Cyber Wellness Guide – Bringing risks to life

Take a look at how cyber security risk can affect your building with two scenarios drawn directly from real world incidents.

Scenario 1: Using data for extortion

An individual at ABC company received what appeared to be a standard PDF invoice by email from a trusted third-party supplier. This file however was malicious and simply disguised as an invoice by attackers. Once the payment was executed, the attackers gained access to the user’s machine. Local administrative credentials and user credentials were then harvested and used within the network environment. Since all backups were online and accessible, the attackers deleted all active backups and disabled the system.

A subsequent ransomware and file encryption campaign began at 3:00 a.m. on a Saturday evening and affected every single workstation and server in the environment. The IT provider was brought in to troubleshoot the issue only after the staff could no longer gain access.

Unfortunately, upon review, file and system image restoration was not possible due to lack of backups. A ransom screen appeared on all the workstations and servers and indicated that the entire organization had been compromised. The company panicked since they did not have an incident response plan, and reached out to a local cyber security firm for help. The organization would have to pay a six-figure ransom in order to get key systems back online so that their services would not grind to a halt. The cost and loss in business was severe, and now the company is developing better safeguards, creating an incident response plan and conducting user training on cyber security.

Scenario 2: Breach of information through an HVAC contractor

A major retailer faced a large-scale breach. When a third-party HVAC vendor plugged in his system at one of their retail locations to deal with routine maintenance work, hackers, who had gained access to his system, were then able to gain access to the retailer’s systems. Without adequate separation of network systems and information at the retailer, they were able to extend their access into the payment systems where card information of customers was stored. The retailer was not able to detect the breach and hence could not respond to it, until millions of people’s credit cards and information were compromised.

Multiple levels of failures occurred, including the level of access allowed to individuals and vendors, lack of separation between the different systems and segregation of critical information, and an inability to adequately detect or escalate unusual patterns.

After facing lawsuits, it has been widely reported that the retailer paid settlements in excess of US$18 million. This excludes their costs for litigation, curtailing the damage and recovery, not to mention loss of reputation and trust, which is estimated to have cost the retailer in excess of a hundred million dollars.

To download the complete BOMA Canada Cyber Wellness Guide click here

Related Blogs

Posted by Natalie Rekai | Monday January 23rd, 2023
BOMA Canada, BOMA International Join Forces to Launch New Certification Program in U.S.
BOMA Canada, BOMA International Join Forces to Launch New Certification Program in U.S. (SCOTTSDALE, Ariz.—January 21, 2023) The Building Owners and Managers Association (BOMA) International and BOMA Canada signed a...
Posted by Natalie Rekai | Tuesday December 20th, 2022
BOMA 360
New for the 2023 awards cycle, all TOBY Award entrants at the National and International levels require BOMA 360 designation.
Posted by Natalie Rekai | Tuesday December 20th, 2022
2022 Yearbook
We’ve put together some of the highlights in our annual yearbook. Enjoy!