybersecurity news to know this month.
The World Economic Forum reported in September 2024 that U.S. authorities warned about the rise of RansomHub, a ransomware group active since February 2024. It has attacked over 210 victims, spanning sectors such as government, water services, and critical manufacturing, by encrypting and exfiltrating data. The report emphasizes the importance of proactive security measures like system updates and multi-factor authentication to ensure business continuity and mitigate disruptions.
Source: https://www.weforum.org/agenda/2024/09/ransomware-cybersecurity-news-september-2024/
China hacked major U.S. telecom firms in apparent counterspy operation
https://www.washingtonpost.com/national-security/2024/10/06/salt-typhoon-china-espionage-telecom/
Chinese hackers have breached at least three major U.S. telecommunications providers—Verizon, AT&T, and Lumen—in what appears to be a significant espionage operation aimed at uncovering the targets of American surveillance. The investigation by the FBI, U.S. intelligence agencies, and the Department of Homeland Security is still in its early stages, and the full extent of the breaches remains unclear. The hackers, believed to be connected to China’s Ministry of State Security, may have accessed sensitive information related to lawful federal wiretap requests and general internet traffic, potentially compromising U.S. intelligence efforts. The breaches come amid ongoing tensions between the U.S. and China, as both countries navigate a complex competitive relationship. A spokesperson for the Chinese Embassy denied any wrongdoing, asserting that China is a victim of cyberattacks, while U.S. officials emphasize the significant risks posed by the hacking operations.
Cybersecurity threats are on the rise: What to know so you can address them
This article provided information from the 2024 Data Breach Investigations Report (DBIR), and basically summarized the findings. The article highlighted a few key points such as vulnerability exploitation, human error in cybercrimes, ransomware attacks, and stolen credentials. The thing that stood out the most to me was the emphasis on how much cybercrime is growing. The article predicts that by 2028 global cybercrimes costs could reach $13.8 trillion. A large reason for this is because of the growing success of the initial access method, and also human error. Human error has contributed to around 68% of breaches. Phishing attacks are the main reason for the number being so high. The concern that I have is whether or not we will find a solution for human error.
https://www.verizon.com/about/news/dbir-2024-trends-and-implications
Modern Business Impact Analysis must address confidentiality, integrity, and availability of mission-essential assets.
This article talked about how risk managers can leverage Business impact analysis template to consistently evaluate, record and monitor the criticality and sensitivity of enterprise assets. The article went on to explain that assets are not limited to technology; they include critical data, intellectual property. Therefore expanding use of BIA to include confidentiality and integrity considerations supports comprehensive risk analysis, this this means that BIAs need to address confidentiality and integrity as appropriate to the resource types being identified and prioritized in a BIA. Conceivably, it is possible for a resource with low availability requirements to be at the top of the confidentiality or integrity priority list.
https://community.mis.temple.edu/mis5206sec701fall2024/2024/10/16/week-8-in-the-news/#comments
Title: Coronavirus and the Cybersecurity Threat Landscape
This article talked about the consequences and impacts to businesses that developed around the Coronavirus. The repercussions from Covid hit every organization, no matter how resilient the business was. The following led to impacts
Hardware and skill shortages – pandemic led to shortages in hardware and skilled security professionals
Budget cuts and supply chain failures – organizations are facing financial constraints and disruptions in their supply chain
Increased insider threats – rise in threats from disaffected former employees
Manipulation of news for scams – cybercriminals are exploiting new events to conduct scams.
Link: https://www.infosecurity-magazine.com/blogs/coronavirus-cyber-threat/
78% of Organizations Suffer Repeat Ransomware Attacks After Paying
I think that this is an important thing to highlight in the landscape of breaches and ransomware. If disaster recovery is not prioritized then not only do you risk falling victim to attacks such as ransomware. Even if you get your data back, if you have to pay in order to do so and do not learn from the experience then you identify yourself as a future target. Why would bad actors go after a new target when they can go after an org that not only doesn’t seem to be learning their lesson, but also keeps paying them
https://www.infosecurity-magazine.com/news/orgs-repeat-ransomware-paying/
SEC Charges Four Companies With Misleading Cyber Disclosures
This press release from the Securities and Exchange Commission (SEC) details the fine levied against 4 technology companies in connection to the SolarWinds hack that occurred in 2020.
Unisys, Avaya, Mimecast, and Check Point were accused by the SEC for making misleading statements to the general public and investors regarding the extent of the intrusions by the SolarWinds hack.
The SolarWinds hack was a compromise in the Orion platform created by SolarWinds to monitor infrastructure and enterprise networks. The platform was compromised which gave threat actors backdoor access to the systems and information of thousands of SolarWinds’ customers including local, state, and federal agencies.
These 4 companies allegedly intentionally downplayed the extent of the attacks on their systems to investors in which the commission believed deprived investors of full knowledge on the extent of the incident. The SEC further alleged that these companies disclosed the risk and impact of the breach as hypothetical even though gigabytes of data was exfiltrated from each of these organizations.
Each company was fined between $990,000 and $4,000,000 in civil penalties with Unisys being fined the highest penalty. Each of these companies agreed to settle the charges and desist from making similar false claims to investors.
Sources:
https://www.sec.gov/newsroom/press-releases/2024-174
https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know
A shocking number of IT bosses are turning off security controls
This article discusses a recent study conducted by Arctic Wolf, which revealed that many IT leaders have admitted to disabling security controls and reusing system passwords. Despite this, around 80% of these leaders are confident their employees wouldn’t fall for phishing attacks, even though 64% of the leaders have fallen victim themselves. In reality, 83% of employees have been caught by phishing attempts, as shown by their clicks on phishing simulation links
The article also mentioned that overconfidence could leave companies vulnerable, and firms need robust cybersecurity that requires an honest assessment of risks and vulnerabilities.
https://www.techradar.com/pro/a-shocking-number-of-it-bosses-are-turning-off-security-controls
Title: Radisson’s Country Inn & Suites hack claim, thousands reported breached
The Country Inn & Suites by Radisson hotel chain has reportedly been hit by the Everest ransomware group. The attack exposed sensitive information of thousands of guests, including credit card numbers, account usernames, and passwords. The ransomware gang claims to have stolen billing data, internal emails, booking details, and more. They have given the hotel group a 10-day deadline to negotiate before the data is published.
https://cybernews.com/news/country-inn-suites-radisson-choice-hotels-hacked-everest-ransomware/
Title: AI-Powered Attacks Flood Retail Websites
This article highlights the growing threat of AI-driven cyberattacks targeting retailers, especially during the busy holiday season. These attacks include business logic abuse, DDoS attacks, bad bots, and API violations. AI tools and specialized bots are being used by cybercriminals to exploit vulnerabilities in systems, which increases the complexity and volume of attacks. The rise of AI-driven attacks requires a thorough BIA to understand which business processes are most at risk. AI-driven attacks can cause prolonged downtime or data breaches, so a well-prepared DRP helps ensure that systems can be restored, operations resumed, and data recovered in the shortest time possible. AI-driven threats emphasize the need for robust BCM strategies to ensure retailers maintain operations, minimizing customer impact and financial loss.
Source: https://www.infosecurity-magazine.com/news/aipowered-attacks-flood-retail/