Take a look at how cyber security risk can affect your building with two scenarios drawn directly from real world incidents.
Scenario 1: Using data for extortion
An individual at ABC company received what appeared to be a standard PDF invoice by email from a trusted third-party supplier. This file however was malicious and simply disguised as an invoice by attackers. Once the payment was executed, the attackers gained access to the user’s machine. Local administrative credentials and user credentials were then harvested and used within the network environment. Since all backups were online and accessible, the attackers deleted all active backups and disabled the system.
A subsequent ransomware and file encryption campaign began at 3:00 a.m. on a Saturday evening and affected every single workstation and server in the environment. The IT provider was brought in to troubleshoot the issue only after the staff could no longer gain access.
Unfortunately, upon review, file and system image restoration was not possible due to lack of backups. A ransom screen appeared on all the workstations and servers and indicated that the entire organization had been compromised. The company panicked since they did not have an incident response plan, and reached out to a local cyber security firm for help. The organization would have to pay a six-figure ransom in order to get key systems back online so that their services would not grind to a halt. The cost and loss in business was severe, and now the company is developing better safeguards, creating an incident response plan and conducting user training on cyber security.
Scenario 2: Breach of information through an HVAC contractor
A major retailer faced a large-scale breach. When a third-party HVAC vendor plugged in his system at one of their retail locations to deal with routine maintenance work, hackers, who had gained access to his system, were then able to gain access to the retailer’s systems. Without adequate separation of network systems and information at the retailer, they were able to extend their access into the payment systems where card information of customers was stored. The retailer was not able to detect the breach and hence could not respond to it, until millions of people’s credit cards and information were compromised.
Multiple levels of failures occurred, including the level of access allowed to individuals and vendors, lack of separation between the different systems and segregation of critical information, and an inability to adequately detect or escalate unusual patterns.
After facing lawsuits, it has been widely reported that the retailer paid settlements in excess of US$18 million. This excludes their costs for litigation, curtailing the damage and recovery, not to mention loss of reputation and trust, which is estimated to have cost the retailer in excess of a hundred million dollars.
